Privacy Policy

Privacy Policy

Personal Data Protection Policy for Customers and Prospects

LMG Insurance Public Company Limited (“Company”) recognizes the privacy rights and responsibilities of the Company in relation to the collection, use, and disclosure (“Processing”) of your personal data. The Company, therefore, provides this personal data protection policy (“Policy”) to notify certain information about the Processing of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”) as detailed below.

1. Definitions

Personal Data” refers to any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.

Sensitive Personal Data” refers to any information as specified in Section 26 of the Personal Data Protection Act and its amendments, which may be amended from time to time, laws and other applicable rules and regulations, as well as any other Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect the data subject in the same manner.

Personal Data Protection Act” refers to the Personal Data Protection Act B.E. 2562 together with other secondary legislations, notifications, or manuals enacted by virtue of the Personal Data Protection Act, as amended from time to time, as well as other laws pertaining to the personal data protection that come into effect and are issued by other regulatory agencies in Thailand.

Committee” refers to the Personal Data Protection Committee.


2. Categories of Personal Data Processed by the Company

In general, the Company shall process several categories of your Personal Data as necessary for operating activities based on its particular purpose. The Personal Data processed by the Company may involve the general Personal Data and other Sensitive Personal Data as follows:

2.1    Personal data, e.g., name, family name, age, date of birth, marital status, identification card number, passport number, etc.

2.2    Contact information, e.g., residence, workplace, telephone number, e-mail address, ID Line, etc.

2.3    Financial information, e.g., bank book number, credit card number, debit card number, credit card records, etc.

2.4    Transaction information, e.g., payment transaction, service request, etc.

2.5    Tool or device information, e.g., IP address, MAC address, Cookie, ID.

2.6    Asset information, e.g., vehicle registration number.

2.7    Information pertaining to your insurance contract, e.g., claim records.

2.8    Information about the use of the website.

2.9    Sensitive Personal Data, e.g., health records.

2.10  Other information, e.g., sound, still picture, motion picture, and any other information which deems the Personal Data under the Personal Data Protection Act.


The Personal Data specified above shall involve the Sensitive Personal Data, which shall be collected and processed by the Company in order to take account of the underwriting, entering into the insurance contract, compliance with the insurance contract, and provision of related services, as well as consideration for payment of claims, and provision of the related reinsurance for the sake of providing the coverage under the insurance contract or for taking legal actions. If you do not agree or deny to provide such Personal Data, the Company will not be able to enter into any contract, comply with the contract, or take any necessary actions required by law.


In case that the data subject is a minor or a person not of legal age (below the age of 20), the Company shall take some additional necessary actions as required by the Personal Data Protection Act. In addition, if necessary, your consent for the Personal Data Processing by Company must be obtained.


In case that you disclose the Personal Data belonged to other persons related to you to the Company such as Personal Data of family members, benefits payor, employer, or beneficiary, you agree that prior to your disclosure of the Personal Data belonged to the third parties to the Company, you have already taken all necessary actions to inform such related persons of details about the Personal Data Processing as specified herein or as required by law that the Company must obtain consent from such persons. You agree to help the Company obtain the consent for the lawful Personal Data Processing from such persons.


3. Procedure of Personal Data Collection

3.1    Personal Data you have given to the Company directly or given through the Company or which has existed with the Company deriving from your use of products and/or services, contact, visit, or searching via any digital channels, branches, website, call center, authorized person, or any other channels.

3.2    Personal Data which the Company has obtained or accessed to, not directly from you but from other sources, such as state agency, company in the financial business group, financial institution, financial service provider, business alliance, credit bureau company, and data service provider, etc. whereas the collection of Personal Data from other sources must conform to all conditions required by law. If necessary, the Company shall request for the consent for the Processing of your Personal Data as required by law.


4. Purposes of Personal Data Collection, Use, and/or Disclosure

The Company processes your Personal Data for different purposes as the case may be, which include the following circumstances:

4.1    To propose, procure, and do marketing activities relating to products/services of the Company and other companies related to the Company (“our Associated Companies”) or our business suppliers (see “Direct Marketing” below), and administrate, support, maintain, manage and operate such products/services, as well as the accounting policy and management via your mobile phone and internet.

4.2    To process and consider the insurance application, request for claim payment, and provide insurance services continuously.

4.3    To process the application for receipt of payments, approve the direct debit, and assess your financial need.

4.4    To manage, inspect, and analyze the request for claims, undertaking and/or any undertaking done by you or your opposite party or by any other matters relating to you, and to exercise the Company’s rights as defined, especially in terms appearing in any related insurance policy, including but not limited to the right in subrogation.

