Piyasiri Co., Ltd, (referred to as “Sukumvit Hospital”), the operator of Sukumvit Hospital (the “Hospital”) providing various medical services (“Service”), as a controller of personal data, is bound by Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). In processing individual’s personal data, Sukumvit Hospital is required to comply with PDPA, including the obligation to notify the data subject of his legal rights pursuant to this document, and for certain cases, obtaining consent from data subject pursuant to the attached Consent Form.
This privacy notice applies when Sukumvit Hospital acts as the data controller of the personal data only. For any activities where Sukumvit Hospital is the data processor for other public or private organization who act as a data controller of such activities, you may check the details of such processing activities from the privacy policy or notice of processing of such public or private organization directly.
1. Collection of Personal Data
Sukumvit Hospital may, directly or indirectly, collect your personal data from the following sources:
2. Types of Personal Data Collected
Sukumvit Hospital may collect various types of your personal data including:
General Personal DataWith regard to the processing of sensitive data, Sukumvit Hospital will obtain consent from the data subject before or at the time of data processing, unless the processing of such sensitive data falls under the exceptions that the Personal Data Protection law prescribed.
3. Retention Period
Sukumvit Hospital will retain your personal data as long as it is necessary for the purpose of data processing. After that, Sukumvit Hospital will erase and destroy your personal data except as may be required, by applicable laws, or for protection of Sukumvit Hospital’s interest. In general, personal data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law or for the protection of Sukumvit Hospital’s interest.
Upon the completion of the abovementioned period, Sukumvit Hospital will follow the deletion and destruction procedure to ensure that all your personal data is safely deleted from server of Sukumvit Hospital or is retained in the form of anonymous data.
4. Purposes of Use and Disclosure
Sukumvit Hospital will process your personal data to: (i) perform contractual obligations as a party to the contract, (ii) comply with legal obligations, (iii) for the legitimate interest, (iv) for vital interest, or (v) for the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics. Sukumvit Hospital will use and disclose Personal Data for the abovementioned purposes and scope, including the following purposes:
4.1 Purposes of Providing Medical Services
4.2 Purpose of Analyzing, Developing, and Improving Service including Preparing Statistical Information
4.3 Marketing Purpose
In the case where applicable law permits and/or Sukumvit Hospital obtained your consent to process data, Sukumvit Hospital may collect, use, and disclose your personal data including but not limited to the following marketing purposes:
4.4 Other Purpose
5. Personal data of minors, quasi-incompetent person and incompetent person (“Incapacitated Person”)
Sukumvit Hospital will process the personal data of Incapacitated Person only where it is permitted by data protection law. Sukumvit Hospital will arrange to obtain the consent from parent, curator or guardian who is the legal representative of such Incapacitated Person (as the case may be). This does not apply in a case of obtaining consent for processing of personal data of Minor over 10 years old which is strictly personal, suitable to his condition in life and actually required for reasonable needs which such minor can provide consent to Sukumvit Hospital directly.
6.Disclosure
Sukumvit Hospital will not disclose your personal data without any legal basis. In the case Sukumvit Hospital required to transfer your personal data to other third parties, Sukumvit Hospital will proceed according to an appropriate procedure in order to ensure that other third parties will protect and prevent your personal data from any lost, unauthorized access, usage, modification or disclosure. Your data may be disclosed to other third parties including:
7. Cross-Border Transfer
Sukumvit Hospital will disclose your personal data to the recipient outside of Thailand only where it is permitted by data protection law and/or other applicable laws. In this regard, Sukumvit Hospital may follow the rule for the transfer of data to outside Thailand by entering the standard agreement or use other available tools under the applicable laws, and Sukumvit Hospital may rely on the data sharing agreement which require the data receiver to allow the data subject to exercise their rights with such data receiver in the case of a breach of data sharing agreement, or other permitted tools for the transfer of personal data to other country.
