Login
Sign up free

Privacy policy

Data protection at payg.insure

At payg.insure COMPANY LIMITED (“payg.insure”, “we”, “us”, “our”), we routinely collect and use personal data about individuals, including policyholders, insured persons, beneficiaries, agencies, business partners, or any individuals whose personal data we collect (collectively referred to as “you”). We value your privacy and the security of your personal data, treating them as a top priority. Hence, we are aware of our responsibility to handle your personal data with care, to keep it secure, and to comply with applicable personal data protection laws.

How this policy works

The purpose of this policy is to provide a clear explanation of what, when, why, and how we collect and use information relating to you that allows us to identify you (“personal data”), whether directly or indirectly. It explains with whom we share personal data, how we retain it to keep it confidential and privileged, what actions you can take, and how you can contact us.

Important

Please read this policy carefully. It provides important information on how we use personal data and explains your statutory rights. This policy is not intended to override any terms of an insurance policy or contract you have with us, nor any rights available to you under applicable data protection laws.

Data protection policy

1. Who is responsible for your personal data?

Payg.insure COMPANY LIMITED will be principally responsible for looking after your personal data.

Where your personal data has been passed to another Data Controller (e.g., a reinsurer or governmental agency), payg.insure will inform you of the Data Controllers with whom we have shared your personal data and whom you may contact regarding their use of your data, as outlined in Section 6 of this Policy.

Please be aware that although we are principally responsible for safeguarding your personal data, information may be held in databases accessible to other companies within the payg.insure Group, including our brands, affiliates, and subsidiaries (“payg.insure companies”). When accessing your personal data, payg.insure companies will comply with the standards set out in this Policy.

2. What personal data do we collect?

We collect and process personal data, including Basic personal data and Sensitive personal data, as defined below.

2.1. Basic personal data includes the following:

  1. Family name, middle name, first name, and any other names (if any);
  2. Date of birth; date of death or missing status;
  3. Gender;
  4. Place of birth, registered place of birth, place of permanent residence, place of temporary residence, current place of residence, hometown, and contact address;
  5. Personal image;
  6. Nationality;
  7. Phone number; ID card number, personal identification number, passport number, driver’s license number, license plate, personal tax code, social insurance number, health insurance card number;
  8. Marital status;
  9. Information on family relationships (parents, children);
  10. Digital account information; personal data that reflects activities and activity history in cyberspace;
  11. Information associated with an individual or used to identify an individual, other than Sensitive personal data.

2.2. Sensitive personal data includes the following:

  1. Political and religious opinions;
  2. nformation on health conditions and private life stated in health records, excluding information on blood type;
  3. Information about racial or ethnic origin;
  4. Information about inherited or acquired genetic characteristics;
  5. Information about biometric or biological characteristics;
  6. Information about sex life or sexual orientation;
  7. Data on crimes and criminal activities collected and stored by law enforcement agencies;
  8. Information received from credit institutions, foreign bank branches, payment service providers, and other licensed institutions, including customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals who are guarantors at credit institutions, bank branches, and payment service providers;
  9. Personal location identified via location services;
  10. Other specific personal data as prescribed by law that requires special protection.

Prospective Policyholders, Insured Persons, Beneficiaries, and Related Parties. To underwrite and administer insurance policies, we collect information about prospective policyholders, insured persons, beneficiaries, and related parties. This may include information about previous quotes obtained, background, and contact information on prospective policyholders, insured persons, beneficiaries, and matters in relation to risk assessment and insurance policy management. The level and type of personal data we collect and use vary depending on the type of policy applied for or held and may include information on other individuals who need to be considered as part of the policy. In some instances, it is necessary for us to collect and use Sensitive personal data, such as health conditions or medical records. We are required to establish a legal exemption to use your personal data – see Section 5 for further details.

If you are an insured person, you may, from time to time, need to provide us with the personal data of third parties, for example, an injured third party in relation to a claim under a liability policy. Where possible, you should inform the third party that you need to disclose their details to us, identifying payg.insure as your insurer, and obtain their consent. We will process their personal data in accordance with this Policy.

Claimants. If you are making a claim under a policy, we will collect your basic contact details together with information about the nature of your claim and any previous claims. If you are an insured person, we will need to check the policy details you are insured under and your claims history. Depending on the nature of your claim, it may be necessary for us to collect and use Sensitive personal data, such as medical records and details of an insured event related to an accident or disease.

