Insurance Privacy Policy

Privacy Policy

MedEx Ventures Co., Limited, operating as MedEx, places paramount importance on protecting your privacy and is dedicated to responsibly managing the collection, utilization, and disclosure of your personal data. Our commitment extends to handling and securing your information with accuracy and appropriateness. Understanding our processes for collecting, using, and safeguarding your personal data is essential.

1. Collection of Personal Data

The personal data collected by MedEx serves specific purposes and is acquired based on your consent. We prioritize the gathering of only necessary information, crucial for compliance with legal obligations, contractual agreements, or to provide services. Failure to provide certain personal data or grant consent may limit our ability to fulfill your requests or offer services effectively.

When enrolling for our Insurance services or interacting with MedEx, the following categories of personal data may be collected:

  • Basic Information: This includes your name, identification details, contact information (phone number, email, postal address), date of birth, gender, and signature. The specific details collected depend on the application or registration form you fill out.
  • Financial Data: To process payments, we may collect information such as income details, tax information, bank account activities, investment details, credit card information, and payment history.
  • Legal Records: In compliance with legal requirements, we may collect data related to criminal, civil, or offense records, alongside relevant court orders.
  • Insurance and Service-Related Information: Details about products or services you've received from MedEx or other insurance operators, including insurance policy numbers, sum insured, transactions, premium payments, beneficiaries, and claims information.
  • Compliance Information: Status details concerning anti-money laundering measures, combatting the financing of terrorism, bankruptcy, and adherence to specific laws like FACTA or CRS.
  • Transactional Data: Information about your transactions with MedEx, such as health service and product purchases, policy coverage, payment history, and related banking or payment information.
  • Online Interaction Data: When using MedEx-operated websites, apps, or engaging on social media platforms, data such as browsing history, device information, IP addresses, and interactions with our online services may be collected.
  • Communication Records: Records of your interactions with MedEx, including call recordings, customer notes, survey responses, and information shared via various communication channels like SMS, social media, email, or fax.
  • Additional Information: Data you provide when seeking further information about MedEx products or services, participating in events, competitions, or research surveys.
  • Social Media Profile Data: If you choose to interact with MedEx services using your social media credentials, we may collect information from your social media profiles, such as interests, likes, and friend lists.
  • Account Information: Details provided when signing up for online accounts or applications, ensuring that such services are intended for the registered owner.

For any data collection requiring your consent according to legal requirements, MedEx will duly notify you and seek your explicit approval within the specified legal timeframes.

2. Methods of Personal Data Collection by MedEx

MedEx accumulates and gathers your personal data through various sources and methods:
Direct Data Provision: Your personal data is provided directly to or through MedEx via several means:

  1. Information provided in written or oral communication between you and MedEx, including registration details, service request forms, insurance application documents, and supplementary materials submitted to MedEx. This encompasses data from customer surveys, feedback through various mediums like papers, calls, messages, boards, or emails, and information obtained during visits to MedEx customer service centers.
  2. Automatic collection of personal data through cookies or similar technologies when utilizing MedEx services on websites or platforms. Further details about these technologies and their use by MedEx can be found at www.aboutcookies.org.
  3. Data captured as messages, photos, or audio during interactions with MedEx personnel, customer service officers, authorized intermediaries, partners, or representatives via multiple channels such as websites, applications, social media, phone, email, in-person contact, interviews, SMS, FAX, postal services, VDO Call service, or other communication avenues.
  4. Personal data acquired when participating in MedEx's marketing events, competitions, prize draws, or research surveys held by MedEx, its affiliates, partners, or business associates.

Indirect Data Sources: MedEx accesses or receives personal data from other sources:

  1. Information obtained from third parties, crucial for legal compliance and regulatory purposes. For instance, data received from regulatory bodies like the Office of Insurance Commission (OIC), Anti Money Laundering Office (AMLO), government agencies, or legal regulators.
  2. Data sourced from subsidiaries, other insurance or reinsurance companies, agents, brokers, financial institutions, service providers, social media platforms linked with MedEx services, hospitals, public data sources (e.g., Government Gazette), individuals with legal authority, or entities with legal relationships beneficial to MedEx or its service provision.
  3. Personal data acquired from both public and non-public records.