8. Data Security Measure
Sukumvit Hospital have been accredited a global standard from Joint Commission International (JCI), United States. JCI standard including privacy protection, confidentiality, and security of data, as well as data and information access control. Sukumvit Hospital adopt internal policies relating to information security system, emergency plan and data leakage. Sukumvit Hospital also adopt the high-standard security system in both technology and procedures to prevent any unauthorize or unlawful access, use, change, amendment or disclosure of personal data, and possible data theft. Sukumvit Hospital make substantial investments, effort and human resources as to ensure that Sukumvit Hospital maintain high-standard measures and your personal data remains safe. Sukumvit Hospital implement various measures to protect its computer system such as, Firewall and Secure Socket Layer. Sukumvit Hospital will revisit such internal policies periodically according to the laws.
Pursuant to the JCI standard, Sukumvit Hospital have set out retention period for patient registrar, data and other information. Sukumvit Hospital will delete and destroy your data immediately when it is no longer necessary for the purpose of data processing, or when the retention period expires. In this regard, Sukumvit Hospital may delete or destroy your personal data using appropriate and safe method without prior notice.
Although Sukumvit Hospital make its best efforts to protect personal data with Sukumvit Hospital’s technical mechanism along with the management by Sukumvit Hospital’s personnel to control access and keep personal data against unauthorized access, Sukumvit Hospital cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft. Also, monitoring own account on a regular basis such as monitoring balance, transaction date and keeping personal data and financial status confidential are strongly recommended.
9. Right of Data Subject
In exercising any right under this Clause 9, data subject shall comply with criteria and procedures specified in Clause 10 of this document. However, the rights specified in this Clause 9 are subject to change as the relevant law may be amended from time to time by the government. Sukumvit Hospital will inform you about the changes.
9.1 Right to be notified: if Sukumvit Hospital wishes to collect, store, use or disclose your personal data in any manner beyond the intended purposes or your given consent, Sukumvit Hospital will notify and/or seek your prior consent with respect to such additional scope.
9.2 Right to Access to your Personal Data: You may request for a copy of your personal data and request to disclose about the source of your personal data.
9.3 Rectification of the Personal Data: To ensure that your personal data is accurate, up-to-date, complete and not misleading, you may file a request to rectify any of your personal data that has been changed by following the procedures specified in Clause 10.
9.4 Right to data portability: In case where it is technically available, you may request to receive your personal data in a commonly used or readable by the automatic device or to automatically transfer.
9.5 Right to erasure of your Personal Data: You may request to erase or make your personal data unidentifiable under any of the following circumstances: (a) your personal data is no longer needed to be collected, stored, used or disclosed for the intended purposes, (b) you withdraw your consent for your personal data to be collected, stored, used or disclosed and Sukumvit Hospital no longer has any legal right to process your personal data for the intended purposes, (c) you object to Sukumvit Hospital’s processing of your personal data, or (d) your personal data was processed in contravention of the PDPA.
9.6 Request to suspend the use of your Personal Data: You may request Sukumvit Hospital to suspend its use of your personal data in any of the following events:
9.7 Right to object the processing of Personal Data: You may object to the collection, storage, use or disclosure of your personal data in any of the following events:
9.8 Right to withdraw consent: You may withdraw your consent at any time. Your withdrawal will not have any effect on Sukumvit Hospital’s previous data processing. If your withdrawal will affect any part of your personal data, Sukumvit Hospital will notify you of such effect at the time you make such withdrawal.
However, Sukumvit Hospital may deny your request to withdraw consent if the processing is for the purpose of, or for complying with, applicable law or court order, the withdrawal may adversely affect and harm the rights and freedom of the data subject himself or other people, the processing is for research purposes that has appropriate protection for personal data, or the processing is for establishing legal claims, legal compliance, exercise of legal rights or defenses.
In responding to your request under this clause, Sukumvit Hospital may be able to consider only for your personal data Sukumvit Hospital processed as a data controller. For the exercising of your right for the personal data Sukumvit Hospital processed as a data processor of other data controller, Sukumvit Hospital will inform such data controller to consider and proceed according to your request as your data controller.
10. Criteria and Procedures for Exercise of Your Rights
Remark:
11. Contact
If you have any queries, suggestions, or concerns regarding this privacy notice or if you have any queries or questions regarding the use of personal data by Sukumvit Hospital, you may contact Sukumvit Hospital at:
Data Protection Officer
Piyasiri Co., Ltd.
Address: 1411 Sukhumvit Road, Prakhanong-Nua, Wattana, Bangkok 10110
E-mail: [email protected]
Phone number: (66-2) 391-0011