Business Partners. If you are a business partner, we will collect your business contact details. We may also collect information about your professional expertise and experience.

Website Visitors. We may collect your contact details if you visit our website (including applications and social media platforms), register for a newsletter, or attend one of our events. If we collect personally identifiable information through our website, we will clearly indicate what information is being collected and explain its intended use.

In the event that you have provided personal data of other persons to payg.insure, such as a prospective insured person or beneficiary, you acknowledge and confirm that you have informed such persons about the details of this policy and obtained consent where applicable or relied on an appropriate legal basis to allow us to process personal data in accordance with this policy.

For more details on the types of information we collect, please see Appendix 1.

3. When do we collect your personal data?

Prospective Policyholders, Insured Persons

  • We will collect information directly from you when you apply for an insurance policy.
  • Information about you may also be provided to us by an insurance agency, insurance broker, your employer, family member, or any other third person who may be applying for an insurance policy that names or benefits you.
  • We may collect information about you from other sources where necessary for effective underwriting of policy risk and/or to combat financial crime or insurance profiteering. These other sources may include public registries and databases managed by credit reference agencies, government agencies, and other reputable organizations.

Claimants

  • We will collect information from you when you notify us of a claim. You might make a claim to us directly, through your representative, or via a broker or one of our representatives managing claims on our behalf.
  • We may also collect information about you if the claim is made by another person who has a close relationship with you or is otherwise linked to the claim — for example, if the policyholder is your employer, or if you are the subject of a third-party claim.
  • Information may also be provided by your lawyers (or those acting on behalf of your employer).
  • We may collect information from other sources where necessary to validate claims and/or to combat financial crime. This may include consulting public registers, social media, other online sources, credit reference agencies, and other reputable organizations.

Business Partners and Visitors

  • We will collect information about you if you or your company provides your contact or other information to us in the course of working with us, either directly as a business partner or as a representative of your company.
  • Information about you may also be collected if you attend meetings, events, or conferences we organize, contact us through our website, or sign up for one of our newsletters or bulletins.
  • We may collect information from other public sources (e.g., your employer’s website) if necessary to manage our relationships with our business partners.

Applicable to All

If you telephone payg.insure (for example, to notify a claim or discuss it with us) or if payg.insure telephones you (for example, to sell an insurance policy), we may record the call. We may also use Interactive Voice Response (IVR) technology to automate responses to voice commands and analyze call recordings. We use call recordings as evidence of your agreement to purchase an insurance policy or submit a claim, to help train our staff, and to provide an accurate record in case of complaints or queries. Additionally, we may analyze call recordings using automated technology to detect potential customer service failings (and then resolve them) or to detect potential fraud.

4. What do we use your personal data for?

We use your personal data for the purposes outlined below. Please refer to Appendix 2 for more details, including the legal basis we rely on in each case.

Prospective Policyholders and Insured Persons. If you are a prospective policyholder or insured person, we will use your personal data to consider an insurance policy application, assess and evaluate risk, and, subject to applicable terms and conditions, provide you with a policy. Once your policy is issued, we will use your personal data to administer your policy, respond to your inquiries, and manage the renewal process. Additionally, we will need to use your personal data for regulatory purposes associated with our legal and regulatory obligations as an insurance provider.

Claimants. If you are a claimant, we will use your personal data to assess the merits of your claim and potentially pay out a settlement. We may also need to use your personal data to evaluate the risk of potential fraud. If you are also an insured person, we will use personal data related to your claim to inform the renewal process and potentially future policy applications.

Business Partners and Visitors. If you are a business partner, we will use your personal data to manage our relationship with you, including sending you marketing materials (where we have appropriate permissions) and inviting you to events. Where relevant, we will use your personal data to deliver or request services, and to manage and administer our contract with you or your employer. If you are a visitor, we will use your personal data to register for certain areas of our website, to request additional information, distribute requested reference materials, or invite you to one of our events.

Data Analytics. We routinely analyze information in our various systems and databases to help improve the way we run our business, deliver a better service, and enhance the accuracy of our risk and other actuarial models. We take steps to protect privacy by aggregating and, where appropriate, anonymizing data fields before making information available for analysis.

