Universal Insurance Broker Company Limited (hereinafter referred to as “UIB”, “we”, “us”, or “our”), as a part of a global leading insurance organization, are committed to protecting the privacy of the individuals we encounter in conducting our insurance brokerage business. Our aim is responsible handling of Personal Data (as defined below), balancing the benefits of activities like research and data analytics, and marketing with our other commitments, including transparency and non-discrimination. This privacy policy (“Privacy Policy”) describes how we collect, use, and/or disclose Personal Data of our prospective customers, consumer policy holders, contact persons / authorized persons of commercial policy holders, insured persons benefiting under another policyholder's policy or members of the group insurance, claimants, counter parties of the insured, witnesses, individual brokers or agents, or appointer representatives, and other third parties involved in our business dealing with you (hereinafter “you”, “your”, or “yours”), including your beneficiary or dependent, in the course of provision of products or services to you and your use of our websites and/or mobile applications. Please read this Privacy Policy carefully to understand why and how we collect, use and/or disclose your Personal Data. This Privacy Policy applies to the Personal Data that we (and/or the third party who may be acting on our behalf) collect from both offline and online channels (“Channels”), for instance:

• from your application and claim forms, telephone calls, e-mails and other communications with us;
• through our website (“Sites”), the software applications made available by us for use on or through computers and mobile devices (“Apps”), our social media pages or any social media accounts (our “Social Media Pages”) (collectively, including the Site, the Apps and our Social Media Pages, referred to as the “Online Services”); and
• from other sources or through the companies in AIG Group (as defined in “Sharing of Personal Information”), our authorized brokers or agents, business partners or other third parties, governmental agencies, claim investigators, medical professionals, witnesses, other third parties involved in our business dealing with you, or any other publicly available sources.
• from other sources or through the companies in AIG Group (as defined in Sharing of Personal Information), our authorized brokers or agents, business partners or other third parties, governmental agencies, claim investigators, medical professionals, witnesses, other third parties involved in our business dealing with you, or any other publicly available sources.

We reserve the right to make changes to this Privacy Policy at any time to take account of changes in our business and legal requirements. We will place updates on our Sites. Please review this Privacy Policy regularly for any updates. Any change will be effective immediately upon being posted on our Sites. We will notify you or obtain your consent again if there are significant updates to this Privacy Policy, or if we are required to do so by law.

Who To Contact About Your Personal Information

Where you wish to exercise your rights as set out above, or if you have any queries, comments and/or questions about your Personal Data under this Privacy Policy, you can reach us or our Data Protection Officer (DPO) at:

1) Universal Insurance Broker Company Limited

• Address: 23rd Floor, Siam Piwat Tower, 989 Rama 1 Road, Patumwan, Bangkok 10330 Thailand
    Contact Details:
    o Phone number: 02-649-1999
    o from 9.00am – 5.00pm, Mondays to Fridays, excluding public holidays.
    o Email address: THDPO@aig.com

2) Data Protection Officer (DPO)

• Address: 23rd Floor, Siam Piwat Tower, 989 Rama 1 Road, Patumwan, Bangkok 10330 Thailand
    Contact Details:
    o Phone number: 02-649-1999
    o from 9.00am – 5.00pm, Mondays to Fridays, excluding public holidays.
    o Email address: THDPO@aig.com

Personal Information That We Collect

“Personal Data” means any identified or identifiable information about you and relate to you or other individuals (such as your beneficiary or dependent) as listed below. Any reference to Personal Data in the text of this Privacy Policy also includes Sensitive Data, unless stated otherwise. If you do not provide your Personal Data when requested, we may not be able to provide (or continue to provide) our products and services to you. Depending on your relationship with us, Personal Data collected about you and your dependents may include, but not limited to the following: We offer both commercial line insurance products and consumer line insurance products to customers. For providing you with insurance products and services, we may collect the following Personal Data about you according to your request, relationship and / or interactions with us:

