Piyasiri Co., Ltd, (referred to as “Sukumvit Hospital”), the operator of Sukumvit Hospital (the “Hospital”) providing various medical services (“Service”), as a controller of personal data, is bound by Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). In processing individual’s personal data, Sukumvit Hospital is required to comply with PDPA, including the obligation to notify the data subject of his legal rights pursuant to this document, and for certain cases, obtaining consent from data subject pursuant to the attached Consent Form.

This privacy notice applies when Sukumvit Hospital acts as the data controller of the personal data only. For any activities where Sukumvit Hospital is the data processor for other public or private organization who act as a data controller of such activities, you may check the details of such processing activities from the privacy policy or notice of processing of such public or private organization directly.

1. Collection of Personal Data

Sukumvit Hospital may, directly or indirectly, collect your personal data from the following sources:

• Information you provided to Sukumvit Hospital directly, including through the patient registration with the Hospital and registration to any activities organized by Sukumvit Hospital, the use of application, platform, user account registration, conversation via live chat or making transaction via Service of Sukumvit Hospital
• Personal data Sukumvit Hospital received from your family, representative, or any person authorized by you to contact Sukumvit Hospital
• Personal data Sukumvit Hospital received from Sukumvit Hospital’s affiliates
• Personal data Sukumvit Hospital received from the organization you work for
• Other hospitals that you instructed to share your information with Sukumvit Hospital
• Social media and/or other public relation media you use in order to access to the Service
• Personal data from third-party, such as Sukumvit Hospital’s business partners and
• Any public sources such as government data, and other professional institution

2. Types of Personal Data Collected

Sukumvit Hospital may collect various types of your personal data including:

• Identification information such as name-surname, date of birth, identification number, telephone number, e-mail, address, copy of official card, copy of identification card, copy of passport, birth certificate, hospital number, photo, voice, picture and video
• Personal characteristics such as age, sex, weight and height
• Financial information such as credit and debit card, bank account, transaction information including hospital expenses, payment method, and other payment details
• Insurance information such as health insurance and life insurances information including social security and any medical benefits information
• Service usage history such as data automatically collected via website including website usage behavior, log-file, your interest, devices information and your IP address, setting, website adjustment, date or your location
• Other information such as personal data that you provide when you receive treatment or service from Sukumvit Hospital by fill-in information in relevant forms provided, communicate with Sukumvit Hospital through any application and other channel, date and time that you visit Sukumvit Hospital’s premises, Hospital membership information, workplace, family members

• Personal characteristics such as blood type, race, religion
• Health information such as body mass index, heart rate, blood pressure, oxygen saturation, body temperature, fasting blood sugar, hearing, mobility, nutrition, sleep, cycle tracking
• Medical information and medical history such as congenital disease, food or medicine allergy, vaccination history, lifestyle behavior, sexual orientation, symptom, medical record, medical history, clinical record, diagnosis result, special medical requests, medical usage or record of treatment method

With regard to the processing of sensitive data, Sukumvit Hospital will obtain consent from the data subject before or at the time of data processing, unless the processing of such sensitive data falls under the exceptions that the Personal Data Protection law prescribed.

3. Retention Period

Sukumvit Hospital will retain your personal data as long as it is necessary for the purpose of data processing. After that, Sukumvit Hospital will erase and destroy your personal data except as may be required, by applicable laws, or for protection of Sukumvit Hospital’s interest. In general, personal data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law or for the protection of Sukumvit Hospital’s interest.
Upon the completion of the abovementioned period, Sukumvit Hospital will follow the deletion and destruction procedure to ensure that all your personal data is safely deleted from server of Sukumvit Hospital or is retained in the form of anonymous data.

