Good Corporate Governance


Privacy Policy
Bangkok Life Assurance Public Company Limited

With strong determination to safeguard your personal data and its privacy, the Company has established and announced this privacy policy to make the Data Subject aware of the Company’s management of personal data and its practices which are as follows:


"Company" refers to Bangkok Life Assurance Public Company Limited and/or a subsidiary.
"Subsidiary" refers to an organization in which the Company holds more than 50% of the total voting shares.
"Data Subject" refers to the insured, the applicant, the beneficiary, the applicant of the services via all channels of the Company or a legitimate representative or a governor of the insured or the applicant (whichever applies), directors, executives, employees and related persons as per the rights of the Company, agents and financial advisors, insurance brokers, investment advisors, and any related person who contacts, applies for services and has legal relations or interaction with the Company or its personnel or agents.
"Personal Data" refers to any information that identifies a person both directly and indirectly, but does not include the information of the deceased i.e., first name, surname, sex, race, nationality, religion, age, date of birth, identification number/ taxpayer identification number, passport, bank account number, credit/debit card number, address, financial information, health information and/or any other information required by law etc.
"Sensitive Data" refers to Personal Data regarding race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal record, health information, disability, labor union information, genetic information, biometric data, financial information, bank account number, credit card number, taxpayer identification or any other information which has a similar impact on the Data Subject.
"Biometric Data" refers to personal data resulting from technical or technological processing relating to the dominant physical, physiological, or behavioral characteristics of a natural person, which allows or confirms the unique identification of that natural person, such as facial simulated data, iris simulation data or fingerprint data.
"Public Data" refers to personal data which the Data Subject discloses to the public such as a social media profile, social media credential i.e., Facebook, Twitter, and Line to connect to or access any service of the Company such as social media account ID, interests, likes, and the friend list of the Data Subject, the privacy of which can be managed by settings on online social media provided to the user of the mentioned online social media.
"Application" refers to a program or a set of instructions used to control the operation of a mobile computer and any connecting devices to follow the commands or respond to the needs of the user of the application and must have what is referred to as a User Interface or UI as a conduit for functions.
"IP Address" refers to numerical label assigned to each type of device i.e., a computer or a printer in a computer network that uses Internet Protocol for communication.
"Cookies" refers to a small amount of data (text file) which will be recorded onto your computer or electronic device. When you visit a website, Cookies will remember your website data. The Company will also use the term Cookies to refer to other technologies which have similar functions.

Privacy Policy

The Company recognizes and prioritizes the rights and privacy of the Data Subject and will implement stringent measures to maintain security and confidentiality as well as prevention against the use of Personal Data without permission of the Data Subject. The Company will fulfill the purposes and consent which the Data Subject given to the company regarding the collection, usage, or disclosure of such information in compliance with the law and in line with the international standard.

  1. Objectives
    The Company has the objectives to collect, use and disclose the Personal Data as follows:
    1. to provide service, improve products and services of the Company, conduct underwriting process, financial planning, administer insurance policies include providing other services or products that may be launched in the future as well as supervise, maintain and operate any action related to the aforementioned service;
    2. to operate transactions relevant to the products or services of the Company i.e., insurance premium payment or claim request of the Data Subject both as the owner, as the rightful representative or as a governor of the insured (whichever applies);
    3. to manage the relationship between the Company and the Data Subject;
    4. to confirm and/or identify the Data Subject for accessing or using the service on platforms or communications with the Company;
    5. to communicate, notify and/or informed news and updates from the Company;
    6. to fulfill the purpose for which the Data Subject has informed the Company;
    7. to propose privileges and/or services of the Company i.e., suggestions and/or proposals of products and services as well as marketing promotions and transactions related to the services of the Company;
    8. to conduct the Company’s businesses such as data analysis, audit, new product development, enhancement or change of service, monitoring and analyzing service usage, conducting a survey to organize promotional campaigns, considering the Company’s transactions and business expansion;
    9. to conduct operations necessary and suitable for
      1. auditing and preventing any action that does or may violate the law;
      2. responding to requests from government authorities including government authorities and states outside your country of residence;
      3. enforcing the Company’s terms of service and personal data policies;
      4. protecting the Company’s business operations;
      5. protecting personal rights, safety and assets of the Company, its personnel, the Data Subject and others;
      6. relieve, prevent or limit the damage which may be sustained;
    10. to comply with the law, investigations of authorities or regulator and to comply with the rules, regulations or obligations as required by the government entities;

    The Data Subject will be notified in case their Personal Data are requested by the Company for other purposes which are not mentioned above.