5. Protecting your privacy

We ensure that your personal data is only used for the purposes outlined in Section 4 of this policy when we are satisfied that:

  • Our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g., to manage your insurance policy);
  • Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation (e.g., to meet requirements of the State Bank of Vietnam);
  • Our use of your personal data is necessary to support legitimate business interests (e.g., to improve our products or to conduct data analytics), provided it is conducted in a way that respects your privacy rights; or
  • You have provided your consent for us to use the data in that way.

Before collecting and/or using any personal data, we will establish a lawful exemption that allows us to use that information. If your personal data is collected on a form (including online) or over the phone, further information about the exemption may be provided on that form. This exemption will typically be:

  • Your explicit consent;
  • The establishment, exercise, or defense of legal claims by us or third parties; or
  • A specific exemption provided by law that is relevant to the insurance industry.

6. Who do we share your personal data with?

We work with many third parties to help manage our business and deliver services. These third parties may occasionally need to access your personal data.

For Prospective Policyholders, Insured Persons, these third parties may include:

  • Insurance Agencies, Insurance Brokers, Other Insurers/Reinsurers, and Third-Party Administrators who work with us to help manage the underwriting process and administer our policies.
  • Service Providers.
  • Healthcare Providers.
  • Our Regulators, including the Ministry of Finance (MOF), the Ministry of Public Security (MPS), and other regulators and law enforcement agencies in Vietnam and around the world.
  • Fraud Prevention Agencies and Organizations working to prevent fraud in financial services.
  • Lawyers and Other Professional Services such as medical professionals, accountants, actuaries, auditors, experts, consultants, banks, and financial institutions that service our accounts.
  • Your Employer or Company Acting on Your Employer’s Behalf to monitor, audit, or otherwise administer our services and fulfill contractual obligations related to our services (in cases where your employer has signed an agreement with us to provide you with insurance coverage or other additional covers and services).

We may also be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement, or, in certain cases, other insurers. If we reorganize part of our business, we may need to transfer your personal data to the purchaser or transferee of the business, or other third parties in connection with the sale, reorganization, or disposal of our business. We may also share your personal data with any other persons acting for or on behalf of or jointly with payg.insure in respect of a directly related purpose for which your personal data was required.

Descriptions of certain categories of third parties and defined terms are set out below.

  • Assistance Providers: These are a special category of service providers who help provide emergency or other assistance related to certain policies (e.g., certain travel policies).
  • Insurance Agencies: These agencies introduce insurance products, arrange policy issuance, and assist payg.insure in collecting claim requests.
  • Insurance Brokers: Insurance brokers arrange and negotiate insurance coverage for individuals or companies and work directly with insurers like payg.insure.
  • Ministry of Finance (MOF): This is an insurance regulatory body. payg.insure may disclose personal data to the MOF to support its supervision of and promotion of insurance businesses, in line with the insurance commission law.
  • Ministry of Public Security (MPS): This is the government agency responsible for managing personal data protection.
  • Department of Cybersecurity and High-tech Crime Prevention: This department under the MPS regulates the processing of personal data by all organizations and individuals within Vietnam.
  • Prospective Insured and Life Assured: This term refers to prospective, active, or former individual policyholders, as well as any individual who benefits from insurance coverage under one of our policies (e.g., where an employee benefits from coverage taken out by their employer).
  • Loss Adjusters: These are independent claims specialists who investigate complex or contentious claims on our behalf.
  • Other Insurers/Reinsurers: Some policies are insured on a joint or syndicate basis, meaning that a group of insurers (including us) will join together to write a policy. Policies may also be reinsured, meaning that the insurer purchases its own insurance from a reinsurer to cover part of the risk underwritten in your policy. payg.insure purchases reinsurance and also acts as a reinsurer for other insurance firms.
  • Service Providers: These are various third parties to whom we outsource certain functions of our business. For example, we have service providers who manage our IT and back-office systems. Some of these providers use “cloud-based” IT applications or systems, meaning that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data. We also use other services from service providers, such as website hosting, data analysis, payment processing, document and records management, order fulfillment, credit reference, delivery services, and similar third-party vendors and outsourced service providers who assist us in carrying out business activities.
  • Lawyers: We frequently use lawyers to advise on complex or contentious claims or to provide us with non-claims-related legal advice.
  • Third-Party Administrators (or TPAs): These are companies outside the payg.insure Group that administer the underwriting of policies or the handling of claims (or both) on our behalf. We require all TPAs to handle your personal data lawfully and in accordance with this policy and our instructions.

