This Privacy Policy applies to all services offered by Dsure (Internet Insurance Broker Co. Ltd. and Bjak Thailand Co. Ltd.) (the “Company”, “Dsure.com”, “we”, “us”, or “our”) and the insurance products offered through our website at Dsure.com. We understand the importance of protecting your personal data and privacy. This Privacy Policy outlines how we collect, use, and disclose your personal information. Please read this Privacy Policy carefully to understand our practices. By using our website, you consent to the collection and use of your personal data as described herein.

1. Personal Data We Collect

For the purposes of this Privacy Policy, "Personal Data" refers to any identifiable information about you. The specific types of data we collect may vary depending on your interactions with us and the services or products you require. The following are examples of Personal Data that we may collect:

• Personal details: Name, gender, age, date of birth, marital status, Identification information (e.g., identification card number, driver’s license number or passport number), details of your vehicle, previous or current insurance, driving history and any other personal data regarding insurance products which is necessary for us to provide suitable products or services, or to comply with applicable law.
• Contact details: Address, delivery detail, phone number, email, and social media account – LINE, Facebook, Instagram and TikTok.
• Account details: Bank account details, customer ID, and payment details.
• Transaction details: Information related to insurance policies, claims, payments, and other transactional activities.
• Behavioral details: Information about your usage patterns, preferences, and interactions with our website.
• Technical details: Internet Protocol (IP) address, device information, browsing history, and other technical data collected through cookies or similar technologies.
• Relationship management details: Records of communication, service complaints, resolutions, and customer support interactions.
• Profile details: Username, password, purchase history, order details, and participation in loyalty programs or promotions.
• Services details: Information related to insurance services, complaints, incidents, and legal actions.
• Usage details: Information about your utilization of our website and services.
• Marketing and communication details: Preferences for receiving marketing communications and your communication preferences.
• Sensitive Personal Data: Sensitive personal data, such as information from government-issued cards, complaints, claims, incidents, legal proceedings, insurance-related data, biometric data, and health data.

If you purchase products or services from our business partners, we may collect your personal data for sale tracking and service improvement. Please note that we do not intentionally collect sensitive personal data unless required by law or with your explicit consent. We only collect your Personal Data with your consent or as allowed by the PDPA. Consent is explicitly requested when purchasing an insurance policy.

If you provide another person's Personal Data, you must ensure that you have informed them of this Privacy Policy. For Sensitive Personal Data, you must obtain their consent before disclosing it to us.

2. Purposes of Collection, Use, and Disclosure of Personal Data

We collect, use, and disclose personal data for the following purposes:

2.1 Consent-based Purposes

We rely on your consent to collect, use, and disclose personal data for the following purposes:

2.1.1 Marketing and Communications: We may use your personal data to provide marketing communications, information, special offers, promotional materials, tele-marketing, advertisements, newsletters, and other marketing and communication materials about our products and services, as well as those offered by our partners and affiliates. We may also collect sensitive data, such as health data, to analyze and conduct personalized marketing.

2.1.2 Data Analytics Services: We may collect personal data for data analytics services.

2.1.3 Other Businesses: We may collect personal data for other businesses, including digital marketing, banking and financial services, reward and loyalty programs, insurance, telecommunications, asset management, investment, retail, and e-commerce.

2.1.4 Sensitive Data: We may collect sensitive data, such as information from government-issued cards, to authenticate and verify your identity, as well as other sensitive data related to insurance products or services for registration and enabling the use of our services.

Please note that withdrawing consent for the collection, use, and/or disclosure of sensitive data may result in our inability to provide certain services to you.