4.5    To gather statistics or use for accounting purposes.

4.6    To comply with requirements on disclosure of information under domestic or foreign laws, rules and regulations, obligations or practice guidelines which are binding the Company, the Parent Company, and Liberty Mutual Group of Companies.

4.7    To comply with any requests or lawful orders issued by court and regulatory agency, including but not limited to the Office of Insurance Commission, auditor, the Office of the Personal Data Protection Committee, Anti-Money Laundering Office (AMLO), other state-owned agencies or organizations, or other related enterprises related to the government which are binding Liberty Mutual Group of Companies.

4.8    To give approval to the Company’s assignee (either having been transferred or to be proposed for receipt of assignment) in order to assess the transactions relating to any works assigned.

4.9    To check the identity, and/or to analyze and inspect the credit and/or debt collection.

4.10  To carry out the examination for medical or health reference for any related insurance products.

4.11  To manage the information technology and business operation.

4.12  To retain the Company’s information technology security.

4.13  To detect and investigate unlawful activities, which include fraud, money laundering or funding for terrorism, whether such detection and investigation relate to the application or insurance policy of the Company or not.

4.14  To comply with legal obligations, rules and regulations, and other governance, as well as to respond to any requests from state agencies, government (including state agencies and governments out of the country you have resided) or to enhance the law enforcement, investigation by police, government, or other regulatory agencies in Thailand or other countries.

4.15  To monitor and assess the implementation of the business policy and standards established by the Company and Liberty Mutual Group of Companies.

4.16  To attain other lawful business purposes such as insurance survey activities, research and analysis, as well as the analysis of the Company’s customers and other persons whose Personal Data shall be analyzed to know their behavior, favor, and attention with aims at developing our new products, improving our services, analysis of the use of products/services, and acknowledgment for our users’ attention, which will be utilized for the Company’s business planning and business transaction operations (together with the joint venture and business disposal) and for any other lawful business purposes.

4.17  To form, exercise rights, or protect legal rights of members in Liberty Mutual Group of Companies.

4.18  To enable any financial institutions whose benefits dealing with you and/or products/services that you have with the Company, and to enable any authorized person/mortgagee (either having been authorized already or to be proposed for authorization) to assess the transactions you have with the Company subject to the purposes pertaining to such authorization/mortgage.

4.19  To facilitate any service provider engaged by the Company to take any actions relating to the aforesaid purposes, either such service dealing with the Company’s internal operation or dealing with you directly.

4.20  To provide services to the third persons and other services relating to the Company’s business operation.

4.21  For other related purposes directly dealing with either of the above purposes.

4.22  For other purposes not specified in this Personal Data Protection Policy. If the Company wants to process such Personal Data, it shall take any actions as prescribed in the Personal Data Protection Act. The Company may ask for your additional consent if necessary.


The Company may disclose your Personal Data to the third parties under your consent or criteria permitted by law. In this regard, a person or agency receiving such Personal Data must collect, use and/or disclose your Personal Data in accordance with your scope of consent or the related scope in this policy.


Please check to ensure that you provide your Personal Data completely and accurately to the Company, and also inform the Company of any changes of your Personal Data. Please be noted that if you fail to provide your Personal Data completely and accurately to the Company; this shall take effect to the Company’s services provided to you.


5. Purposes relating to Direct Marketing

Your Personal Data collected or stored by the Company may be used by the Company and/or Liberty Mutual Group of Companies in order to provide the marketing media service, and to carry out the direct marketing activities, including but not limited to the marketing promotion and sales of the Company and Liberty Mutual Group of Companies, or the co-branding insurance or services in connection with finance or investment by an electronic means or others relating to insurance and/or financial products and services of the Company, Liberty Mutual Group of Companies, and/or other financial service providers. This may include the use of your name, contact details, product details, portfolio details, transaction and behavior patterns, financial information, and demographic information arranged by the Company from time to time for its direct marketing, including but not limited to the reward offering, privilege offering relating to products or services which may be proposed by the Company, our associated companies, Liberty Mutual Group of Companies, our co-branding alliances, and our business alliances.


To carry out the matters mentioned above, the Company shall ask for your consent under the necessary scope and as required by law. Upon your consent to the Company and you, later, no longer want to receive such marketing communications, you may decide to withdraw your consent for collection, use, and/or disclosure of your Personal Data for purposes relating to the direct marketing by taking steps via any channels provided by the Company.


With no withdrawal of your consent, the Company shall continue collecting, using, and/or disclosing your Personal Data held by the Company so as to indicate that there is no request for withdrawing the collection, use, and/or disclosure of such Personal Data of the Company for this marketing purpose.


