---------------------------------------------------------------------------------------------------------------
This Privacy Notice (“Notice”) is issued to inform and provide you, as a user of the myPacificCross TH application (hereinafter referred to as the "Processing Activity"), with a clear understanding of how Pacific Cross Health Insurance Public Company Limited (hereinafter referred to as the "Company") operates as the data controller for the personal data collected from you in connection with this Processing Activity.
The Company has developed myPacificCross TH application to facilitate searching for network hospitals, verifying your policy information, reviewing personal data, submitting claims, and requesting various services.
The Company conducts the collection, use, and disclosure of your personal data as outlined below
1. Legal Basis for Processing Personal Data
1.1. The Company collects your personal data based on the following legal grounds:
1.1.1 The necessity to fulfilling an insurance contract. Without this personal data, the Company would be unable to provide its services.
1.2. The Company collects personal data under Section 26, which allows for exemptions from explicit consent, for the following purposes:
1.2.1 It is necessary for the Company to collect health data to process and evaluate claims.
2. Purpose of Collecting Personal Data
The Company collects your personal data for the following purposes:
2.1 To verify identity and register for the application’s services.
2.2 To facilitate the necessary to provided services through the application.
2.3 To enable effective communication.
2.4 To process and manage insurance claims.
3. Personal Data Collected and Used by the Company
For the purposes outlined in Section 2, the Company collects the following personal data:
3.1. Sources and types of personal data collected are as follows:
| Sources/types of collection | Lists of Personal Data |
| 1. Collected directly from you through application registration, completing questionnaires, filling out application forms, interviews, or communication with the Company for inquiries, providing feedback, or submitting complaints. | Name-last name, telephone number, mobile phone number, fax number, photograph, national ID card number, policy number and form, address, email, health information, medical history, claim history, remaining balances, bank account numbers. |
| 2. Collected using technology to detect or track your usage behavior. | Cookie data, IP address, Application Logging, Device ID, Browsing history |
| 3. Collected from external sources, such as policyholders, job applicants, employees, agents, brokers, hospitals, public information sources, business-related data providers, or commercial data sources. This includes instances where you have personally provided the information or given consent for others to disclose your personal data to the Company’s service providers or government agencies. | Name-last name, telephone number, mobile phone number, fax number, photograph, national ID card number, policy number and form, address, email, health information, medical records, claim history, bank account numbers. |
3.2. Purpose of Using Personal Data
| Purpose of Using Personal Data | Lists of Personal Data Used |
| 1. To verify identity and register for the application’s services. | Name-last name, telephone number, mobile phone number, national ID card number, address, email. |
| 2. To provide services through the application. | Name-last name, telephone number, mobile phone number, national ID card number, policy number and form, disability condition, medical records, claim history, remaining balances |
| 3. To enable effective communication | Name-last name, telephone number, mobile phone number, Fax number, address, email |
| 4. To process and manage insurance claims | Name-last name, telephone number, mobile phone number, fax number, photograph, national ID card number, policy number and form, address, email, health information, medical records, claim history, remaining balances, bank account numbers |
4. Disclosure of Personal Data
The Company discloses your personal data to the following individuals or entities:
4.1 Med-Sure Services Limited, for the purpose of underwriting insurance and processing claims payments.
4.2 Government agencies compliance with legal requirements or upon official requests.
5. Rights Under the Personal Data Protection Act B.E. 2562
The Personal Data Protection Act B.E. 2562 aims to grant you greater control over your personal data. You can exercise your rights under the Personal Data Protection Act B.E. 2562 when the provisions concerning the rights of personal data subjects come into effect. These rights include:
5.1 Right of Access - You have the right to access, receive a copy of, and request the disclosure of the source of your personal data held by the Company. However, the Company may refuse your request if permitted by law, a court order, or if fulfilling your request would impact on the rights and freedoms of others.
5.2 Right to Rectification - You have the right to request corrections to your personal data if it is inaccurate or incomplete, ensuring it is accurate, up-to-date, complete, and not misleading.
5.3 Right to request the restriction of processing your personal data in any of the following circumstances:
5.3.1 During the period when the Company is verifying your request to correct your personal data to ensure its accuracy, completeness, and currency.
5.3.2 When your personal data has been collected, used, or disclosed unlawfully.
5.3.3 When your personal data is no longer necessary to retain for the purposes initially stated by the Company but you request the Company to continue retaining the data to support the exercise of your legal rights.
5.3.4 During the period when the Company is proving the legitimate grounds for collecting your personal data or assessing the necessity of collecting, using, or disclosing your personal data for public interest, following your objection to collecting, using, or disclosing.
5.4 Right to object to the collection, use, or disclosure of your personal data unless the Company has lawful grounds to deny your request (e.g., the Company can demonstrate that the collection, use, or disclosure of your personal data is justified by overriding legitimate grounds, or to establish legal claims, compliance with or exercise of legal rights, or for the public interest in alignment with the Company’s mission.)
6. Retention Period for Personal Data
The Company retains your personal data for a period of 10 years from the date your relationship with the Company ends or your last interaction with the Company. This retention period is in accordance with the Personal Data Protection Act B.E. 2562 and other applicable laws.
After the retention period, the Company will review and proceed to delete, destroy, or anonymize the personal data within no more than 1 year. This process ensures the removal of all personal data once the retention period has expired, or if the data is no longer relevant or exceeds the purposes for which it was collected.
7. Security of Personal Data
The Company has implemented appropriate measures to safeguard the security of your personal data, both technically and through management practices, to prevent loss, unauthorized access, destroy, use, alteration, modification, or disclosure of personal data without permission.
Additionally, the Company has established a Personal Data Protection Policy, which has been communicated organization-wide, along with practical guidelines to ensure the security of personal data during collection, use, and disclosure. This is done while upholding the principles of confidentiality, integrity, and availability of personal data. The Company also ensures that this policy and the related announcements are reviewed periodically as deemed appropriate.
8. Participation of Personal Data Subjects
The Company may disclose personal data upon receiving a request from the personal data subject, their legal heirs, successors, authorized representatives, curators or guardians. Such requests must be submitted via thdpo@th.pacificcrosshealth.com
In cases where the data subject, legal heirs, successors, authorized representatives, curators or guardians object to the collection, accuracy, or any actions such as requesting for corrections their personal data, the Company will record the objections as evidence.
Nonetheless, the Company reserves the right to deny such requests if required by law or in cases where personal data has been anonymized or rendered unidentifiable.
9. Responsibilities of Individuals Processing Personal Data
The Company ensures that only authorized personnel with relevant duties in the collection, use, and disclosure of personal data related to processing activities are granted access to your personal data. The Company will ensure that authorized personnel strictly adhere to this notice.
10. Amendments to the Privacy Notice
The Company may revise or update this privacy notice as deemed necessary. Any changes will be communicated to you through the application, website, or other designated channels, with the latest version date clearly indicated at the end. We recommend that you regularly review this notice, particularly before sharing any personal data with the Company. The Company encourages you to regularly review the updated privacy notice, especially before disclosing any personal data to the Company.
By continuing to use the products or services under this data processing activity, you acknowledge and agree to the terms outlined in this notice. If you do not agree with the terms, please cease using the services. Your continued use after any revisions or updates are published on the aforementioned channels will be considered as your acknowledgment and acceptance of the changes.
11. Contact Information
For inquiries regarding this announcement, you can contact us at:
Data Protection Officer: DPO
You can review the Company's Personal Data Protection Policy as below link
https://www.pacificcrosshealth.com/en/pdpa/