2.2 Other Legal Grounds

We may also collect, use, and disclose personal data based on other legal grounds, including (1) Contract Basis: We may collect, use, and disclose personal data to initiate or fulfill a contract with you. (2) Legal Obligation: We may collect, use, and disclose personal data to fulfill our legal obligations. (3) Legitimate Interest: We may collect, use, and disclose personal data based on our legitimate interests and the legitimate interests of third parties. We will balance these interests with your rights and freedoms. (4) Public Interest: We may collect, use, and disclose personal data for tasks carried out in the public interest or exercising official authorities required by law. (5) Vital Interest: We may collect, use, and disclose personal data to prevent or suppress a danger to a person's life, body, or health. Relying on the context of our interactions, we may collect, use, and disclose personal data for the following purposes:

• Providing products and services
• Marketing communications
• Promotions, loyalty programs, and offers
• Contacting and communicating with you
• Managing our relationship
• Data cleansing, profiling, and analytics
• Tailoring products and services
• Improving business operations, products, and services
• Learning more about our customers
• Managing IT systems
• Regulatory and compliance obligations
• Protecting our interests
• Detecting, preventing, and suppressing fraud or illegal actions
• Transfer in the event of a merger or similar event
• Risk management
• Protecting life

Failure to provide Personal Data, whether for comparing insurance quotes, providing quotations, or any other relevant services, will result in our inability to serve you. Additionally, if the law mandates the processing of your Personal Data, its collection becomes compulsory.

3. Disclosure or Transfer of Personal Data

We may disclose and/or transfer Personal Data to the following third parties in accordance with the purposes outlined in this Privacy Policy. These third parties may be located within or outside of Thailand.

3.1 Companies under Dsure’s Ecosystem

As part of our collaboration and shared customer services and systems, including website-related services and systems, we may need to transfer your Personal Data to Companies under Dsure’s Ecosystem, Companies under Bjak (Thailand) Co., Ltd., affiliates and subsidiaries. These entities will rely on the consent obtained by us to use your Personal Data.

3.2 Our service providers

We engage various service providers to perform services on our behalf, such as infrastructure management, software development, logistics, data storage, marketing research, payment transaction, and customer support. These service providers may have access to your Personal Data, when necessary, to perform their services. We ensure they maintain the security of your Personal Data.

3.3 Our business partners

We may share your Personal Data with our business partners, including digital marketing providers, financial institutions, insurance providers, healthcare providers, telecommunications companies, and professional experts. These partners assist us in operating our business and providing services, and they are required to handle your Personal Data in accordance with this Privacy Policy.

3.4 Social networking sites

If you choose to log in to our sites or platforms using your social network accounts, we may access and store certain public data from your social network accounts. Additionally, we may share your email address with social networks for personalized advertising purposes, subject to your social network privacy settings.

We also collaborate with selected third parties that offer services or promotions. When you use these services or promotions, we may disclose your Personal Data to these third parties. Please note that the data shared will be governed by the third party’s privacy policy, not our Privacy Policy.

3.5 Third parties permitted by law

We may be required to disclose Personal Data to comply with legal or regulatory obligations. This includes sharing information with law enforcement agencies, courts, regulators, government authorities, and other third parties to protect our rights, and individuals' safety, or otherwise address fraud, security or safety issues.

3.6 Professional advisors

We may disclose Personal Data to our expert advisors, such as independent advisors, legal advisors, and auditors, who assist us in our business operations, provide legal services, or perform financial audits.

3.7 Other third parties related to insurance products or services

For the purposes specified in this Privacy Policy, we may disclose your Personal Data to other third parties related to our insurance products or services, including beneficiaries and industry associations.

3.8 Third parties concerning business transfer

In the event of a business reorganization, merger, acquisition, or similar event involving the transfer of our business, assets, or stock, we may disclose or transfer Personal Data to our business partners, investors, or transferees. The receiving party will adhere to this Privacy Policy to protect Personal Data.

3.9 Other third parties

We may be required to disclose Personal Data to other third parties in response to requests related to our CCTV records to comply with applicable laws or the purposes outlined in this Privacy Policy.

4. Disclosure of Personal Data to Overseas Parties

We may be required to disclose Personal Data to other third parties in response to requests related to our CCTV records to comply with applicable laws or the purposes outlined in this Privacy Policy.

We may share your Personal Data with certain parties, such as service providers and other third parties mentioned earlier, who are located outside of Thailand. In such cases, the disclosure of your Personal Data will adhere to the requirements outlined in the PDPA (Personal Data Protection Act). We take steps and measures to ensure that your Personal Data is securely transferred and stored in accordance with security measures.