Certain MedEx services, such as Telemedicine Service, Health at Home Service, Lab Services at MedEx Neo Laboratory Clinic, MedEx Neo Clinic, and other health-related services, may require personal and health-related data for registration, appointment booking, or specific service purposes. In such cases, the terms of service elucidate the specific data processing activities. Upon subscription to these services, you will have the opportunity to review the terms and provide consent in accordance with relevant laws.

3. Objectives of Collecting and Using Personal Data

MedEx employs the personal data you provide during your interaction with our services to fulfill specific purposes and enrich your experience. The following outlines the varied objectives for which your personal data may be utilized:

  1. Objectives Requiring Consent
    1. Handling Sensitive Personal Data: MedEx may collect, use, or disclose sensitive personal data—such as health records, disability information, criminal records, and specific behavioral details—only when indispensable for contractual purposes (e.g., life insurance) or specific services provided by the Company. This data is strictly used within the realms of necessary contractual or service-related obligations.
    2. Data Analysis and Research: Your consent is sought for conducting analyses, research, or statistical data assessments aimed at enhancing or developing MedEx's products or services in compliance with relevant laws.
    3. Direct Marketing and Communications: Seeking consent for sending marketing communications, news, special offers, and promotional information regarding MedEx’s products, services, or those of its affiliates and business partners, exceeding the expectations of the data subject. This includes instances where individuals haven't previously engaged in business with the Company.

Objectives Based on Other Lawful Bases

The Company utilizes your personal data based on lawful grounds aligned with MedEx’s legitimate objectives:

2.1 Contractual Compliance and Customer Relations

  1. Offering consultations, advice, and data related to products or services.
  2. Managing applications for insurance and related procedures.
  3. Corresponding, delivering documents, managing relationships, and processing transactions, premiums, claims, etc.

2.2  Compliance with Laws:

  1. Adhering to legal provisions, regulations, and agreements enforced by government agencies, law enforcement, and regulatory bodies.
  2. Compliance with court orders and directives from supervisory or competent authorities.

2.3 Legitimate Interests and Operational Needs:

  1. Facilitating reapplications or offering relevant services based on legitimate interests.
  2. Enhancing products/services, conducting business operations, analyzing data, and monitoring service trends.
  3. Managing relationships, ensuring secure communications, and understanding user preferences.
  4. Conducting market research, offering services, conducting surveys, managing complaints or incidents, and personalizing services based on user profiles.
  5. Sending administrative information, offering benefits, organizing promotional activities, and providing suggestions or recommendations on products/services.
  6. Maintaining security measures, managing databases, coordinating work assignments, and enforcing company policies.

2.4 Duties for Public Interests or Legal Authority:

  1. Performing obligations for public interests or legal authority.
  2. Preventing risks to life, body, or health of individuals.
  3. Establishing historical records, conducting research, or creating statistics for public benefits while ensuring appropriate safeguards for individual rights and freedoms.

2.5 Establishment and Contestation of Legal Claims:

  1. Necessitated for the establishment, contestation, or compliance with legal claims.

Additionally, specific purposes not mentioned here will be explicitly communicated when requesting or utilizing your data. While you retain the choice to withhold certain information from MedEx, doing so might limit transactional capabilities or service provisions. For instance, it may hinder the initiation of insurance contracts or the delivery of related services.

MedEx is committed to notifying and seeking your consent if there's an intention to use your personal data for purposes beyond those specified in this Privacy Policy or those directly related to it. This ensures compliance with applicable laws, regulations, and the Personal Data Protection Act, safeguarding your rights and privacy.

Protection of Personal Data

The Company places paramount importance on safeguarding your personal data. We've instituted stringent data security policies, limiting access solely to designated individuals—such as specific employees and agents—essential for providing our services. Those granted access to your personal data are obligated to maintain its confidentiality, ensuring its protection. We maintain comprehensive physical, electronic, and procedural safeguards aligned with regulatory standards to uphold the security of your personal data.

