About the European Union’s data privacy law
On May 25th the EU’s General Data Protection Regulation (GDPR) becomes enforceable. This regulation sets out to protect the data and privacy of citizens and residents of the EU. The primary way it does this is by giving people the right to view, edit, and even request deletion of data companies have collected on them.
As a part of this regulation, companies are also required to clarify and improve privacy policies so that they are easy for all people to read and understand.
The most important component of this new law, however, is the fact that it applies to all residents of the EU and companies who collect data on them, regardless of their location. For example, a company in Bangkok who sells to Europeans living in Thailand is now required to meet GDPR regulations, even though they do not sell or operate in the region.
At Pacific Prime Thailand we offer a variety of insurance solutions including International Private Medical Insurance (IPMI) plans. These are designed to provide cover of healthcare on a worldwide basis, which makes them popular with expats.
This new policy not only explains how we are compliant, but also how we collect, use, and store our users’ data.
- Our stance on data collection, processing, and protection
- The data that we collect
- Who at Pacific Prime collects the data
- How data is collected by us
- How consent of data collection and use works
- Why data is collected
- How data collected is used
- The sharing of data with third parties
- How you can view, edit, or delete your data
- How we utilize cookies on our site
While there is a good amount of information in this new policy, we can boil it down to: We strive to only collect data that is contractually necessary in order for an insurer to underwrite and offer plans. We collect only this data, and data that is used for marketing activities.
The data collected by Pacific Prime is never sold, and only the data required by critical third parties (e.g., insurers) will be provided. Data and information that is not required is neither collected nor shared in the event it has already been collected (e.g., if you have another plan with us, there might be some data that plan needed, but a new plan does not).
Is Pacific Prime Thailand compliant with the GDPR?
We have taken every step we can to ensure that we are compliant with the GDPR requirements, and will continue to do so when the details of the bill are finalized. From what we know of the impending law here in Thailand, our existing practices are compliant.
I am not from Europe, does this law apply to me?
In short, no, the law does not apply to you. That said, we take the security of your data seriously and have applied the policy that is compliant with the GDPR across the whole company.
This means that you have the right to request to review your data, edit it, or delete it. One thing to be aware of here is that if you do request that we delete your data and are in the process of securing cover, we might not be able to complete the process as the data may be required in order to secure an insurance plan. You could also face delays of complications with the process.
Will I need to provide Pacific Prime Thailand any information?
No. If you have already provided us with information, or are already a client of ours, we require no further data from you in order to be compliant. It has always been our policy to only ask for data that is contractually necessary in order for the insurer to offer you a plan.
If you are not a client, we will not ask for any information that is not necessary, and it is completely up to you whether you want to provide it or not. Do note that required fields on our forms are those insurers will need.