a) General identification: such as your title, name, surname, gender, marital status, family status, date of birth, age, photograph, still or moving images created in connection with insurance or other business activities, physical attributes, occupation, position, your status as director or partner, or other ownership or management interest in an organization, company's name, copies of and/or information on government-issued documents (e.g., national identification card, passport, household registration, driving license, vehicle registration, vehicle license plate, vehicle plate details, tax identification, and business registration ID) employer's certificate, salary and income, educational background, signature, CCTV records, voice records and / or telephone call records between you and our representative and call center, and other identifiers;

b) Contact information: such as your address, personal address, company's address, layout of address, telephone number, mobile phone number, business telephone number, fax number, email address, and social networking profile details;

c) Financial information and account details: such as credit / debit card number, credit card type, credit / debit card or bank information, bank account number and account details, both local and overseas, payment details and records, credit card transactions, credit card spending history, asset, and financial status; and

d) Sensitive Data: such as your religion (contained in national identification card), ethnicity, health data (e.g., current and former physical or mental or medical condition, health status, and medical record/ history, and alcohol blood testing result), disability (e.g., injury), and criminal records (contained in police report). We will only collect, use, and/or disclose Sensitive Data, if we have received your explicit consent or as permitted by law.

e) Information which enables us to provide services to you: such as details of insurance policy including insurance policy number and insurance premium, details of claim and claim history, details of goods or services purchased, travel details / plan, title deed of the insured property, location and identification of the insured property (e.g., property address, vehicle license plate, chassis number, or identification number), coverage of peril details, date and cause of death, injury or disability, prior accident or loss history, other insurance you hold, relationship to the policy holder, insured or claimant, circumstantial evidence which could contain Personal Data, and other information as specifically required by each type of insurance product;

f) Behavior information: such as your marketing preferences, feedback, interest in participating in a contest or prize draw or other sales promotions, or response to a voluntary customer satisfaction survey;

g) Social media account and information from Online Services: such as your social media account ID and profile picture, including other information that is part of your profile relating to those accounts or of your friends' profiles; and

h) Technical information: such as your display name, password on our system, browser and electronic device information, app usage data, information collected through cookies, pixel tags, and other technologies, demographic information and other information provided by you, aggregated information, and any other technical information from the use our Sites or systems. For example:

• Through your internet browser or electronic device: Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e., your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit, page(s) visited and the name and version of the Online Services you are using. We use this information to ensure that our Online Services function properly.
• Through your use of the App: When you download and use the App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number.
• Cookies: When you visit our Online Services, cookies are used to collect technical information about the services that you use, and how you use them. For more information, please see Sharing of Personal Information of this Privacy Policy.

When we process anonymized data or in aggregated form which can no longer identify you, this Privacy Policy would not be applicable.

Personal Information of Other Individuals

We may also collect the Personal Data as specified in the Personal Information That We Collect of other persons (e.g., your dependents including spouse, children, and beneficiary, counter party, third-party claimant, and friends (in case we collect your friends' profiles in your social media accounts) in the course of the provision of our product or performance of our service. If you provide Personal Data of others to us, you represent and warrant that you have the authority to do so by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents where applicable or necessary to permit us to use such Personal Data in accordance to this Privacy Policy.

How do we use Personal Information?

We may collect, use or disclose your Personal Data for the following purposes:

• The purposes of which your consent would be required:
We rely on your consent for the collection, use, and/or disclosure of your Personal Data by us, the companies in AIG Group and business partners for the purposes set out below.
    o For the purpose of authentication and verification of a person: Sensitive Data – religion (contained in national identification card); and ethnicity;
    o For the purpose of complying with foreign governments' laws, regulations, and request: any Sensitive Data under our possession;
    o For the purpose of marketing and communications: Personal Data to provide you with marketing communications, tele-marketing, re-marketing, advertisement, privileges, sales, special offers, notice, newsletter, updates, announcements, promotions, campaigns, news and information, relating to the products or services from us, the companies in AIG Group and business partners which we cannot rely on other legal bases; and
    o For the purposes for disclosing/sharing your personal data to certain third parties as described under “Sharing of Personal Information” of this Privacy Policy where your consent is required.
Please note that, for the collection, use, and/or disclosure of your Sensitive Data as necessary for delivering to an insurance company for the purpose of insurance policy underwriting consideration; for insurance premium calculation; for engaging in reinsurance relationship with third parties; for the purpose of the claim process and other relevant procedures, we, subject to the applicable laws, rules, regulations and guidelines in relation to insurance, can rely on the necessity to comply with a legal obligation to achieve the purpose relating to substantial public interest as a legal basis so that your consent might not be required. However, if your consent is required under the applicable laws, we will ensure that such requirement is satisfied. Where the legal basis for collection, use and/or disclosure of your personal data is consent, you have the right to withdraw consent at any time in accordance with the applicable laws. This can be done so, by contacting us as per the contact information stated in Who To Contact About Your Personal Information. The withdrawal of consent will not affect the lawfulness of the collection, use and / or disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn. If you do not provide your consent, your personal data to us or later withdraw your consent, we may not be able to provide our products or services to you.
• The purposes for which we may rely on other legal bases and for which your consent is not required for processing of your Personal Data:
Apart from the purposes which your consent may be required under The purposes of which your consent would be required:, , we (and third party who may be acting on our behalf) may rely on the following legal bases for the collection, use, and/or disclosure of your Personal Data without your consent in accordance with applicable law for purposes listed below in this The purposes for which we may rely on other legal bases and for which your consent is not required for processing of your Personal Data: (1) contractual basis, for our initiation or fulfilment of a contractual performance with you or requested by you prior to engage into a contractual performance with us; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, preventing or suppressing a danger to a person’s life, body or health; (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the State’s power by us as authorized by the State; (6) the reason for an establishment and defenses of legal claims in the future; and (7) for necessity to comply with legal obligation to achieve the purpose relating to substantial public interest; (8) for necessity to comply with legal obligation to achieve the purpose relating to public interest in public health. The purposes for which we rely on the other legal bases as described above in order to collect, use and/ or disclose your Personal Data without obtaining consent as provided under law are as follows:
    o Providing insurance products or services, and other related products or services to you: such as, to provide a quotation and price comparison of relevant insurance products/services; to deliver your request of insurance products/services to insurance company for approval and underwriting purposes; to facilitate the insurance company with the underwriting process or claim process; to process and consider your claim request on behalf of you as allowed under applicable law; to deliver or receive contractual documents to or from you; to issue invoice; to send annual insurance renewal quotes; and/or to deal with any requests or inquiries you may have;
    o Managing our relationship with you: such as, to contact and communicate with you as requested by you or in relation to the products and services you obtain from us or as part of our business; to send you important information regarding changes to our policies, other terms and conditions, our Online Services, renewal of policies and other administrative information; to handle any queries or complaint from you; to detect our own errors; to deal with technical issues; and to provide you with update on recent development;
