Privacy Policy

---

PERSONAL INFORMATION COLLECTION

What We Collect

The personal information we collect from you depends on your relationship with us at the time of collection. The types of data we collect may be in many forms such as texts, document files, images, and videos.

The relation between the source of personal information and the personal data we collect can be described as below:

How We Collect Your Data

Your personal information will be collected and stored, directly or indirectly, when: (a) you enter our Website; (b) you disclose to us; (c) any persons related to you or appointed by you (including but not limited to your spouse or family member, a person whose name is under the same policy as yours, and any other persons under the purpose of validation of application, claim, and compensation) discloses to us, and (d) relevant third parties (including but not limited to our partners, insurers, financial institutions, regulatory bodies e.g. Office of Insurance Commission (OIC), Revenue Department (RD), Anti-Money Laundering Office (AMLO), and other reliable sources e.g. Thai General Insurance Association (TGIA)) discloses to us. In the case of (c), when the information concerning about other persons (“data subject”) than the discloser is given to us, it is the sole responsibility of the discloser to ask for a consent from and notify the data subject of the disclosure of his/her personal information and the terms and conditions of this Privacy Policy.

Why We Collect Data, How We Use It, and How We Keep It Secure

As Customer and relevant persons, we need to collect, use, disclose your personal data under the following purposes:

1. To provide you with our services and products which shall include performing our relevant contractual (Contractual basis) as follows:
   • a.) To contact regarding insurance service/product.
   • b.) To perform right or obligations under insurance contract, such as underwriting, claim, etc.
   • c.) To provide risk survey, claim assessment, loss adjuster, compensation and any services relating to claim.
   • d.) To perform legal procedure, in case of liability to third-party or subrogation.
2. To comply with applicable laws and relevant regulations (Legal Obligation) which are complying with order of competent authorities i.e. Office of Insurance Commission and/or Non-Life Insurance Law and relevant regulations, Revenue Department, Tax Law, the order of Anti-Money Laundering Office, Anti-Money Laundering Law and Counter-Terrorism and Proliferation of Weapon of Mass Destruction, Financing Law, Computer Law, Bankruptcy Law, and other laws and regulations governing Company’s business, including the court’s order.
3. To undertake necessary actions for the Company legitimate interest or other individuals or legal entities, provided that such actions align with your reasonable expectations and do not infringe upon your fundamental rights and freedoms (Legitimate Interest).
   • a.) To consider and recommend appropriate product/service to Prospective Customers.
   • b.) To consider on underwriting when you submitted insurance application form and relevant documents, including quotation and/or proposal.
   • c.) To maintain relationship with you, e.g. contact, complaint handling, satisfactory survey, etc.
   • d.) To provide renewal notice and/or offer products/services or promotion related to your existing products for your benefits.
   • e.) To provide sale promotion, privilege, advertisement and/or cross selling and/or upselling (which complying with laws) and/or do survey to develop our products/service (Marketing purposes).
   • f.) To make co-insurance contract or reinsurance contract.
   • g.) To take the survey, compile data for statistical analytics/research to enhance products and services, premium calculation matching with risk, fraudulent investigation.
   • h.) To fulfil audit requirements and compliance supervision.
   • i.) To share the data within our group companies, agents, contractors, reinsurers or third-party service providers who provides administrative, telecommunications, payment, data processing or other services relating to our business operation.
   • j.) To prevent, respond, and minimise potential risks arising from corruption, cyber threat or any law violation.
   • k.) To record contact, voice or image during meetings, seminars or booth activities.
   • l.) To provide the service and/or benefit for the beneficiary under insurance policy.
   • m.) For website administration and business operation.
   • n.) To provide any services as you request.
   • o.) Any process regarding the objectives specified herein.
4. To undertake necessary actions for the public interests and substantial public interests which are:
   • a.) To arrange the statistic to calculate the insurance premium according to the risk appetite, to investigate or prevent insurance fraud.
   • b.) To perform right or obligations under some type of insurance contract on sensitive data, such as claim process for insurance product relating health, accident matter, etc.
   • c.) To provide the necessary information to TGIA, RVP, or relevant authorities or association.
   • d.) Any process regarding the objectives specified herein.