    The Company shall collect, use or disclose your Personal Data for the objectives stated in Clause 1 only when:

    1. your consent has been granted to the company by law;
    2. it is necessary to comply with contracts in which you are a counterparty or for proceeding your request before entering the contracts;
    3. it is for preventing or suppressing danger to life, body or health of individuals;
    4. it is necessary for the Company to perform duties for public interests or exercise legal authority given by the government entities;
    5. it is necessary for the legitimate interests of the Company or of individuals or juristic persons save with such interests are of lower value than the basic rights of your data.
    6. it is necessary for complying with the law;
    7. historical records, chronicles, research or statistics are created for the public benefits and the Company will implement suitable preventive measures to protect your rights and freedom.

  2. Personal Data Collection
    The Company will collect the personal data which the Data Subject has given to the Company or the Personal Data which the Company received from its services or operations from all channels including those listed below:
    1. Data from your Applications or other forms during applying for an insurance or any other service of the Company such as name, surname, identification number or other identity card number, phone number, date of birth, gender, address, email, financial and health data;
    2. Data from your application for a membership, or creating an account for which a profile with details of Personal Data given to the Company is created in order to use the service through service channels of the Company such as mobile Applications and/or the Company’s website i.e., BLA Happy Life Club, online account or application account serviced by the Company as well as Personal Data given for signing up such as participating in an activity and/or contact the Company via website or other channels as specified by the Company;
    3. Data that you provide to the Company to receive news, complete a survey or the records of your participation in activities such as satisfaction, interests or consuming behaviours etc.;
    4. Data about your transactions with the Company or its Subsidiary or others such as job application, Applications for life insurance agent, broker, financial advisor, investment advisor, bidding, quotation proposal, the insured’s data, policy data and coverage, premiums, data from policy data change or correction, payment history which includes credit or debit card information, bank account number or banking or payment information including dates and time of payment. This depends on your types of the transactions made by the Data Subject;
    5. Data from your visits to the Company’s website, other websites of its Subsidiary or Applications operated by the Company, use of social media and online interactions with advertisements of the Company such as browser type and version, type of terminal device that you use to access the services such as personal computer, laptop or smartphone, operating system and platform, IP address of your terminal equipment or device, location and data about the services and products viewed or searched by the Data Subject;
    6. Data records from the contact between the Company and the Data Subject in the forms of customer notes, satisfaction survey, research and statistics or call recordings or image recordings through CCTV when the Data Subject contacts the Company’s customer service center as well as data shared via researched media such as SMS, social media Applications or emails etc.;
    7. Data from social media profile when the Data Subject uses social media credentials such as Facebook, Twitter and Line to log in or to access any service of the Company such as social media account ID, interests, likes and friend list of the Data Subject who may control this privacy option provided by the social media service provider in the media account setting;
  3. How to collect Data
    The Company collects and gathers Personal Data in the following ways:
    1. Personal Data received directly from the Data Subject such as details in insurance application form, a request form to change the details in the policy, information from signing up for BLA Happy Life Club;
    2. Personal Data obtained from a Subsidiary;
    3. Personal Data obtained from third parties such as life insurance agents or brokers, financial advisors, investment advisors, business partners and financial institutions;
    4. Personal Data obtained from visits to websites i.e., name of the internet service provider, IP address via internet access and the address of the website which is connected to the Company’s website;
    5. Personal Data obtained from public records and non-public records which the company has legitimate permission to collect and gather;
    6. Personal Data obtained from government authorities and regulatory bodies who exercise legal authority.
  4. Retention Period and Storage Location of Personal Data
    The Company shall retain Personal Data only as long as necessary, considering the purposes and necessities for which the Company must collect and process. This includes compliance with applicable laws regarding insurance. The Company shall store Personal Data for a certain period after the policy lapses and in line with the duration and period of applicable laws. The Company will store Personal Data in a suitable location based on the type of the Personal Data. The Company needs to continue to retain Personal Data even though it may exceed the period of the applicable laws i.e., submitting maturity money to life insurance funds or while being in a legal process etc.
  5. Disclosure and Transfer of Personal Data
    1. Disclosure of Personal Data
      The Company shall disclose Personal Data to third parties and/or organizations only in the following cases:
      1. authorized insurance intermediaries i.e., agents, life insurance brokers, financial advisors, and investment advisors to offer products and services of the Company;
      2. business partners, subsidiaries and/or third-party service providers in order to offer services, privileges and other benefits of the Company to Personal Data Subject as well as to develop and enhance the products or the services of the Company such as data analysis, data processing, credit card processing, IT services and relevant infrastructure provisioning, customer service platform development, email/SMS delivery, website development, mobile application development, reinsurance, satisfaction survey and research, customer relationship management whereby a contract to maintain confidentiality of the Personal Data. In case of juristic persons, acceptable standard of Personal Data protection is required;
      3. government entities, the government or any legal entities to comply with the laws, the orders, the requests or otherwise cooperating with authorities pursuant to a legal compliance matter;
    2. Transfer, Transmission and/or Sending Personal Data to a Foreign Country
      In the event where the Company transfers, transmit and/or send data to a foreign country, the Company shall formulate agreements and/or business contracts with entities or organizations that will receive such Personal Data to have acceptable Personal Data protection standards and in accordance with relevant laws to assure that the Personal Data will be safely protected.