When engaging third-party entities, the Company enforces rigorous security, privacy, and confidentiality obligations to secure your personal data.
Regarding online and network security technology, the Company has implemented robust measures to prevent data breaches and ensure the safety of stored personal data. Your information is housed on secure networks, accessible only to authorized personnel. Our data security protocols align with internationally recognized standards utilized by financial institutions, incorporating advanced technologies and measures to thwart data theft. Furthermore, we continually test and enhance our information technology systems to uphold the highest security standards and protect your personal data.

Disclosure of Personal Data

MedEx is dedicated to maintaining the confidentiality of your personal data. However, under circumstances where authorized by applicable laws or deemed necessary for processing objectives as previously delineated, MedEx retains the right to disclose your personal data to external parties for the following reasons:

  1. Government Agencies and Public Authorities: Disclosure may transpire to adhere to legal mandates, respond to requisitions from governmental bodies, collaborate with authorities in legal affairs, ensure personal or public safety, manage litigation, investigations, or other legal proceedings where personal data holds relevance. Entities encompassed within this scope may involve the Office of Insurance Commission, Anti-Money Laundering Office, Office of Securities and Exchange Commission, Revenue Department, courts, law enforcement agencies, Office of Personal Data Protection Commission, Office of Consumer Protection Commission, among others.
  2. Associations, Agencies, or Essential Entities: Disclosure may arise to fulfill obligations prescribed by laws or regulations, protect MedEx's rights, or safeguard the rights of third parties. This could extend to legal procedures involving entities such as the Thai Life Assurance Association.
  3. Internal Sharing within MedEx and Subsidiaries: The exchange of personal data internally within MedEx and its subsidiaries may occur to optimize service experiences, support operational functionalities, provide services, and fulfill purposes elucidated in this Privacy Policy, all in compliance with prevailing legal frameworks.

Disclosure of Personal Data

MedEx engages various entities such as companies, business partners, agents, subcontractors, and external service providers to facilitate its operational functions or support the provision of products and services. These functions include but are not limited to data analysis, credit card processing, information technology infrastructure, customer service platform development, satisfaction surveys, research, and customer relationship management, among others, as outlined in the section ‘Objectives of Collection and Use of Personal Data'. These may involve entities like National Digital ID Company Limited, cloud service providers, property valuation service providers, marketing service providers, document storage and destruction service providers, online social media providers, payment channel service providers, printing service providers, document/parcel delivery providers, concierge service providers, telecommunication operators, and IT technology support and security service providers.

Additionally, your personal data may be shared with third parties, including policyholders in group insurance, reinsurance companies, reinsurance brokers, other insurance entities, insurance intermediaries, financial institutions, financial advisors, investment advisors, auditors, legal advisors, tax advisors, credit rating companies, and other experts or advisors, all for the benefit of MedEx’s business operations.

MedEx may also disclose your personal data to any other relevant third party as outlined in this Policy. This may include individuals with whom you have transactional relationships (such as references, guarantors, mortgagors, or beneficiaries), financial institutions involved in your transactions, security issuers, securities registrars, fund managers, members of National Digital ID Company Limited, card schemes, universities, users of MedEx’s e-KYC services, and online social media providers, among others.

In disclosing personal data, MedEx ensures that adequate measures are taken to safeguard your information, and recipients process it in compliance with our directives without leveraging it for their own purposes. Such measures may involve the execution of appropriate contracts with these entities.

With your consent, MedEx may share your data with individuals or partners for the purpose of offering our products or services. You can refer to www.medex.co.th for lists of these individuals or partners, which may vary based on regular updates made by the Company

Use of Personal Data for Marketing Purposes

In addition to the previously mentioned purposes and as allowed by applicable law, MedEx may use your name and contact details for marketing initiatives. This includes sending promotional materials through various channels like postal mail, email, or other means, as well as conducting direct marketing to enhance the value of your experience as a MedEx customer. These activities encompass recommending relevant products and services, public relations efforts, promotional activities, and direct marketing related to our range of products and services.