As our business partners, we need to collect, use, disclose your personal data under the following purposes:

1. To comply with the obligations under the agreement/contract between Company and Business partner.
2. To make a financial transaction pursuant to agreement between Company and Business partner.
3. To receive/provide a consultation or service as mutually agreed by Company and Business partner.
4. To comply with applicable laws and relevant regulations (Legal Obligation).
5. To verify your identification and authority prior to entering into contract.
6. To develop or enhance the service agreed between the parties.
7. To fulfil audit requirements and compliance supervision.
8. To perform legal procedure.
9. To maintain relationship with partners, e.g. contact, satisfactory survey, award, etc.
10. To provide any services as you request.
11. Any process regarding the objectives specified herein.

For your security, we (a) use both encryption and tokenisation technology to safeguard your sensitive information such as credit card number, which can only be accessed by an authorised person; (b) restrict the access of your personal information to only our employees who require such access; (c) prevent unauthorised access by regular update of technology; and (d) delete your personal information when it is no longer necessary for relevant aforementioned purposes.

How Long We Retain Your Data

We will retain your personal information as long as it is necessary for the purposes of collection and use, unless required or permitted by applicable law. For most of the cases, your personal information will be retained for ten years after the termination of the contracts or cancellation of your policy unless required by law to retain the personal data for longer period. After such period ends, we will take action to anonymise, delete or destroy the personal data securely.

Third Party Access

In order to perform our contractual obligations towards you or our regulatory obligations towards regulators and authorities, your personal information may be disclosed, and/or disseminated to third parties for the relevant mentioned purposes only. These third parties may include:

1. Any authorities e.g. Office of Insurance Commission, Anti-Money Laundering Office, Revenue Department, etc. to comply with laws and regulations.
2. Associations relating to insurance business i.e. Thai General Insurance Association, Thai Insurance Brokers Association.
3. Business partners or person which are our business partners for providing services e.g. broker, agent, actuary, loss survey, claim settling, garage, Third-Party Administrator (TPA), RVP, hospital, legal consultants, auditors, reinsurance company and/or co-insurance company, post office, financial institute or financial service provider, other service providers for any activities relating to insurance contract and/or business operation and/or legal process as necessary.
4. To third person who makes a transaction with us on behalf of you, or your personal data being a part of making transaction with us such as policy holder in group policy, etc.
5. To third person who has a relationship with you and relating to conditions and benefits under insurance policy, for instance, leasing service provider, lender, lessor/landlord/tenant, beneficiary, co-insured etc.

For our business operation, where our legitimate interest is not less important than the data subject’s fundamental rights, your personal information may be disclosed and/or disseminated to our group companies and third parties such as external auditors, advisors, survey/data analytics service providers, and investors.

In any case, your personal information will not be disclosed and/or disseminated to any other persons other than the cases of the above two paragraphs, without your consent, except for the following cases: (a) providing that it is required by any applicable law; (b) providing that it is necessary for preventing emergencies or protecting others from danger; and (c) for the public interest.

In case where we disclose and/or disseminate your personal information to any third parties, we shall notify the said third parties of its confidential nature and their obligations to restrict the use of such information to any person involved for the permitted purposes as necessary only, and to handle the information appropriately in accordance with this Privacy Policy and the Personal Data Protection Act B.E. 2562 (PDPA).

Cross-border Transfer

In order to provide you our services especially for documentation, your personal information will be stored in other countries. The privacy protection standard of which, might be different from the PDPA or ours. We will take any necessary step to ensure that your personal information is stored and secured appropriately.

YOUR RIGHTS AS A DATA SUBJECT

Subject to the PDPA, if your personal data is collected by us, you are entitled to the following rights in respect to personal information concerning about you:

COOKIES INFORMATION

What Are Cookies?

Cookies are small pieces of data sent from a website to be stored in your personal devices. They allow the Website to recognise your devices and collect information to adjust the Website content to be in accordance with your preference. We use cookies through third-party service providers to improve your Website experience.

What Cookies Do We Use?

We use the following types of cookies:

In some cases, we might use both types of cookies through third-party service providers.

Managing Cookies

You can manage, block, and delete cookies on your browsers. You can learn more about cookies and how to manage them from this link: Allaboutcookies.