6. Disclosure of Personal Data

To perform actions in order to attain the purposes mentioned above, the Company may inevitably disclose the Personal Data to the third parties, either government agencies or other persons whereas such third parties may reside in Thailand or on abroad, which shall include the following persons:

6.1    Our Liberty Mutual Group of Companies: Other companies in Liberty Mutual Group may access to, and use the Personal Data pertaining to our business operation as appropriate in order to attain at least one of purposes described above.

6.2    Our Liberty Mutual Group of Companies or other companies which operate the business in connection with insurance or reinsurance or insurance intermediary.

6.3    Our service providers: External service providers, e.g., agent, contractor, third-party company or service provider who provides services relating to administration work, management, telecommunication system maintenance, computer system, payment, or other services to any companies being involved in the business operations of the Company and Liberty Mutual Group of Companies as service providers such as accountant, auditor, lawyer, and other external professional consultants, call center service provider, service provider for information technology system and management to support the information technology and service provider for security, cloud service provider, research and analysis service provider, claim inspector and assessor, and similar third-party service provider who helps us carry out our business activities.

6.4    Other third-party service providers which include the broker, employer, medical personnel, hospital, organization compiling information about claims and underwriting for insurance business, anti-corruption organization, other insurance companies, either directly or through the anti-corruption organization or other persons listed herein, policemen, and database or registrar used by the insurance industry to analyze and compare between the given information and the existing information (and persons acting on behalf of those agencies), legal advisor, persons with the duty of investigating the commission of an offence, lost adjuster, reinsurance company, medical and rehabilitation consultant, company giving help in emergency cases, group of physicians giving medical advice, surveyor, expert, mechanic, accountant, financial institution, and data processor, as well as lawful stakeholders under provisions of laws and/or beneficiaries specified in the insurance policy and/or any product and/or service you have with the Company.

6.5    Other third parties: These means the third parties in case of the restructuring, merger and acquisition, business disposal, joint venture, assignment, transfer or other disposal, either whole or part, of our businesses, assets, or shares (including the case of bankruptcy or the like) as well as the reinsurance company.

6.6    Credit Reference Agencies, e.g., credit bureau, financial institution, and, in case of defaults, these include the debt collection agencies or companies providing the service regarding right claims or investigation.

6.7    Any persons to whom the Company has been bound to disclose the Personal Data under requirements of any law binding the Company, or any related companies for purposes under rules and regulations, obligations, or practice guidelines issued by any state agency, regulatory agency, or other agencies that the Company must comply with.

6.8    Any persons to whom the Company must disclose the Personal Data under the court order with the judicial jurisdiction.

6.9    Any persons authorized by the Company, either having been authorized already or to be proposed for authorization, Liberty Mutual Group of Companies, or assignees of Liberty Mutual Group of Companies for matters relating to the policy holders.

6.10  The data centers of Liberty Mutual Group of Companies or Liberty Mutual Group of Companies located in the United States of America, either in case of being the owners of such servers or using the servers belonged to the third parties where Liberty Mutual Group of Companies shall control the Processing, collection, and/or back-up of data, Personal Data, data centers, and/or such servers/located in Thailand or other places in Asia, United States, Europe, and Latin America or other countries/territories as determined from time to time by Liberty Mutual Group of Companies.

6.11  Any risk service provider for a purpose of checking the customers’ status or of screening/preventing the money laundering.

6.12  Other companies/financial institutions, trade organizations or charity organizations where the Company takes care of their business reference or other preparations for marketing communications in case that the Company obtains consent from data subjects.

6.13  Service providers in respect with personalized marketing and intermediary for marketing communications in case that the Company obtains consent from data subjects.

6.14  To provide the service to the purchaser or offeror for purchase of the Company’s business or in case of the amalgamation, acquisition, or offering for sales to the public which can be disclosed to the purchaser or shareholder of Liberty Mutual Group of Companies.

6.15  To provide for any related organizations the maintenance, inspection, and development of the business system, process, and infrastructure, together with testing and upgrading our computer system.

6.16  To give to your representative and your legal advisor.

6.17  To disclose to other persons under your consent permitting the Company to disclose the Personal Data.

6.18  To disclose to the authorized service providers of other companies in order to provide our services to you in accordance with the above purposes for the use of the Personal Data.

6.19    As we believe it is necessary or appropriate: To be in line with the legal process in response to the requests from state authorities and government, together with state authorities and government out of the country where you have resided in order to be enforced under our terms and conditions, to protect our business operation, to protect us, your and/or other people’s rights in privacy, safety or properties, to detect and prevent corruption, and to enable us to alter or limit the damage to be remedied by us.


