..:: PERSONAL DATA PROTECTION AND PROCESSING POLICY STATEMENT ::..

PERSONAL DATA PROTECTION AND PROCESSING POLICY STATEMENT

Corporate Policy

Details

We, Tokio Marine Insurance Vietnam Company Limited (hereinafter referred to as “TMIV” or “We”/” Us”), commit to protecting your privacy in accordance with relevant legislation & recognize the importance of the personal data you have entrusted to Us and believe that it is our responsibility to properly manage, protect and process your personal data in accordance with the applicable laws.

This personal data protection & processing policy statement is designed to assist you in understanding how We process the personal data you have provided to Us, as well as to assist you in making an informed decision before providing Us with any of your personal data by having you well understood on your rights and obligations in relation with the personal data processing.

If you, at any time, have any queries on this policy or any other queries in relation to how We may manage, protect and/or process your personal data, please do not hesitate to contact our Data Protection Officer (the “DPO”) at:

Via email: welisten@tokiomarine.com.vn

Via post: Data Protection Officer- Legal & Compliance Department

Tokio Marine Insurance Vietnam Company Limited

6^th Floor, Sun Red River Building,

23 Phan Chu Trinh, Hoan Kiem District, Hanoi, Vietnam

1. INTRODUCTION TO OUR PERSONAL DATA PROTECTION AND PROCESSING POLICY

When you provide your personal data voluntarily to Us or any of our authorized agents, brokers, employees, partners, service providers, and/or third parties to:

i. request information from Us pertaining to insurance proposal(s) or inquiry(ies); or
ii. enter into an insurance contract(s) with Us, or
iii. process a claim made by you under any insurance policy with Us;

By ticking the “Agree” box or choosing any acceptance option or accepting in any other proper form the transaction documents We sent you in writing or in other online/electronic platforms provided by Us, you shall confirm (i) to have been notified on the data processing as prescribed in this Statement, and (ii) to have been consented to the Processing of your personal data by Us or any of our authorized agents, brokers, re-insurers, employees, partners, service providers, and/or third parties for the purposes as stated in Section 2.

When your Personal Data is provided to Us by a third party, We shall use that information subject to the principles and understandings that such provision is consented to by you and/or such third party is lawfully authorized by you to provide such information.

When you provide personal data of another individual (s) to Us in order to arrange insurance contracts, you shall be deemed to undertake to have collected similar consent(s) from such individual(s) or from his/her/their legal representative(s) or guardian(s) (if such individual(s) is/are under 15 years old) for TMIV’s processing of personal data.

Types of Personal Data which you consent for the Personal Data Processing

Under this Policy Statement, Personal Data is defined to mean information in the form of symbols, letters, numbers, images, sounds, or equivalences in electronic forms associated with or used to identify a specific individual. Personal Data includes basic personal data and sensitive personal data as regulated under applicable laws, which may include but are not limited to full name, residence address, identification documents, gender, nationality, titles, information on labor relationships, photographs, video images, salary, medical history, medical record, etc.,). You consent to the provision of any and all of your Personal Data as requested by the Company for the purposes stated in Section 2.

The processing of your Personal Data means any or all of the activities that impact the Personal Data, such as the collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction or other relevant activities.

2. PURPOSES FOR THE PROCESSING OF PERSONAL DATA

2.1 . The personal data which We collect from you may be processed for various purposes, depending on the circumstances. We may/will need to process your Personal Data for the following purposes:

a) considering whether to provide you with the insurance you applied for. This includes TMIV’s consideration of your application for insurance contract(s) with Us and another Insurer considering your proposal (whether now or in the future) for a policy with such an Insurer (“Insurer” means any insurer operating insurance business in Vietnam).
b) underwriting your application and executing the insurance contract. This includes dealing with your proposal with TMIV and any other proposal that you may make (whether now or in the future) with another Insurer;

c) administering and/or managing your relationship, account, and/or insurance contract with TMIV including but not limited to accounting and dealing with or collecting any outstanding amounts from you;

d) processing with and/or settling any claims including the settlement of claims and any necessary investigations relating to the claims, under your policy or policies, whether such policy is issued by TMIV or another Insurer;

e) carrying out due diligence or other screening activities (including background, money laundering & financing terrorism, and “know-your-client” checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place TMIV, whether for any policy with TMIV or a policy with another Insurer;

f) carrying out your instructions or responding to any inquiries by you;

g) conducting research, analysis, and development activities (including but not limited to data analytics, surveys (such as insurance surveys, and customer service surveys), product and service development, and/or profiling) to improve our services or products and/or to enhance the product or service for your benefit.