    o Conducting and improving our general business operations, product and/or services: such as, to manage our infrastructure and business operations; to comply with our internal policies and procedures, relating to auditing, finance and accounting, billing and collections, business continuity, reporting and general servicing and maintenance of online and other services; to keep records and document; to manage internal flow of information; to perform our functions related to our businesses; to engage in reinsurance relationship with third parties; to develop products and/or service; to analyze competition in the market; to carry out surveys, data analytics, and market research, including analysis of customer base and other individuals whom we collect their Personal Data; to record your stills and moving footage, images, and/or voice for creation of public relations and marketing materials, such as for post on social medial or for live video; to conduct internal analysis for improvement; to assess and manage risks; to calculate commissions and service fees to our authorized brokers, agents, and business partners; to settle debts with foreign insurer or reinsurer; and to distribute information to our business partners, including related industry associations; and to manage our IT operations. For example, to manage our internal and external IT operations and communication system, including IT security, IT security audit, and IT recordkeeping; and to set system access authority;
    o Providing marketing communications: such as, to provide you with marketing communications, tele-marketing, re-marketing, advertisement, privileges, sales, special offers, notice, newsletter, updates, announcements, promotions, campaigns, news and information, relating to the products or services from us, the companies in AIG Group and business partners in accordance with preferences you have expressed directly or indirectly; to personalize, profile and analyze your personal data; to target and retarget potential customers; to manage campaigns and analysis; and to personalize your experience when using our Online Services or visiting third-party websites by presenting information and advertisements tailored to you, relating to the products or services offered by us, the companies in AIG Group and business partners in accordance with preferences you have expressed directly or indirectly. For example, to communicate with you, as our existing customer, about the products or services you obtain from us, similar products or services, or any other products or services belonging to us, the companies in the AIG Group, or our business partners, which may be beneficial to you or would assist you in obtaining our services, provided that you have never objected to receiving such communications;
    o Participating in contests, prize draws and similar promotion: : such as, to allow you to participate in and administer these activities;
    o Compliance with legal obligations: such as, to collect, use, and/or disclose your Personal Data in compliance with our legal obligations, rights or duties and/or legal proceeding under the applicable laws (e.g. those in relation to insurance, including the collection, use, and/or disclosure of your Personal Data to the Office of Insurance Commission (“OIC”) for the purposes of regulating and promoting the undertaking of insurance business in accordance with the laws on insurance commission and on insurance as described in the OIC privacy policy, which is available at OIC's website (http://www.oic.or.th); those in relation to anti-money laundering, and sanction screening; those in relation to safety and environment in the workplace), including laws outside your country of residence; to respond to investigation requests from public and governmental authorities and to support regulatory investigations;
    o Protection of our interests: such as, to establish, protect or defend our legal rights; to protect our and our AIG Group's operations, privacy, safety or property, and/or that of the companies in our AIG Group, you or others; to allow us to pursue available remedies or limit our damages; and to assess and ensure compliance with applicable laws, rule, regulations, and internal policies and procedures; to assist in the investigation or proceedings concerning a whistleblowing complaint; to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;
    o Fraud and crime detection: such as, to authenticate and verify your identity; to check the information provided; to carry out due diligence or other screening activities to comply with our legal or regulatory obligations or risk management procedures required by law or put in place by us; to detect, prevent and investigate fraud in relation to the claims for various products;
    o Transfer in the event of merger: such as, in sale, transfer, merger, reorganization or similar event we may transfer your Personal Data to one or more third parties, including the companies in AIG Group as part of that transaction;
    o Life and public health and safety: such as, to prevent or suppress a danger to a person’s life, body, or health or for the purposes of public health and safety such as protecting against cross-border dangerous contagious disease or epidemics which may be contagious or pestilent, or ensuring standards or quality of medicines, medicinal products or medical devices, on the basis that there is a provision of suitable and specific measures to safeguard the rights and freedom of the data subject, in particular maintaining the confidentiality of Personal Data in accordance with the duties or professional ethics; and
    o Any other purposes that allow us to collect, use and disclose Personal Data under the applicable law. The table below describes the legal bases, except where we rely on consent, we may rely on for collecting, using and/or disclosing your Personal Data for the purposes stated above:

Sharing of Personal Information

UIB is responsible for the management and security of used Personal Data. We may share your Personal Data within our internal business units for our business purposes. We are committed to protect your privacy by restricting the access to your Personal Data on a need-to-know basis. Additionally, as a part of the AIG Group global network, we may disclose and/or transfer your Personal Data within the AIG Group systems in country and abroad including our affiliates, and subsidiaries or companies in AIG Group, which also include AIG Insurance (Thailand) Public Co., Ltd. who is in Thailand (“the companies in AIG Group”) for the purposes set forth in this Privacy Policy. Where your consent is required, the companies in AIG Group will rely on the consent obtained by us to disclose/share your Personal Data. (Please see The purposes of which your consent would be required of this Privacy Policy. We may also make your Personal Data available to the following third parties, located both in Thailand and outside of Thailand, who collect, use and/or disclose Personal Data for the purposes set forth under this Privacy Policy. For more information, you can visit their privacy policies to learn more about how they collect, use and/or disclose your Personal Data

• Our Business Partners, and Other Insurance and Distribution Parties
In the course of marketing and providing insurance and processing claims, we may make Personal Data available to our business partners and third parties, including, but not limited to other insurers; reinsurers; local and overseas insurance and reinsurance brokers, other intermediaries and agents; appointed representatives; airlines and online ticket selling partners; affinity marketing partners; retail business partners; banks and financial institutions, securities firms; and other distributors and business partners.
• Our Service Providers
We may share your Personal Data with external third-party service providers to enable or assist us in providing services to you or conducting our general business operations. These third-party service providers include, but not limit to: (1) call center service provider; (2) IT systems, support and hosting service providers; (3) payment service providers/ credit card companies; (4) banks and financial institutions who administer our accounts; (5) emergency assistance service provider; (6) document and records management providers; (7) AIG shared service providers; (8) car inspection companies and/or garages; (9) claim investigators, loss surveyors and adjusters; (10) third party administrators; (11) data management service providers; (12) data storage and cloud service providers; (13) production supporters; (14) advertising, marketing and market research and analysis service providers; and (15) similar third-party vendors and other outsourced service providers that assist us in carrying out business activities. In the course of providing such services, we will only allow external third-party service providers to access your Personal Data only to the extent necessary for them to perform the services, and we ask them not to use your Personal Data for any other purposes.
• Professional Advisors
We may engage professional advisors who may have access to your Personal Data, including medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors.
• Governmental Authorities and Third Parties involved in Court Action
We may also disclose your Personal Data with governmental, regulatory or other public authorities in Thailand and overseas as applicable (including, but not limited to the Office of Insurance Commission, Revenue Department, Bangkok, Provincial, Sub-district Administration Organization, National Police Bureau, criminal investigations agencies and/or any other law enforcement authorities, and courts); and third-party participants in legal procedures or other third party as we believe to be necessary or appropriate to comply with our legal obligations, defend legal rights or positions of us and the companies in AIG Group, or otherwise the rights of any third party or individuals’ personal safety, and allow us to pursue available remedies or limit our damages.
• Assignee of Rights and/or Obligations
In a normal course of business, we may disclose your Personal Data to third parties, including the companies in AIG Group as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction. We take reasonable steps to ensure that such third party will comply with this Privacy Policy to respect your Personal Data.
• Other Third Parties
We may share your Personal Data with beneficiaries; corporate insureds; emergency providers (such as fire, police and medical emergency services); CCTV Centers; hospitals; hotels; garage; Associations (such as Thai General Insurance Associations); rescue organizations; other people involved in an incident that is the subject of a claim; other third parties to deal with claims or for the protection of your own interest in case of emergency; and your friends associated with your social media accounts, other website users and your social media account providers, in connection with your social sharing activities.

Personal Data may also be shared by you, on message boards, chat, profile pages and blogs, and other services on our Channels to which you are able to post information and materials (including, without limitation, our Online Services). Please note that any information you post or disclose through these services will become public information, and may be available to visitors and users of the Sites and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information, on any Channels.

International Transfer of Personal Information

Due to the global nature of our business, we may transfer your Personal data to third parties, such as the companies in AIG Group; service providers; business partners; and governmental or public authorities, located in other countries (including, but not limited to the United States, China, Hong Kong, Malaysia, Philippine, Indonesia and Singapore) in order to carry out the purposes specified above. Where there is such a transfer, it will be done based on your consent or other bases in compliance with the applicable laws. Please be mindful that other countries may have a different data protection regime than is found in Thailand and that the data protection standard of the destination country may not be equivalent to the level afforded in Thailand. Where the data protection standard of the destination country is considered as inadequate by supervisory authority in Thailand, we will take reasonable steps to put in place appropriate safeguards to ensure that the Personal Data is adequately protected.

Use of Site by Minor, Incompetent Person, and Quasi- Incompetent Person

As required by law in certain cases, we cannot collect, use, and/or disclose the Personal Data of minors, quasi-incompetent persons, and incompetent persons in absence of their parental or legal guardian consents. If you are under the age of 20, quasi-incompetent persons, or incompetent persons, please ensure that consent from your legal guardians are obtained when it is required by law (e.g. when you are below the age of 10 or when you, the minor, conduct an act beyond minor's capacity specified under applicable laws). Where we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete, destroy or de-identify it , as the case may be, or process only if we can rely on other legal bases apart from consent.