7. Delivery or Transfer of Personal Data to Other Countries

The Company may disclose, deliver, or transfer the Personal Data to Liberty Mutual Group of Companies, service providers, or third parties subject to the purposes explained above. Some of the associated companies, service providers, and third parties may be located in other countries and may not be under the law of Thailand. Your consent given to the Company for collection, use, and/or disclosure of your Personal Data implies your agreement for collection, use, processing, and delivery or transfer of such Personal Data in accordance with our privacy policy to the United States (where our head office is located) or other countries whereas the Company shall take every step as appropriate to ensure that your Personal Data is treated safely and conforms to our privacy policy.


However, in case that your Personal Data is disclosed or accessed by any person living outside Thailand as specified above, your Personal Data may not be protected like the case it is under the law of Thailand. If the destination country has no adequate standards, the Company shall take care of the delivery or transfer of such Personal Data as required by law, and shall also undertake to have certain measures on personal data protection as it deems necessary, appropriate, and relevant to the confidentiality measures; for example, having the confidentiality agreement with the data receiver in that country or in case that the data receiver is a company in the Group or the same business, the Company may take actions to make it have the personal data protection policy which is examined and approved by the authorized person in accordance with any related laws, and take actions to ensure that the delivery or transfer of such Personal Data to any company in the Group/same business on abroad shall be in conjunction with such personal data protection policy in place of performing actions as required by law.


8. Period of Storage of Personal Data

Your Personal Data shall be stored by the Company for a necessary period when you are the Company’s customer or have relationship with the Company or throughout a necessary period in order to attain the related purposes described herein. Your Personal Data may be further retained if required or permitted by law; for example, storage in accordance with law on money laundering prevention and suppression, storage for the verification in case of any dispute under the prescription as required by law for not more than 10 years.


In this regard, the Company shall delete or destroy your Personal Data or make it the anonymous data when it is no longer necessary or such storage period expires.


Rights of the Data Subject

You retain the rights by law. You are able to request for exercising your rights according to legal provisions and the policy defined at present or to be amended in the future, as well as any criteria defined by the Company. If you are not over 20 years of age, or are restricted from making juristic acts, you are able to exercise your rights through your parents, guardian, or authorized agent under the Personal Data Protection Act. The Data Subject shall also be entitled to proceed as follows:

9.1     Right to be aware of the existence, nature of the Personal Data, purposes of using the Personal Data by the Company.

9.2    Right to access to the Personal Data, and request to make a copy of such Personal Data whereas the Company shall establish some appropriate steps asking you to verify your identity with the Company first.

9.3    Right to alter or change the Personal Data to be accurate, up-to-date, complete, and not lead to any misunderstanding.

9.4    Right to object to the collection, use, or disclosure of the Personal Data relating to you, as well as the right to object to the processing of your Personal Data.

9.5    Right to temporarily suspend the use or disclosure of the Personal Data.

9.6    Right to request for erasure or destruction of the Personal Data, or to make it anonymous.

9.7    Right to request for disclosing the acquisition of the Personal Data in case the service user does not give consent for collection or storage.

9.8    Right to withdraw consent earlier given to the Company for collection, use, or disclosure of the Personal Data. However, such withdrawal of consent shall not impact the collection, use, or disclosure of the Personal Data belonged to the Data Subject having already given their consent already.

9.9    Right to request the Company to transfer your Personal Data in the readable format or general use by an automatic-function device to the other personal data controller, and to receive such data (in case the Company has made such Personal Data appear in that format).

9.10  Right to file a complaint to the Office of the Personal Data Protection Committee about the Company’s Processing of the Personal Data as stipulated by legal procedure.


Your exercise of rights mentioned above may be restricted by the Personal Data Protection Act, and, in some necessary circumstances, the Company may reject or be unable to proceed according to your application for exercising of rights described above; for example, compliance with law or court order for public interest; exercise of rights violating rights or liberty of other persons, etc. If the Company rejects your application, you will be informed of the reason(s) of such rejection.


10.    Personal Data Protection Officer

The Company appoints certain personal data protection officers to inspect any actions relating to the Processing of the Personal Data to ensure the compliance with the Personal Data Protection Act and the policy, rules, notifications, orders issued by the Company, and to coordinate and cooperate with the Office of the Personal Data Protection Committee.


11.    Contact Channel

For any questions about the personal data protection policy of the Company, Personal Data processed by the Company, or you may want to exercise your rights according to the Personal Data Protection Act, whichever may be, please contact the Company by the following details:


Personal Data Protection Officer


Telephone: 02-639-3992


12.    Amendment of the Personal Data Protection Policy

The Company reserves the right to improve, change or alter this personal data protection policy in the future under legal obligations. Any changes shall be notified via the Company’s website at