      The Company shall transfer, transmit and/or send Personal Data to a foreign country under specific circumstances, examples of which are as follows:
      1. applying for reinsurance with a reinsurer overseas;
      2. the Company is bound by necessity to store and/or transfer and transmit Personal Data for storage purposes;
      3. Cloud processing by provider with international standard of security where the Personal Data will be retained by encryption or other means which cannot identify the Data Subject.

    The Data Subject may find the list of life insurance agents and life insurance brokers whose Personal Data will be disclosed at The names on the list may increase or decrease, and the Company will constantly keep the list up to date.

  6. Use of Sensitive Data
    For offering products or services of the Company and for the purposes of Personal Data collection in some cases, the Company needs to collect Sensitive Data such as Personal Data regarding racial or ethnic origin, religious or philosophical beliefs, sexual behavior, disability, information about labour union, genetic data, Biometric Data and health data etc. In such cases, the Company shall notify and request for consent from the Data Subject to use Sensitive Data for the purpose of Personal Data use of the Company and for legal compliance.
  7. Use of Personal Data for Marketing Purposes

    In addition to the aforementioned purposes and as permitted by law, the Company will use Personal Data for marketing purposes i.e., sending promotional materials via mail, email and other means as well as conducting direct marketing to increase the benefits which the Data Subject will receive from being the Company’s customer through introduction of products and services.

    You may choose to not receive the communications for the marketing purposes except the communications which are relevant and necessary for insurance policies and/or services which the Company provide such as premium payment reminder and premium payment receipt etc.

  8. Privacy and Confidentiality of Personal Data

    In order to assure you of the prevention against illegitimate access, amendment, leakage and loss of Personal Data, the Company creates awareness on information technology security as well as complies with the applicable regulatory standards and laws to guarantee information technology security and business contingency procedures.

    The Company establishes measures to protect the privacy of the Personal Data Subject by restricting the access to Personal Data to only individuals who need to use such data to offer insurance products, financial products and services including employees, life insurance agents or brokers, financial advisors, investment advisors of the Company. The individuals permitted by the Company to access Personal Data are obliged to strictly adhere to and comply with the measures for Personal Data protection, as well as maintaining the confidentiality of such Personal Data. The Company has both physical and electronic preventive measures which are compliant to the regulatory standards enforced to protect Personal Data.

    When the Company makes contracts or agreements with third parties, the Company imposes appropriate security and confidentiality obligations towards Personal Data on them to ensure the security of the Personal Data in possession of the Company.