Retention of Personal Information

We will retain Personal Data for the period necessary to allow us to fulfil, satisfy or achieve the purposes outlined in this Privacy Policy, except where a longer retention period is required or permitted by law. After the expiration of the retention period, your Personal Data will be deleted or destroyed or de-identified, as the case may be. Where legal action or proceedings is initiated, we may retain until such action or proceedings are disposed of in accordance with the laws.

Security

We understand the importance of your Personal Data security. We have taken appropriate security measures, which include administrative, technical, physical, legal and organizational safeguards in relation to access control, including appropriate review of such measures, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure of your Personal Data in accordance with our policies and guidelines. This is to ensure security of your Personal Data against confidentiality, integrity and availability breaches. In particular, we have implemented access control measures which restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user access management to limit access to Personal Data to only authorized person, and implement user responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data. This also includes methods that enabling the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of the collection, use, and/or disclosure of Personal Data.

CCTV

We use CCTV devices to monitor our designated space within and around our buildings and facilities to protect the life, health, and property of persons on our premises and for other purposes set forth in this Privacy Policy. We will install CCTV devices in plain sight. We will not install the CCTV devices in changing rooms, toilets, or shower rooms. Our CCTV devices are in operation 24 hours a day and 365 or 366 days a year. We will place signage at the entrance and exit points, and the monitored areas to alert you that CCTV is in use.

Marketing Preferences

We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you. You can also contact us by e-mail at Thailand.cc@aig.co.th or by writing to: 23rd Floor, Siam Piwat Tower, 989 Rama 1 Road, Patumwan, Bangkok 10330 Thailand to tell us your marketing preferences and to opt-out. If you no longer want to receive marketing-related e-mails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by clicking on the link to “unsubscribe” provided in each e-mail or by contacting us at the above addresses.

Additional alternatives:

• Receiving mobile messages (for example SMS text messages) / telephone communications / postal mail from us: If you no longer want to receive mobile messages / telephone communications / postal mail from us on a going-forward basis, you may opt-out of receiving these marketing-related communications by contacting us at the above addresses.
• Our sharing of your Personal Data with our AIG Group companies for their marketing purposes: If you would prefer that we do not share your Personal Data on a going-forward basis with our AIG Group companies for their own marketing purposes, you may opt-out of this sharing by contacting us at the above addresses.
• Our sharing of your Personal Data with selected third-party partners for their marketing purposes: If you would prefer that we do not share your Personal Data on a going-forward basis with our third-party partners for their own marketing purposes, you may opt-out of this sharing by contacting us at the above addresses.

We will comply with your opt-out request(s) upon receiving your opt-out request in due course. Please note that if you opt-out as described above, we will not be able to remove your Personal Data from the databases of third parties with whom we have already shared your Personal Data (i.e., to those to whom we have already provided your Personal Data as of the date on which we respond to your opt-out request). Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important administrative communications from which you cannot opt-out.

What cookies are used on our website?

Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to recognize your computer and to collect information such as internet browser type, time spent using the Online Services, pages visited, language preferences and relevant country website. We may use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using the Online Services, or to gather statistical information about the usage of the Online Services. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites. Below is a description of all the cookies we use on our websites, what they do, what data about you they collect and what we use them for:

• Geo Location cookie – When a visitor visits one of our sites for the first time we read their location from their IP address and use this information to assume the country site that they want to visit. This method is not entirely accurate, however, so when they navigate to a particular country site we use a cookie to store this information and to store the language that they chose to view the site. The next time they visit the site we read the cookie and present the same country and language version they used on their last visit. This has the intended benefit that they don’t need to reselect the country site they need each time they visit our websites. No Personal Data is collected or used by the cookie.
• Site Catalyst cookie (by Adobe) – This cookie enables us to collect and analyze data about how visitors arrive at our site and then how they interact with our site, including products they may search, content they may view, and the steps leading up to a completed or abandoned sale. We use this aggregated information to adapt our sites to better serve their and other users’ needs and interests, and to provide more relevant and useful information. The cookie is placed on a visitor’s PC on a temporary basis only. The cookie does not collect or use their Personal Data. Instead, it logs an anonymous code which identifies users and this code “follows” the user in their journey through the site. We use the aggregated and anonymous information for statistical analysis.
• DoubleClick cookies- We place a tracking pixel cookie on to all site visitors’ computers, for the purpose of our banner advertising activity. We use these cookies to know that a visitor has been on our site before which allows us to display an appropriate banner ad on to an affiliated network website. No Personal Data is collected. One of the advertisement companies that we use is Google, Inc, trading as DoubleClick. For more information on the DoubleClick cookie, or to opt out from the DoubleClick advertisement cookie please visit: http://www.google.com/privacy/ads/
• Affiliate cookie – We use a tracking pixel cookie, which is put on a visitor’s PC and collects only the transaction ID (which identifies any affiliated website the visitor has come from) and a time and date stamp. This enables our affiliate network partners to track affiliated sales and ensure an affiliate is credited for a sale referred to us. It does not involve any passing of Personal Data.
• Optimost cookie – Optimost is a service provided by Hewlett-Packard to analyse customer behavior when visiting our site. This service allows us to test variations of our website pages or elements within the pages. The tests will usually result in improvements to the website and the user experience. The cookie has an anonymous “visitor ID” which is a random number generated to identify a visitor, to distinguish between unique and/or repeat visitors. These cookies do not collect Personal Data. To view the Optimost privacy policy, please visit: https://asp.optimost.com/avatar/privacy-policy
• Oracle Cookie - We use the services of www.oracle.com to serve a persistent cookie on visitors’ browsers when they first visit our web pages, unless there is already an Oracle cookie on their browser because they have visited a non-our site which is also using Oracle’s services. However, visitors’ browsing activity on our web pages will not be combined with visitors’ browsing behavior on other websites using Oracle’s services. We use visitors’ browsing activity on our web pages to understand which pages and content our visitors use or do not use so that we can monitor our site content to best meet our visitors' needs. For further information please read the Oracle privacy policy. You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Sites and some online products.
• Using pixel tags, web beacons, clear GIFs or other similar technologies: These may be used in connection with some of the Online Services pages and HTML-formatted e-mail messages to, among other things, track the actions of the Online Services users and e-mail recipients, measure the success of our marketing campaigns and compile statistics about Site usage and response rates.
• Physical Location: Subject to applicable laws, we may collect the physical location of your electronic device by, for example, using satellite, mobile/cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. Subject to your marketing preferences as indicated to us or applicable laws, we may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.
• From you: Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Data, this information does not personally identify you.
• By aggregating information: We may aggregate and use certain information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code).

Third Party Websites

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which Online Services link. The inclusion of a link on Online Services does not imply endorsement of the linked site or service by us or by companies in AIG Group. Please note that we are not responsible for the collection, usage and/or disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Data you disclose to other organizations through or in connection with the Online Services.

What are your Personal Information rights?

Under some circumstances, we may require you to prove your identity before complying with data subject exercise of rights, for your own privacy and security. If you wish to exercise these rights, please contact us using the details under 'Our Contact Details'. Subject to applicable laws and exceptions thereof, you may have the following rights to:

a) Access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.

b) Rectification: You may have the right to have the incomplete, inaccurate, misleading, or or not up-to-date Personal Data that we collect, use and disclose about you rectified.

c) Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are processing such data on the basis of your consent or to perform a contract with you.

d) Objection: You may have the right to object to certain collection, use and disclosure of your Personal Data, such as objecting to direct marketing.

e) Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.

f) Withdraw Consent: For the purposes you have consented to our collecting, using and disclosing of your Personal Data, you have the right to withdraw your consent at any time to the extent permitted under the applicable laws.

g) Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use and disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

h) Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use and disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order. If we decline your request under this section, we will notify you of our reason.

Changes to This Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time to take account of changes in our business and legal requirements. We will place updates on our Sites. Please review this Privacy Policy regularly for any updates. Any change will be effective immediately upon being posted on our Sites. We will notify you or obtain your consent again if there are significant updates to this Privacy Policy, or if we are required to do so by law.

LAST UPDATED: 1 October 2022