The marketing materials may cover various fields such as insurance, pension, wealth management, investment, banking, financial services, medical treatment, healthcare, health information, employment, seminars, brand loyalty benefits, charity events, marketing events, competitions, lucky draws, and other activities in which you may express interest. For these purposes, MedEx may need to disclose your personal data to our personnel and partners, as required to facilitate these actions. The processing of your personal data in this context adheres strictly to the guidelines outlined in this Policy.

You have the option to opt-out of receiving marketing communications from us. However, please note that administrative communications directly related to the products or additional services we provide, such as premium payment notices and receipts, are not classified as marketing communications.

To opt-out of receiving marketing communications from MedEx:

  • Contact the MedEx Customer Contact Center at 02 544 0001 or email: mail@medex.co.th; or
  • If you no longer wish to receive ‘only marketing-related emails' from us, you may opt-out by clicking on the unsubscribe link located at the bottom of each marketing-related email.

Rights of Personal Data Protection Law

Your rights, as outlined by law and this Policy, can be exercised, taking into account current provisions or those that may be revised in the future by the company. If you are under 20 years old or have limited legal capacity, you may authorize a parent, appointed guardian, or an authorized individual to act on your behalf to exercise these rights.

  1. Right to withdraw consent:

You have the right to withdraw previously given consent for the collection, use, and disclosure of your personal data by MedEx. This can be done at any time while your data is held by MedEx, unless legal restrictions or valid contracts prevent such withdrawal. Please note that this withdrawal might affect service provision, contract fulfillment, or access to information such as underwriting, insurance benefits, or service notifications. However, prior collection, use, and disclosure of your data remain unaffected by this withdrawal.

  1. Right to access:

You have the right to access and obtain a copy of your personal data held by MedEx, along with details regarding its acquisition.

  1. Right to data portability:

You may request your processed personal data to be provided in a readable format and transferable to other data controllers, if technically feasible.

  1. Right to object:

You have the right to object to the collection, use, or disclosure of your personal data, unless there are compelling legal grounds overriding this right.

  1. Right to deletion or destruction:

You can request MedEx to delete, destroy, or anonymize your personal data if it was collected illegitimately or is no longer necessary for the purposes outlined in this Policy.

  1. Right to suspension:

You can request MedEx to suspend the use of your personal data while an investigation or rectification is in progress or when it is no longer necessary.

  1. Right to rectification:

You have the right to rectify your personal data to ensure accuracy, completeness, and to prevent any misleading information.

  1. Right to lodge a complaint:

If you believe that the handling of your data violates laws, you have the right to lodge a complaint with the relevant authorities.

Requests to exercise these rights will be processed within 30 days upon receipt. To exercise these rights, please contact us via:

  • E-mail: mail@medex.co.th
  • Tel: MedEX Customer Contact Center at Tel.02 544 0001
  • Postal mail: The Trendy Office Building, 6th Floor, Bizconcierge, Sukhumvit 13, Khlong Toei, Watthana, Bangkok, Thailand 10110

Changes to the Privacy Policy

MedEx may levy reasonable expenses for processing these rights in accordance with applicable laws. However, MedEx reserves the right not to proceed with requests under legal provisions.

MedEx reserves the right to amend this Privacy Policy at its discretion. This Policy can be accessed at www.medex.co.th/en/privacy-policy. In the event of any modifications to our Privacy Policy, we will either post a notification of these changes on our websites or send an email to the address provided in your account to keep you informed about the data we collect and utilize, as well as the circumstances under which we may disclose it. You can ascertain the latest revision date of the Privacy Policy by referring to the date provided at the bottom of the Policy. Your continued use of the websites or our services following any modifications to the Privacy Policy implies your acceptance of these changes. We recommend periodically reviewing our Privacy Policy to stay informed about our privacy practices.

MedEx regularly updates its Privacy Policy, and these updates will be published on our websites. The last update to this Privacy Policy was made on Dec 22nd, 2023.