Luma (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy informs you as to how we look after your personal data (regardless of how and where we collect the data), what your data privacy rights are, how you can control your data, and how the laws protect you. 

We review and update our Privacy Policy on a regular basis, and this policy from time to time may be modified without further notice. This Privacy Policy was last reviewed and/or updated on 1st June 2022, and all changes become effective immediately after posting.  


Origin of personal data

We collect personal data from you in order to provide a proposal and deliver a service. The data can be provided either directly or indirectly through the following channels (non-exhaustive list): 

  • – Phone 
  • – Email  
  • – Website  
  • – Social media platforms  
  • – Insurance application forms 


The data can come from one or more of the following sources (non-exhaustive list):  

  • – From you directly through our sites or partner sites 
  • – Your spouse or employer  
  • – Your intermediary  
  • – Medical provider  

Which personal data are we collecting?

The personal data that Luma may collect, and process are as below (non-exhaustive list): 

  • – Personal data: Name, date of birth, nationality  
  • – Contact data: Address, telephone number, email address  
  • – Identification data: Government issued identification numbers (passport, ID cards)  
  • – Employment data: Employment status, job title 
  • – Financial data: Bank account details 
  • – Health data: weight/height, preexisting physical and mental health conditions, alcohol consumption, test results, medical diagnoses, treatment 
  • – Claims data: documents relating to your claim, details regarding your claim  
  • – Fraud and sanction data: Information from checks from fraud databases and sanctions lists 
  • – Communication data: Information obtained from your correspondence with us, including emails, recordings of phone calls or online chats 

How do we justify the processing of your personal data?

Luma may process your personal data for several reasons: 

  • – To study your service or insurance needs  
  • – To provide a proposal for your service or insurance needs  
  • – To onboard you to our services or insurance contracts  
  • – To deliver our services and/or manage your insurance contracts 
  • – For improvement of our services and processes (recording calls for analysis, call and email satisfaction surveys).  
  • – For statistical analysis (cookies or tracers) and to maintain the functioning and security of our digital environment. 

As per the use of Luma cookies or tracers, please note that: 

We collect information about your activities on our services using technologies such as cookies, web beacons, JavaScript code, HTML 5 databases and server log files. The information we collect using these means includes your Media Access Control (MAC) address, operating system and version, screen resolution, device manufacturer and model, language, Internet browser type and version, the version of the Services you are using, the date and time you access the services, pages visited, time spent on the Services, general location information, and other activity data. This information is automatically generated. Our third-party business partners and we use this information to provide you with an optimal website experience. This includes measuring the effectiveness of our ads and your interaction with them, and tailoring offers and advertisements to you for products or services that you may find helpful on our services and third-party sites. 


An “IP Address” (a number that is automatically assigned to the computer that you are using by your Internet Service Provider) may be identified and logged automatically in our server log files whenever a user accesses the services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP Addresses for purposes such as calculating usage levels of the Services. Helping diagnose server problems and administering the services. 


As per the use of third-party cookies or tracers, please note that: 

Our website contains links operated by third parties. If you provide personal information to any third party’s website, your transaction will occur on that website (not LUMA’s websites) and that website operator will collect the personal information you provide and will be subject to its privacy policies. 

We encourage you to read the legal notice posted on those sites, including their privacy policies. The Privacy Notice does not apply to your use of and activity on those other websites. We provide links through our services to other websites only as a convenience, and the inclusion of these links does not imply endorsement of the linked site. We have no responsibility or liability for your use of third-party websites. 


Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer providers, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with our mobile applications or other websites. 


Fighting Fraud: We may disclose personal data to detect any case of fraud or fraud attempt, to fight against money laundering and terrorist financing and any sanctions requested by authorities. 

Medical third parties: We may disclose personal data to doctors, dentists, pharmacies, hospitals and other health care providers.  


Insurer/Reinsurer third parties: We may disclose personal data to insurers and reinsurers. 


Disclosure of medical information to third parties: We may disclose some of your health information to third parties (spouse, relative, friend, employer, subscriber of your health benefits plan, attorney, or any other person you identify), provided the information is directly relevant to that person’s involvement with your health care or payment for that care. You have the right to stop or limit this kind of disclosure at any moment. Your agent or broker can request personal data, including your health data, to assess the effectiveness of your plan and consider appropriate cover on your behalf. We will only disclose your health information when you have given your consent for us to do so. 