4. Purposes of Use and Disclosure

Sukumvit Hospital will process your personal data to: (i) perform contractual obligations as a party to the contract, (ii) comply with legal obligations, (iii) for the legitimate interest, (iv) for vital interest, or (v) for the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics. Sukumvit Hospital will use and disclose Personal Data for the abovementioned purposes and scope, including the following purposes:

4.1 Purposes of Providing Medical Services

• Patient registration, verification record including maintain patient registrar in order to provide Sukumvit Hospital’s medical services
• Notification for doctor appointment or arrangement for the medical treatment
• Provide medical analysis, diagnosis, consultation and other services relating to the medical treatment to you
• Analysis and experiment the responses to various method of treatment
• Provide the security and comfort you while receiving Sukumvit Hospital’s medical services or stay in the Hospital
• Coordinate with internal and external organizations including business partners of Sukumvit Hospital in relation to your medical treatment
• Specifying your location for receiving Service or providing Service or for delivery of medicine, medical supplies, or other devices
• Processing payment, proceeding in relation to the purchase order of medicines, medical supplies and the Service
• Ensuring that the content on Sukumvit Hospital’s website will be provided to you and shown on your electrical devices efficiently
• Communication (chat) between you and medical practitioner through online system or expressing opinion, making queries, and communicate with you and
• Hosting or participating in activities, training or seminar held by Sukumvit Hospital.

4.2 Purpose of Analyzing, Developing, and Improving Service including Preparing Statistical Information

• Conducting research or strategy analysis in developing, improving and maintaining the quality of the Service
• Preparing statistical information in relation to the Service for education, and internal analysis of Sukumvit Hospital only
• Supporting the stability and security of Sukumvit Hospital’s premise and website and
• Conducting satisfactory survey, opinion suggestion, and complains

4.3 Marketing Purpose

In the case where applicable law permits and/or Sukumvit Hospital obtained your consent to process data, Sukumvit Hospital may collect, use, and disclose your personal data including but not limited to the following marketing purposes:

• Offering information and newsletter in relation to the Service. In case where you no longer wish to be contacted for marketing of sales activities, you could opt-out through our designated channels
• Processing the purchasing order for medicine, medical supplies, and Service that you use in order to improve quality of service, sending information relating to the medicine, vaccine, medical supplies, and offer services of Sukumvit Hospital that you may interested in, including giving advice in relation to medicines, vaccine, medical supplies, and services to you
• Setting pattern and improving general marketing activities of Sukumvit Hospital and
• Using all information of the website visitors to generate usage pattern or interest of the website visitors

4.4 Other Purpose

• Fulfill our contractual obligations whether directly or indirectly
• Legitimate interests in relation to the carrying out of business of Sukumvit Hospital, by concerning the fundamental rights of the data subject
• Support the stability and security of Sukumvit Hospital
• Assessment and management of your requests
• Prevention and investigation of forgery
• Inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies and
• Compliance with applicable laws.

5. Personal data of minors, quasi-incompetent person and incompetent person (“Incapacitated Person”)

Sukumvit Hospital will process the personal data of Incapacitated Person only where it is permitted by data protection law. Sukumvit Hospital will arrange to obtain the consent from parent, curator or guardian who is the legal representative of such Incapacitated Person (as the case may be). This does not apply in a case of obtaining consent for processing of personal data of Minor over 10 years old which is strictly personal, suitable to his condition in life and actually required for reasonable needs which such minor can provide consent to Sukumvit Hospital directly.

6.Disclosure

Sukumvit Hospital will not disclose your personal data without any legal basis. In the case Sukumvit Hospital required to transfer your personal data to other third parties, Sukumvit Hospital will proceed according to an appropriate procedure in order to ensure that other third parties will protect and prevent your personal data from any lost, unauthorized access, usage, modification or disclosure. Your data may be disclosed to other third parties including:

• Group company or affiliate relating to Sukumvit Hospital
• Other third-party service providers such as cloud service provider or data analysis service provider
• Governmental and regulatory bodies
• Auditors, legal advisors, and other advisors
• Any person or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including initial public offering, and any transfer or potential transfer of Sukumvit Hospital’s rights or duties under the agreement with a data subject.
• Other data controller to whom you have instructed Sukumvit Hospital to disclose or transfer data including other hospitals, clinic, etc and
• Other third party who intend to invest in or purchase business of Sukumvit Hospital or its affiliates for corporate restructuring.