h) dealing in any matters relating to the services and/or products which you are entitled to under any policy with Us and/or dealing in any matters relating to any policy with Us, which you are applying for or have applied. This includes but is not limited to contacting you or communicating with you via phone, text message, fax, email, and/or postal mail to administer and/or manage your contractual relationship with Us such as but not limited to communicating with you on matters related to your policy with Us. You acknowledge and agree that such communication by Us could be by way of the mailing of correspondence, documents, or notices to you, which could involve the disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;

i) investigating fraud, misconduct, any unlawful action or omission, whether relating to your proposal or claims, or any other matter relating to your policy or policies, whether such policy is issued by Us or another Insurer, and whether or not there is any suspicion of the aforementioned.

j) storing, hosting, and backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Vietnam.
k) doing statistics or actuarial work;

l) sending you marketing, advertising, and promotion information about the insurance that TMIV may be selling or marketing, whether now or in the future, and which We believe may be of interest or benefit to you (the “Marketing Purpose”), based on your consent by way of the modes of communication as consented by you;

m) any other purposes which We notify you of at the time of obtaining your consent;

n) performing any of TMIV’s rights regarding the Insurance contract.

(Collectively, the “Purposes”)

2.2. As the purposes for which We may/will process your personal data depend on the circumstances at hand, such purpose may not appear above. However, We will notify you of such other purpose at the time of obtaining your consent, unless such processing of your personal data without your consent is permitted by this Policy Statement or by law.

3. INDIVIDUALS, ORGANIZATIONS ALLOWED TO PROCESS PERSONAL DATA

To provide you with the insurance service and for the Purposes mentioned in Section 2, TMIV shall cooperate with one or multiple individuals, or organizations to process your Personal Data on behalf of TMIV (hereinafter referred to as “Data Processor”). You understand that TMIV cannot provide the identification or detailed information of each Data Processor and accept that the Data Processors include the following subject:

- Insurance agents, Insurance brokers, and Insurance ancillary services providers relating to or participating in the signing and implementation of your Policy with TMIV (the “Policy”);
- The Co-Insurer(s) and Re-insurer(s) regarding the Policy;
- TMIV’s Parent Company or Ultimate Parenting Company, Subsidiaries, Affiliates
- Independent auditors;
- Insurance loss adjust companies, professional law firms, or related professional insurance service providers relating to the performance of Policy; medical examination and treatment facilities, laboratories;
- Data providers on prevention of money laundering crimes, financing of terrorists, sanctions, and criminals.
TMIV’s service providers assist the insurance business and implementation of the Policy, such as managing administrative matters, credit information, debt recoveries, customer services, communication, computers, data processing, payment, printing, etc.;
- Other third parties relating to the processing of your personal data.
4. SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
4.1. We respect the confidentiality of the personal data you have provided to Us.
4.2. In that regard, We will not disclose your personal data to third parties without first obtaining your consent permitting Us to do so. However, please note that We may disclose your personal data to third parties without first obtaining your consent in certain situations as prescribed by the laws, including, without limitation, the following:
a) The personal data shall be processed to protect the life and health of the data subject or others in an emergency situation.
b) Disclosure of personal data in accordance with the law.
c) Processing of personal data by competent regulatory authorities in the event of a state of emergency regarding national defense, security, social order and safety, major disasters, or dangerous epidemics; when there is a threat to security and national defense but not to the extent of declaring a state of emergency; to prevent and fight riots and terrorism, crimes and law violations according to the provisions of the applicable laws.
d) The personal data shall be processed to fulfill obligations under contracts the data subjects with relevant agencies, organizations, and individuals as prescribed by law.
e) The personal data shall be processed to serve operations by regulatory authorities as prescribed by relevant laws.
4.3. When We disclose your personal data to third parties with your consent, We will employ our best efforts to require such third parties to protect your personal data.
5. YOUR/DATA SUBJECT’S RIGHTS AND OBLIGATIONS

5.1. YOUR/DATA SUBJECT’S RIGHTS

a) Right to be informed: You/the Data subject have/has the right to be informed of your/his/her personal data processing, unless otherwise provided by the laws.
b) Right to give consent: You/the Data subject have/has the right to give consent to the processing of your/his/her personal data unless such processing of personal data does not require your/the Data subject’s consent as provided by the laws.
c) Right to access personal data: You/the Data subject have/has the right to access your/his/her personal data in order to look at, rectify or request rectification of your/his/her personal data, unless otherwise provided by the laws.
d) Right to withdraw consent: You/the Data subject have/has the right to withdraw your/his/her consent unless otherwise provided by the laws.
e) Right to delete personal data: You/the Data subject have/has the right to delete or request deletion of your/his/her personal data, unless otherwise provided by the laws.
f) Right to obtain restriction on processing: You/the Data subject have/has the right to request for the restriction on the processing of your/his/her personal data, unless otherwise provided by the laws. The restriction on the processing of personal data shall be implemented within 72 hours after receiving your/the Data subject’s request, and on all personal data that you/the Data subject request(s) for the restriction unless otherwise provided by the laws.
g) Right to obtain personal data: You/the Data subject have/has the right to request TMIV to provide yourself/himself/herself with your/his/her personal data, unless otherwise provided by the laws.
h) Right to object to processing: You/the Data subject have/has the right to object TMIV for the processing of your/his/her personal data in order to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes, unless otherwise provided by the laws. TMIV shall comply with your/the Data subject’s request within 72 hours of receiving the request unless otherwise provided by the laws.
i) Right to file complaints, denunciations, and lawsuits: You/the Data subject have/has the right to file complaints, denunciations, and lawsuits as prescribed by law.
j) Right to request for compensation of damage: You/the Data subject have/has the right to claim damage as prescribed by law when there are violations against regulations on the protection of your/his/her personal data, unless otherwise agreed by parties or unless otherwise prescribed by law.
k) Right to self-protect: You/the Data subject have/has the right to self-protect or request competent agencies and organizations to implement civil rights protection methods according to the applicable laws.