We may also disclose such personal data in support of: 

  • – Legal obligation – to government law enforcement officials, local regulators, tax department and all international procedures (eg, anti-money laundering). 
  • – Legal procedures – to a court order or contentious procedures. 
  • – Public duties – to address matters of public interest as required or permitted by law (child abuse and neglect, threats to public health and safety, and national security). 

Who has access to your data?

The data may be transmitted for above mentioned reasons to the insurer / reinsurers requested within the framework of the study and management of your contract as well as to the service providers commissioned by Luma or by the insurer / reinsurer within this framework (medical practitioners or payment providers). 


The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect guest information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable. 


Your Personal Data are stored in both physical and electronic forms. 

  • – For electronic data we store in our dedicated servers and databases, with data safety standards. 
  • – For physical documents we store them in our vault rooms and relevant department lockers. 

Where is your personal data processed?

The data are processed in locations where Luma operates such as France, Vietnam, Thailand, Myanmar and Cambodia. This data can also be transferred to countries outside these territories for administrative purposes. 


We offer our services on a global network basis and our services are not intended to subject LUMA or any affiliated entity to the laws or jurisdiction of any state, country or territory other than Thailand’s Personal Data Protection Act 2019. Your personal information may be stored and processed in any country where we work with insurers, have facilities or in which we engage service providers, and by using our services, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules than your country. LUMA does not represent or warrant that the services, or any part of them, are appropriate or available for use in any particular jurisdiction. Those who choose to access our services do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. 

How long will your personal data be kept?

We will generally retain your personal data for at least 10 years from the date when your legal relations and/or transactions with us cease to have an effect. However, we may retain your personal data for a longer period if applicable laws permit or such retention is necessary to the establishment, compliance, or exercise of our legal claim. We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it is obtained and required by law. 

Your rights

You are entitled, to withdraw your consent to such processing activities for which consent is the legal basis, which include commercial prospecting and marketing. A description of your rights including how to exercise them is included below. 


To withdraw consent  

If our Processing is based on consent, you can withdraw the consent at any time by contacting the DPO Office. 

To request access & receive  

You are entitled to ask us if we are processing your Personal Data, and if we are, you can request access to yours Personal Data, including to receive a copy of the Personal Data we hold about you and certain other information about it. 

To object  

Where we are processing Personal Data based on our legitimate interests (or those of a third party) you may challenge the processing. However, we may be entitled to continue processing your Personal Data based on our compelling legitimate interests or where this is relevant to legal claims. You also have the right to object where we are Processing Personal Data for direct marketing purposes. 

To erase 

You are entitled to ask us to delete, destroy or anonymize your Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the Personal Data is required for compliance with law or in connection with claims. 

To restrict   

You are entitled to ask us to delete, destroy or anonymize your Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the Personal Data is required for compliance with law or in connection with claims. 

To update data  

You are entitled to request that any incomplete or inaccurate Personal Data we hold about you be corrected. 

To complain  

If you have any concerns or questions about the processing of your Personal Data, please contact us at the contact details set out below. In case of an alleged infringement, you have the right to lodge a complaint with a supervisory authority in accordance with the rules and methods prescribed as below. 

Following the above cases, you can exercise your rights by sending your request to our Data protection officer: 



Luma Care Co., ltd

57 Park Ventures Ecoplex 9th Floor, Unit 912
Wireless Road, Lumpini, Pathumwan
Bangkok 10330 Thailand


[email protected]


For each request, please clearly mention the subject for which you are contacting us as well as to mention the following information: 

  • – First and Last Name 
  • – Membership ID (if applicable)  
  • – Policy number (if applicable)  
  • – Any other info that can help us identify your relationship to us  

The above information will be only used to verify your identity. 


If you make a request, we will ask you to confirm your identity (if necessary), and to provide information that helps us to understand your request better. We expect to respond to your request within 30 days of the receipt of your request. 


Following the above mentioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause Luma to deny your request or may prevent Luma from complying with your request such as for in compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If Luma denies aforementioned request, Luma shall give you the reason(s) for such denial.


Please note that the withdrawal of your consent can make it impossible to continue administrating your policy and it does affect the process already carried out. 


In case of commercial prospecting, you can directly unsubscribe from email communication by clicking on ‘’Unsubscribe’’ in the emails you receive or by emailing us at [email protected]