External Links

This Website may contain links to other websites which we cannot ensure your privacy and security. The inclusion of such links does not guarantee that other websites will provide you with the same standard of personal data protection as per this Privacy Policy.

Changes to the Privacy Policy

We reserve the right to make any change to the Privacy Policy in order to comply with any applicable law. Hence, we encourage you to check the “Updated Date” of the Privacy Policy.

iSafeDrive APPLICATION

Roojai Service Co., Ltd (“we”, “us”) respects your privacy and is committed to protecting it through our compliance with this privacy policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide in our iSafeDrive application ("Mobile Application/App"), and our practices for collecting, using, maintaining, protecting, and disclosing such information. It also describes the choices available to you regarding our use of your information and how you can access and update it.

By accessing and using the Mobile Application, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy.

Table of contents

1. Understanding Our Mobile Application
2. Purpose
3. Mobile Application Overview
4. Collection of Personal Information
5. How We Use Your Information
6. How Long We Retain Your Personal Information
7. Third-Party Access
8. Cross-Border Transfer
9. Your Rights as a Data Subject
10. External Links
11. Changes to the Privacy Policy
12. Contact Us About Your Personal Information

1. Understanding Our Mobile Application

Our Mobile Application serves as a tool for gathering driving data, including trip details and driving behaviour of the policy holder, using a policyholder’s smartphone. The data collected ranges from location coordinates (GPS) to accelerometer and gyroscope readings, enabling us to derive insights such as speed, acceleration, braking, and distance travelled.

2. Purpose

The primary objective of our Mobile Application is to encourage a safe driving behaviour by offering benefits to the users that demonstrate the safe driving behaviour as well as to share the collected data to Roojai Insurance PCL (“Insurer”) which will enable the Insurer to calculate premiums appropriately to the driving behaviour (“App Purpose”). This data is combined with traditional customer information like vehicle type, age, and gender to create a comprehensive dataset for evaluating and pricing the risk profiles of drivers.

3. Mobile Application Overview

System Operations

Our Mobile Application works by connecting your smartphone to your car’s Bluetooth system using our Mobile Application. Through this connection, geographic data may be transferred to our third-party service provider for the purpose of analysing the data, including conducting speed comparisons with road limits, to assess your driving behaviour.

System Permissions Requests

To ensure the functionality of our app, we need the following system permissions from you:

• Bluetooth Connection: This permission allows the app to establish and maintain a connection between your mobile phone and your car’s Bluetooth system. It is necessary for the proper functioning of our App Purpose.
• Precise Location: Even when the app is not actively being used, we collect location updates using latitude/longitude coordinates. This helps us to achieve accurate and relevant data for our App Purpose.

4. Collection of Personal Information

When you engage with our Mobile Application, we may collect certain information from or about you and this information may include information that can be used to identify a specific individual (“Personal Information”), including:

General personal information

• Account details: Phone number, email, passport number, national identification number, etc.
• Device information: Details about your mobile device, including its model, operating system, unique identifiers, and mobile network information.
• Geolocation data of your location information: Details about your car’s precise location and time, your driving habits, including speed, acceleration, breaking, and other relevant metrics.
• Usage information: Details on your interaction with our App, such as features accessed, actions taken, and session durations.

5. How We Use Your Information

We prioritise transparency and responsible handling of the information we collect. Here is how we utilise and process the data gathered through our Mobile Application:

Driving Behaviour Analysis

We analyse the driving data collected, including trip journeys and driving behaviour, to provide insights into your driving habits. This analysis helps us understand patterns such as speed, acceleration, braking, and cornering.

Insurance Assessment

With your consent, your data is shared with the Insurer to evaluate your risk profile accurately. Depending on your driving behaviour, the Insurer may adjust premiums accordingly.

Improving App Functionality

We use the collected data to enhance the functionality and performance of our app. By analysing usage patterns, we can identify areas for improvement and implement updates to optimise user experience.

Research and Development

We may use aggregated and anonymised driving data for research and development purposes. This data helps us identify trends, improve our services, and develop new features to better serve our users.

Rewards

We process collected information to allow users to exchange bonus points earned from safe driving behaviour to Roojai Rewards. By incentivising safe driving practices, we aim to encourage positive behaviour change among our users.