7. Cross-Border Transfer

Sukumvit Hospital will disclose your personal data to the recipient outside of Thailand only where it is permitted by data protection law and/or other applicable laws. In this regard, Sukumvit Hospital may follow the rule for the transfer of data to outside Thailand by entering the standard agreement or use other available tools under the applicable laws, and Sukumvit Hospital may rely on the data sharing agreement which require the data receiver to allow the data subject to exercise their rights with such data receiver in the case of a breach of data sharing agreement, or other permitted tools for the transfer of personal data to other country.

8. Data Security Measure

Sukumvit Hospital have been accredited a global standard from Joint Commission International (JCI), United States. JCI standard including privacy protection, confidentiality, and security of data, as well as data and information access control. Sukumvit Hospital adopt internal policies relating to information security system, emergency plan and data leakage. Sukumvit Hospital also adopt the high-standard security system in both technology and procedures to prevent any unauthorize or unlawful access, use, change, amendment or disclosure of personal data, and possible data theft. Sukumvit Hospital make substantial investments, effort and human resources as to ensure that Sukumvit Hospital maintain high-standard measures and your personal data remains safe. Sukumvit Hospital implement various measures to protect its computer system such as, Firewall and Secure Socket Layer. Sukumvit Hospital will revisit such internal policies periodically according to the laws.
Pursuant to the JCI standard, Sukumvit Hospital have set out retention period for patient registrar, data and other information. Sukumvit Hospital will delete and destroy your data immediately when it is no longer necessary for the purpose of data processing, or when the retention period expires. In this regard, Sukumvit Hospital may delete or destroy your personal data using appropriate and safe method without prior notice.
Although Sukumvit Hospital make its best efforts to protect personal data with Sukumvit Hospital’s technical mechanism along with the management by Sukumvit Hospital’s personnel to control access and keep personal data against unauthorized access, Sukumvit Hospital cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft. Also, monitoring own account on a regular basis such as monitoring balance, transaction date and keeping personal data and financial status confidential are strongly recommended.

9. Right of Data Subject

In exercising any right under this Clause 9, data subject shall comply with criteria and procedures specified in Clause 10 of this document. However, the rights specified in this Clause 9 are subject to change as the relevant law may be amended from time to time by the government. Sukumvit Hospital will inform you about the changes.

9.1 Right to be notified: if Sukumvit Hospital wishes to collect, store, use or disclose your personal data in any manner beyond the intended purposes or your given consent, Sukumvit Hospital will notify and/or seek your prior consent with respect to such additional scope.

9.2 Right to Access to your Personal Data: You may request for a copy of your personal data and request to disclose about the source of your personal data.

9.3 Rectification of the Personal Data: To ensure that your personal data is accurate, up-to-date, complete and not misleading, you may file a request to rectify any of your personal data that has been changed by following the procedures specified in Clause 10.

9.4 Right to data portability: In case where it is technically available, you may request to receive your personal data in a commonly used or readable by the automatic device or to automatically transfer.

9.5 Right to erasure of your Personal Data: You may request to erase or make your personal data unidentifiable under any of the following circumstances: (a) your personal data is no longer needed to be collected, stored, used or disclosed for the intended purposes, (b) you withdraw your consent for your personal data to be collected, stored, used or disclosed and Sukumvit Hospital no longer has any legal right to process your personal data for the intended purposes, (c) you object to Sukumvit Hospital’s processing of your personal data, or (d) your personal data was processed in contravention of the PDPA.

9.6 Request to suspend the use of your Personal Data: You may request Sukumvit Hospital to suspend its use of your personal data in any of the following events:

1. when Sukumvit Hospital is in the process of verifying certain information for the purpose of rectifying, updating, completing or avoiding any misleading about your personal data upon your request
2. when your personal data is to be erased under Clause 9.5 but you instead request to suspend its use
3. when it is no longer necessary to store your personal data, but you request Sukumvit Hospital to continue the storage of your personal data for establishing legal claims, legal compliance, exercise of legal rights or defenses or
4. when Sukumvit Hospital is in the process of verifying its legitimate rights in its data collection or processing for purposes specified by law.