  9. Rights of Data Subject
    The Data Subject is entitled to the following rights:
    1. the right to be informed about the existence, the type of Personal Data and the Company’s purposes of Personal Data use;
    2. the right to access and request a copy of Personal Data which is under the responsibility of the Company where appropriate identity verification procedure shall apply;
    3. the right to request the Company to make corrections, amendments or changes Personal Data to be up to date, complete and not causing misunderstanding;
    4. the right to object to collect, use or disclosure Personal Data including the right to object any Personal Data processing;
    5. the right to request temporary suppression of use or disclosure of Personal Data;
    6. the right to request erasure, destruction or anonymization of Personal Data;
    7. the right to request disclosure of Personal Data acquisition in case that consent had not been granted to collect such data;
    8. the right to revoke consent given to the Company to collect, use or disclose Personal Data. The revocation of consent does not impact the collection, use and Personal Data disclosure for which the consent had been given.

    The Company has determined the contact channels for you to exercise your rights based on the details in Clause 13. The Company will process and consider your request within 30 days starting from the date of receiving the request. Nevertheless, the Company remain the rights not to fulfil such rights of the Data Subject under the provisions of the law or insurance contracts made with the Company in the event that such events will cause the Data Subject to lose the rights or benefits according to an insurance policy.

    The erasure, destruction or any action which anonymizes Personal Data or the revocation of consent from the Data Subject may be done under the provisions of the law and insurance contracts only. Exercising such rights may impact compliance with insurance contracts or any other service due to the inability to identify the Data Subject. Thus, there may be limitations to services which require Personal Data and may prevent the Data Subject from receiving the benefits, services, or news from the Company.

  10. Use of Cookies and Connection to Other Websites or Applications
    1. Use of Cookies
      The Company uses Cookies to enhance user experience on the Company’s website visits and to increase efficiency in presenting data and content by storing your usage data to improve and control the performance of the website and/or Applications. Cookies do not cause damage to the user’s devices and their content will be retrieved for use only by the website which creates such Cookies. The user can configure the browser to turn off the Cookies function and to delete all Cookies stored in a device at any time. The Cookies data stored are anonymized.
    2. Connection to Other Websites or Applications
      The Company’s website or Applications may be redirected to third-party websites or Applications which may have Personal Data protection policy different to that of the Company. The Data Subject shall study the Personal Data protection of such website in order to understand the details of Personal Data protection and to make a decision regarding Personal Data disclosure. The Company will not be held responsible for the content, policy, damage or any action performed by the third-party websites or Applications.
      You may study the details and the configurations of Cookies at Cookies Policy.
  11. Data Protection Officer

    The Company has appointed Data Protection Officer to investigate any operations related to collect, use or disclosure of Personal Data to be pursuant to the Personal Data Protection Act B.E. 2562 and the policies, regulations, announcements, orders issued by the Company as well as to coordinate and cooperate with Personal Data Protection Commission.

  12. Questions regarding Personal Data Privacy

    If you have questions or concerns regarding this Privacy Policy or the management of your data, you may reach us via the following contact channels:

    Data Protection Officer Head of Compliance
    Phone 02 777 8861
  13. Contact the Company

    If you have enquiries about the privacy policy, the personal data that the Company collects or wish to exercise any of your legal rights pursuant to the Personal Data Protection Act according to Clause 9, you may contact the Company via the following channels:

    Company Name Bangkok Life Assurance Public Company Limited
    Address 1415 Krungthep-Nonthaburi Rd. Wongsawang, Bangsue, Bangkok 10800
    Company Website
    Call Center 02 777 8888
  14. Contact the Authorities

    If you wish to report complaints, concerns or not satisfied with the response of the Company regarding your concerns, you can contact and/or file complaints to the Personal Data Protection Commission.

  15. Changes to Privacy Policy

    The Company reserves the rights to revise, change or amend this Privacy Policy in the future under the provisions of the law. Any update of this policy will be announced via the Company’s website at Privacy Policy.


Please use the contact form below.
We'll get back to you as quickly as possible.