Compliance and Legal Obligations

We process collected information to ensure compliance with legal and regulatory requirements, including responding to legal requests or investigations and adhering to data protection laws and insurance regulations. For further details on insurance law, please refer to the OIC website (Office of the Insurance Commission).

6. How Long We Retain Your Personal Information

We will retain your Personal Information as long as it is necessary for the purposes of collection and use, unless required or permitted by applicable law. For most cases, your Personal Information will be retained for ten years after the date of termination or cancellation of your policy.

7. Third-Party Access

In order to fulfil our App Purpose, your Personal Information may be disclosed, and/or disseminated to third parties for the relevant mentioned purposes only. These third parties may include insurers, our business partners, financial institutions, regulators e.g. OIC, authorities e.g. RD, other service providers e.g. data storage service providers.

For our business operation, where our legitimate interest is not less important that the data subject’s fundamental rights, your Personal Information may be disclosed and/or disseminated to our group companies and third parties such as external auditors, advisors, survey/data analytics service providers, and investors.

In any case, your Personal Information will not be disclosed and/or disseminated to any other persons other than the cases of the above two paragraphs, without your consent, except for the following cases: (a) providing that it is required by any applicable law; (b) providing that it is necessary for preventing emergencies or protecting others from danger; and (c) for the public interest.

In case where we disclose and/or disseminate your Personal Information to any third parties, we shall notify the said third parties of its confidential nature and their obligations to restrict the use of such information to any person involved for the permitted purposes as necessary only, and to handle the information appropriately in accordance with this Privacy Policy and the Personal Data Protection Act B.E. 2562 (PDPA).

8. Cross-Border Transfer

In order to provide our Mobile Application services especially for documentation, your Personal Information will be stored in other countries. The privacy protection standard of which might be different from the PDPA or ours. We will take any necessary step to ensure that your Personal Information is stored and secured appropriately.

9. Your Rights as a Data Subject

Subject to the PDPA, by using our Mobile Application, you are entitled to the following rights in respect to Personal Information concerning about you and obtained by us:

Right for Withdrawal

You have the right to withdraw your consent given to us to retain, use or process your Personal Information, or allow our external service provider to do the same with your Personal Information.

Right to Access

You have the right to obtain confirmation of whether or not we hold Personal Information concerning about you, and if so, to obtain confirmation of where your Personal Information is being processed and/or for what purpose, as well as an electronic copy of such information.

Right to Object

You may object the collection, use and/or disclosure of your Personal Data at any time. If such doing is conducted for public interest or legitimate interests which is not beyond your reasonable expectation or other ground by laws, we will continue collecting, using and/or disclosing your Personal Data only when we can establish a legal basis that doing so is more important than your fundamental rights or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.

Right to Rectification

In case you find out that the information concerning about you is inaccurate, incomplete, out of date, you have the right to request for rectification of such inaccuracy, incompleteness, and outdatedness.

Right to Portability

Where the Personal Information concerning you is being processed via automated means, you have the right to request us to transmit such information to another data controller.

Right to Restrict Processing or Be Forgotten

You have the right to request us to suppress or restrict the use or processing of your Personal Information or to permanently erase your Personal Information.

The withdrawal of your consent, restriction, suppression, or erasure of your Personal Information may result in the inability to use the Mobile Application entirely.

10. External Links

This Mobile Application may contain links to other websites which we cannot ensure your privacy and security. The inclusion of such links does not guarantee that other websites will provide you with the same standard of personal data protection as per this Privacy Policy.

11. Changes to the Privacy Policy

We reserve the right to make any change to the Privacy Policy in order to comply with any applicable law. Hence, we encourage you to check the “Updated Date” of the Privacy Policy.

12. Contact Us About Your Personal Information

If you have any query, comments, or recommendations about the Privacy Policy or if you would like to exercise your rights, please submit your query, comments, or recommendations or the PDPA Data Subject Request Form to:

Address: Roojai Service Co.,Ltd. 44/1 Rungrojthanakul Building, 12th fl., Ratchadaphisek Rd., Huai-Khwang, Bangkok 10310. Or,

Email: DPO@roojai.com

The process might take up to 30 days from the date of your submission.

You can download our PDPA Data Subject Request Form here.

*Updated Date 1st August 2025