9.7 Right to object the processing of Personal Data: You may object to the collection, storage, use or disclosure of your personal data in any of the following events:

1. In case where your personal data was collected by Sukumvit Hospital for the purpose of (a) public interest of Sukumvit Hospital, (b) Sukumvit Hospital’s compliance with a governmental order or (c) any legitimate interest of Sukumvit Hospital or other legal entity
2. In case where Sukumvit Hospital has processed your personal data for the purpose of direct marketing and
3. In case where Sukumvit Hospital has processed your personal data for any research purposes as specified in relevant laws, including for statistical purpose.

9.8 Right to withdraw consent: You may withdraw your consent at any time. Your withdrawal will not have any effect on Sukumvit Hospital’s previous data processing. If your withdrawal will affect any part of your personal data, Sukumvit Hospital will notify you of such effect at the time you make such withdrawal.

However, Sukumvit Hospital may deny your request to withdraw consent if the processing is for the purpose of, or for complying with, applicable law or court order, the withdrawal may adversely affect and harm the rights and freedom of the data subject himself or other people, the processing is for research purposes that has appropriate protection for personal data, or the processing is for establishing legal claims, legal compliance, exercise of legal rights or defenses.

In responding to your request under this clause, Sukumvit Hospital may be able to consider only for your personal data Sukumvit Hospital processed as a data controller. For the exercising of your right for the personal data Sukumvit Hospital processed as a data processor of other data controller, Sukumvit Hospital will inform such data controller to consider and proceed according to your request as your data controller.

10. Criteria and Procedures for Exercise of Your Rights

• If you wish to exercise your right, please submit your request through Admin/Front Office Department
• You may download a request form, and other relevant documents from Sukumvit Hospital’s website www.sukumvithospital.com or request them from Admin/Front Office Department
• You must complete and sign the request form and submit it with a certified copy of your ID card or passport.
• If you appoint someone to submit the request on your behalf, a power of attorney in the form specified by Sukumvit Hospital is also required.
• Your request will be sent to Sukumvit Hospital’s data protection officer for verification of your identity.
• In verifying your identity, if your identity and/or the person authorised under your power of attorney cannot be verified, Sukumvit Hospital may request for additional documents or may contact you for additional information.
• The data protection officer will consider your request by considering various factors such as its legitimate reasons, its negative effect on a third party etc. and whether the PDPA provides for any exemptions.
• If your request is approved, the data protection officer will proceed and report the result to you without delay via the channel you have specified in your request.
• If you request is denied, the data protection officer will notify you with explanation without delay via the channel you have specified in your request. You may make an appeal to the authority as prescribed by the PDPA which Sukumvit Hospital will inform you in Sukumvit Hospital’s notification of such denial.

Remark:

1. The procedures above will take no more than 30 (thirty) days following the receipt of your request and all supporting documents.
2. Sukumvit Hospital’s process will not incur any costs to you. But if there is any cost, Sukumvit Hospital will notify you prior to taking any action.
3. In case Sukumvit Hospital reject your request, you may file a complaint to Personal Data Protection Committee at the following address:
   Office of the Personal Data Protection Committee
   Ministry of Digital Economy and Society
   Telephone: 02-142-1033
   E-mail: [email protected]

11. Contact

If you have any queries, suggestions, or concerns regarding this privacy notice or if you have any queries or questions regarding the use of personal data by Sukumvit Hospital, you may contact Sukumvit Hospital at:

Data Protection Officer
Piyasiri Co., Ltd.
Address: 1411 Sukhumvit Road, Prakhanong-Nua, Wattana, Bangkok 10110
E-mail: [email protected]
Phone number: (66-2) 391-0011