5.2. YOUR/DATA SUBJECT’S OBLIGATIONS

a) To protect your/his/her personal data by yourself/himself/herself; to request other related organizations, or individuals to protect your/his/her personal data.
b) To respect and protect other individuals’ personal data.
c) To provide personal data fully and accurately when providing consent for personal data processing.
d) To participate in the popularization and dissemination of personal data protection measures.
e) To comply with the laws of personal data protection and participate in the prevention of breaches of personal data protection regulations.

6. SPECIFIC NOTES TO YOU WHEN EXERCISING THE DATA SUBJECT’S RIGHTS

6.1. REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA

a) You have the right to request to obtain and/or correct the personal data currently in our possession or control by submitting a written request to Us. We will need enough information from you to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Hence, please submit your written request via email or post to our DPO.
b) For a request to obtain personal data, We will seek to provide you with the relevant personal data within 72 hours after receiving your request complying with the form provided in Appendix 01, unless otherwise provided by the applicable laws. The applicable laws, from time to time, may exempt certain types of personal data and/or certain cases from being subject to your request to obtain.
c) We will also charge a reasonable fee for providing your personal data. We will provide you with a written estimate of the fee We will charge. Please note that We are not obligated to respond to or process your request for data unless you have agreed to pay a fee.
d) For a request to correct personal data, once We have sufficient information from you to deal with the request, We will correct your personal data as soon as possible after receiving your request. Where We are unable to execute such a correction, We will notify you of such matter within 72 hours after receiving your request to correct it. Kindly note that the applicable laws, from time to time, may exempt certain types of personal data from being subject to your correction request as well as provide for situation(s) when correction need not be made by Us despite your request.

6.2. REQUEST TO WITHDRAW CONSENT

a) You may withdraw your consent for the processing of your personal data in our possession or under our control by submitting a written request to Us.
b) We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not process your personal data in the manner stated in your request.
c) However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for Us to process your personal data, it may mean that We will not be able to continue with your existing relationship with Us/ and the policy or policies you have with Us will have to be terminated

7. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA

7.1. We will take reasonable efforts to ensure that your personal data is accurate and complete if your personal data is likely to be used by TMIV to make a decision that affects you. However, this means that you must also update Us on any changes in your personal data that you had initially provided Us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating Us of any changes in your personal data that you had originally provided Us with.
7.2. We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage, and/or alteration of your personal data. However, We cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
7.3. We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other regulatory or business purposes unless otherwise provided by the applicable laws.
7.4. Where your personal data is to be transferred out of Vietnam, We will comply with applicable law in doing so. In this regard, this includes Us obtaining your consent unless an exception under the applicable law applies and taking appropriate steps to ascertain that the foreign agency/organization receiving the data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under Vietnamese law. This may include Us entering into an appropriate contract with the foreign recipient organization for the personal data transfer or permitting the personal data transfer without such a contract if the applicable law permits Us to.

8. COMPLAINT PROCESS

8.1. If you have any complaint or grievance regarding how We are handling your personal data or about how We are complying with the applicable laws on personal data protection, We welcome you to contact Us with your complaint or grievance.
8.2. Please contact Us with your complaint or grievance by sending it to DPO as per the information provided in the beginning part.
8.3. Where it is an email or a letter through which you are submitting a complaint, your indication in the subject header that it is a personal data protection complaint would assist Us in attending to your complaint speedily by passing it on to DPO to handle.
8.4. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
8.5. Nevertheless, you may lodge any complaint about this matter with competent regulators overseeing personal data protection.

9. UPDATES ON DATA PROTECTION POLICY

9.1. As part of our efforts to ensure that We properly manage, protect and process your personal data, We will be reviewing our policies, procedures, and processes from time to time. The latest issuance/update/amendment is on 01 July 2023.
9.2. We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion from time to time and in line with the applicable laws.
9.3. You are encouraged to visit our website from time to time to ensure that you are well-informed of our latest policies in relation to personal data protection.

Title	Version	Download
TMIV_Personal Data Protection Processing Policy Statement (EN)_1 JUL 2023.pdf	1.0	7.1mb