7. Direct marketing

We may use your personal data to send you direct marketing communications about our insurance products or related services. This may be in the form of email, post, SMS, telephone, or targeted online advertisements.

In most cases, our processing of your personal data for marketing purposes is based on our legitimate interests in providing you with information that might help you manage your insured risks, renew insurance, or consider other products, services, and offers that may be of interest to you. In some cases, this may be based on your consent (where required by law). You have the right to opt out of direct marketing at any time by following the opt-out links in electronic communications or by contacting us using the details set out in Section 14.

We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications that we believe may be of interest or relevance to you, based on the information we have about you and the consent you have provided.

8. Cross-border transfers

From time to time, we may need to share your personal data with member companies of the payg.insure Group, which may be based outside Vietnam. We may also allow our Reinsurers, Third Parties, or Service Providers located outside Vietnam to access your personal data. We may also make other disclosures of your personal data overseas, for example, if we receive a legal or regulatory request from a foreign law enforcement body.

We always take steps to ensure that any cross-border transfer of information is carefully managed to protect your rights and interests:

  • We will only transfer your personal data to countries recognized as providing adequate legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
  • Transfers within the payg.insure Group of companies will be covered by standards designed to ensure that your personal data receives adequate and consistent protection wherever it is transferred within the payg.insure Group.
  • Transfers to reinsurers, service providers, and other third parties will be protected by contractual commitments and, where appropriate, additional assurances such as certification schemes.

Any requests for information from law enforcement or regulators will be carefully checked before personal data is disclosed.

9. How long do we reep your personal data?

We will retain your personal data for as long as reasonably necessary for the purposes listed in Section 4 of this Policy. In some circumstances, we may retain your personal data for longer periods, for example, when required or permitted in accordance with legal, regulatory, tax, or accounting requirements.

For example, if you hold an insurance policy, your personal data will typically be retained for 10 years after the cancellation or termination of the policy unless an exception applies.

In specific circumstances, we may also retain your personal data for longer periods to keep an accurate record of your dealings with us in the event of any complaints or disputes, or if we reasonably believe there is a prospect of litigation regarding your personal data or transactions.

When your personal data is no longer required, we will ensure it is securely deleted or stored in a way that means it will no longer be used by the business.

10. Important notice

If you: (i) do not or decline to provide certain personal data necessary to comply with a law or contract, or where it is necessary to provide the personal data to enter into a contract; (ii) do not or decline to consent to our collection, use, or disclosure of certain personal data; or (iii) exercise your rights to withdraw consent for our collection, use, disclosure, transfer, or processing of certain personal data that is necessary for us to build a relationship with you or provide our products and/or services to you, we may be unable to provide the requested products or services, enter into a contract with you, or perform our obligations arising from a contract entered with you, nor maintain contact with you.

In such circumstances, you will be informed about the consequences of your refusal to provide us with personal data or grant us consent or your withdrawal of consent, as the case may be.

11. Security

We seek to use reasonable organizational, technical, and administrative security measures to protect personal data from unauthorized or accidental access, processing, erasure, loss, or use within our organization, which complies with the Law on Cybersecurity and other applicable data protection legislation. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately as outlined in Section 14 below.

12. Your rights regarding your personal data

You have several rights in relation to your personal data. These include the right to be informed, to consent or refuse consent to data processing, to access your data, to withdraw your consent, to delete your data, to restrict data processing, to request the provision of data, to object to data processing, to file complaints, to initiate lawsuits, to claim damages, to self-defend in relation to the processing of your personal data, and the right to notify the Ministry of Public Security of any violations relating to your data protection. More information about each of these rights can be found below.

To exercise your rights, you may contact us as outlined in Section 14. Please note the following if you wish to exercise these rights:

Explanation of Rights

  • Right to Be Informed 

We shall inform you before we process your personal data, unless otherwise provided by law.