5. Cookies and Data Collection

When you visit our websites, we may collect certain information automatically through tracking tools and cookies, including Google Tag Manager, Google Analytics, Facebook Pixel Analytics, Facebook Ad Manager, and Google Cloud. Cookies are used for analyzing trends, administering our websites, tracking user activity, and remembering user preferences. Some cookies are necessary for the proper functioning of the website, while others enhance user experience and remember settings.

You can control whether to cookies or not in most internet browsers. However, rejecting cookies may limit your access to certain features or domains of our websites.

6. Data Retention

We will retain your Personal Data only for the duration of our relationship, transactions, or the provision of our services, or as long as it is necessary or permitted by law for the purposes outlined in this Privacy Policy. However, if permitted by law, we may retain your Personal Data beyond this period. When we no longer have a legal basis to retain your Personal Data, we will take appropriate measures to delete or destroy it as required by law.

7. Data Security

We will take reasonable precautions to protect Personal Data in our possession to maintain appropriate security measures against any unlawful use, unauthorised access, modification or disclosure, including administrative, technical, and physical safeguards. These measures ensure the confidentiality, integrity, and availability of Personal Data, preventing accidental or unauthorized loss, alteration, disclosure, or access, in compliance with applicable laws.

We utilize an accredited payment service provider to securely process all payments made throughout our website. This service provider is obligated to safeguard your Personal Data on our behalf.

While we take reasonable measures to protect your Personal Data, we cannot guarantee the absolute security of information transmitted over the Internet that is done at your own risk. However, once we receive your data, we will employ appropriate measures to ensure its security.

8. Data Subject Rights

8.1 WIthdraw Consent

You have the right to withdraw your consent at any time, except as otherwise required by law. The withdrawal of consent does not affect the lawfulness of data processing conducted prior to the withdrawal. Please note that withdrawing consent does not impact our ability to collect, use, and disclose personal information as required by applicable laws.

8.2 Deletion

You have the right to request the deletion, destruction, or anonymization of your Personal Data under our control. We will fulfill such requests in accordance with the limitations and requirements outlined in the PDPA. Upon receiving a duly submitted request, we will process it within 60 days, unless otherwise specified by law. We will also inform you of any legal consequences that may affect your rights and obligations if we comply with your request.

8.3 Portability Consent

You have the right to request the portability of your Personal Data in a readable format to another Data Controller, subject to exceptions as stipulated by law.

8.4 Objection

You have the right to object to the collection, use, and/or disclosure of your Personal Data, or the suspension of its use, except as required by applicable laws.

8.5 Restriction

You have the right to request a restriction on the use of your Personal Data if you believe the data to be inaccurate; assuming our collection, use, and/or disclosure of the data is unlawful, or if the data is no longer needed for a specific purpose.

8.6 Access

You have the right to request access to and obtain a copy of your Personal Data held by the Company. Such requests will be processed within a minimum of 30 days unless otherwise specified by law. A reasonable fee may apply for access to your Personal Data.

8.7 Rectification

You have the right to request that the Company maintains the accuracy, completeness, and currency of your Personal Data. The Company will take appropriate measures in its operations to ensure the accuracy, completeness, and currency of your Personal Data.

8.8 Lodge a complaint

You have the right to lodge a complaint to the competent authority if you believe that our collection, use, and/or disclosure of your Personal Data is unlawful or non-compliant with applicable data protection laws.

In addition to the mentioned Data Subject Rights, you have the right to file complaints with the Expert Committee established under the PDPA.

9. Authorized LInks

This Privacy Policy applies to our websites and authorized links to this Privacy Policy. When accessing third-party websites through our links, please note that we have no control over these sites and they are not governed by our privacy standards. We recommend reviewing the privacy policy and security statements of these third-party websites/companies. We are not responsible for any loss or damage resulting from your use of these websites.

10. How to Contact Us

Effective from 26 June 2023 onwards.