  • Right to Consent 

You can choose to consent or not to our processing of your personal data. However, we may process your data under certain conditions required by law:

  • In emergencies when personal data must be processed immediately to protect the life and health of yourself or others;
  • When the disclosure of personal data is required by law;
  • When personal data is processed by a competent state authority concerning national defense, natural disasters, epidemics, terrorism, or other legally required circumstances;
  • For the performance of your contractual obligations with payg.insure and relevant agencies, organizations, and/or individuals under law;
  • For operations of state agencies as prescribed by specialized laws.
  • Right to Access 

You have the right to access, view, and correct inaccurate personal data yourself or ask us to correct inaccurate data. We may verify the data’s accuracy before making corrections.

  • Right to Withdraw Consent 

You can withdraw your consent at any time. The withdrawal of consent will not affect the legality of any processing based on consent before your withdrawal.

If you choose to withdraw your consent, it may impact our ability to provide services and have other consequences, which we will explain should you choose to proceed.

We respect your right to withdraw consent. However, your request may not be resolved where not permitted by law.

  • Right to Data Deletion 

You may delete your personal data yourself or request us to delete it. We respect your right to consent withdrawal; however, your request may not be granted if not allowed by law.

  • Right to Restrict Data Processing 

You may request that we restrict the processing of your data, but only under specific circumstances, including:

  • Its accuracy is contested, allowing us to verify its accuracy;
  • The processing is unlawful, but you do not wish it to be erased;
  • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or
  • You have exercised the right to object, and verification of overriding grounds is pending.

We may continue to use your data after a restriction request if:

  • We have your consent;
  • To establish, exercise, or defend legal claims; or
  • Permitted by law.
  • Right to Data Provision 

You can request that we confirm whether we are processing your personal data and provide you with a copy of that data.

We may not comply with requests if legally permitted or if provision may harm the safety, physical, or mental health of others.

  • Right to Data Deletion 

You may request that we delete your data if:

  • It is no longer needed for its original purpose;
  • You have withdrawn consent (if processing was based on consent);
  • Following a successful objection to data processing;
  • It was processed unlawfully; or
  • Other cases prescribed by law.

We are not required to comply with your request to erase your data in cases where:

  • Prohibited by law;
  • Needed to comply with a legal obligation or request from an authorized government authority;
  • Already disclosed as prescribed by law;
  • In a national defense, security, public safety, or disaster emergency, or during large-scale threats to national security that do not reach the level of an emergency; or
  • Required to respond to urgent threats to life, health, or safety.
  • Right to Object to Data Processing 

You may object to any processing based on legitimate interests if you believe your fundamental rights and freedoms outweigh our interests.

Once you object, we may demonstrate compelling legitimate grounds that override your rights and freedoms.

You may object to any direct marketing-related data processing, including receiving marketing communications.

  • Right to Lodge Complaints, File Lawsuits, and/or Seek Damages 

You may lodge complaints, file lawsuits, or seek damages in cases of violation of your personal data under the law.

  • Right to Self-Defense 

You may defend yourself in law or request protection measures from competent state agencies or organizations regarding your civil rights.

  • Department of Cybersecurity and High-tech Crime Prevention 

You may lodge a complaint with this department regarding our processing of your personal data. We encourage you to first attempt to resolve any concerns with us, although you have the right to contact the department at any time.

13. Changes to the policy

We may modify or update this policy at any time to address future developments at payg.insure or changes in industry or legal trends.

We will post any changes on the homepage of our website or app. You can determine when the policy was last revised by referring to the “Updated” legend at the end of this policy. Where changes to the policy will have a fundamental impact on the nature of our collection, use, or disclosure of your personal data or otherwise have a substantial impact on you, we will give you sufficient advance notice so you can exercise your rights in relation to your data.

We ensure the latest version of the policy will always be available on this website. Therefore, we recommend periodically visiting our website to stay informed of any updates.

14. Contact and complaints

The primary point of contact for all issues arising from this policy, including requests to exercise data subject rights, is our Data Protection Officer.

You can contact the Data Protection Officer as follows:

Email: 

info@payg.insure

Mailing Address: 

Data Protection Officer, 

Payg.insure COMPANY LIMITED, 

THE NEXX Business Center, Room 100, No. 32 Pham Ngoc Thach, Vo Thi Sau ward, District 3, Ho Chi Minh City, Vietnam.

Phone Number: +84 82 3364991 

Web Form: 

If you have a complaint or concern regarding our use of your personal data, please contact us in the first instance, and we will attempt to resolve the issue as soon as possible. You also have the right to lodge a complaint with the Ministry of Public Security at any time.

Updated: 01.11.2024