Privacy Notice for Patient of
TPP Healthcare International Co., Ltd.
MedPark Hospital
TPP Healthcare International Co., Ltd., operator of MedPark Hospital (hereinafter referred to as the “Hospital” or “we”, as the case may be). The Hospital, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), are aware of the importance of protecting the personal data of patients, contacts, emergency contacts, and others who interact with the Hospital (hereinafter referred to as “you” or “Data Subject”), we therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Hospital.
We ensure that the processing of your personal data will be secured by security protection measures of our standard. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.
- Definitions
"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Hospital as specified in this Notice.
“Sensitive Data” refers to personal data classified as sensitive data under the PDPA that the Hospital is permitted to collect, use, disclose, and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.
- Personal Data Collection
Your personal data will only be collected to the extent necessary. The personal data can be directly derived from you through several channels including our websites, applications and/or other channels e.g. online doctor appointments, online registration, E-newsletters, and offline transactions. Besides data obtained from you, we might receive your data from other third parties which include your family members, friends or someone who are close to you. We keep your personal data confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).
- Personal Data Collected by the Hospital
The Hospital will collect, use, disclose and/or transfer your Personal Data which includes, but is not limited to the following:
3.1 General Personal Data
- Personal information, e.g., title, rank, position, first name, middle name, last name, age, date of birth, gender, photograph, nationality, country of residence, national ID card number, passport number, hospital number, signature, marital status, weight, and height.
- Contact information, e.g., address, mobile phone number, home phone number, and email address.
- Service information, e.g., record of doctor’s appointments, room requirements and other additional services.
- Educational information, e.g., education background.
- Information appearing on legal documents, e.g., national ID card, passport, house registration, driver's license, government official identification card, certificate of name/surname change, marriage certificate, divorce certificate, and birth certificate.
- Contact information and emergency contact information, e.g., first name, middle name, last name, relationship with patients, and mobile phone number.
- Information about the person who has the authority to act on behalf of Data Subject (legal representative, guardian, and curator), e.g., name, surname, and national ID card.
- Financial information, e.g., billing information, credit or debit card information, and bank account details.
- Information on news subscriptions and marketing activities, e.g., seminar enrollment and promotion registration.
- Information from the Hospital’s websites such as IP address, cookies, online doctor appointment, and online doctor consultation.
- Other, e.g., audio recordings, images and videos from CCTV footage.
3.2 Sensitive Data
The Sensitive Data that we will collect, use, disclose and/or transfer includes, but is not limited to data concerning religion, health, disabilities, genetic or biometric data, health history, record of medication/food allergy, treatment result, physical examination result, laboratory result, diagnosis result, medical record, medical certificate, surgical record, radiograph imaging, weight, height, blood type, picture/audio/animation from medical/surgery/operation procedures, and data that appears in the copy of national ID card, e.g., religion, ethnicity and blood group . We will process your Sensitive Data only to the extent required by law or with your prior explicit consent.
- Source of Your Personal Data
We may collect Personal Data you voluntarily release to us, whether through hospital service request forms, social media accounts, phone calls, or other forms filled out through the Hospital's websites and applications such as appointment forms, inquiry forms, product purchase or service request forms, news subscription forms, including wearable medical devices.
We may receive your Personal Data from other sources, e.g., your family members or intimate persons, any other third party assigned by you to disclose your Personal Data, and hospitals, affiliated companies, representatives, or alliances of the Hospital.
- Purposes and Legal Bases
5.1 We process your personal data based on legal bases as provided below:
- We rely on contractual basis to process your Personal Data in order to, for instance,
- Review your various application requests before entering into a contract;
- Medical treatment rights’ claim,
- Request payment;
- Issue invoices and/or receipts;
- Communicate for the purchase of products and/or services;
- Perform contractual obligations;
- Deliver products or services;
- Proceed to collect or receive payment of products or services.
- We rely on legitimate interest to process your personal data in order to, for instance,
- Verify your identity;
- Send medical appointment reminders;
- Collect contact information for future inquiries in case an emergency arises and the patient is unable to provide their own information;
- Provide or deliver services as requested; monitor and review the performance of a contractual obligation;
- Provide post-sales services;
- Manage customer relationship;
- Send and follow up a questionnaire to assess customers’ service satisfaction;
- Verify and confirm your identity before entering into transactions or contracts;
- Financial and internal audit;
- Monitor the accuracy of payments, billing, refunds, and compensation;
- Monitor compliance with the Hospital’s regulations;
- Investigate or verify facts;
- Consult for establishment of legal claim or proof in legal process; and
- Record through CCTV for security protection in the buildings or premises.
Your Personal Data may be disclosed to lawyers, legal and tax consultants, external auditors, internal auditors, financial auditors, and any other consultants involved in the process of completing the purposes specified above.
- We rely on legal obligations to process your Personal Data in order to comply with the laws related to medical institutions, for instance, new patient registration, doctor’s appointment, medical services, diagnosis, medical treatment, patient examination, preliminary physical examination, medication dispensing, use of Personal Data for the purpose of experimentation in internal laboratories of the medical facility, collection and use of contact person’s information to approve of or deny the request for medical treatment, medical benefit claim, and ethical and professional compliance.
- We rely on legal obligation to process your personal data in order to, for instance, collect Personal Data as required by law, disclose or submit Personal Data to government agencies as required by law, and comply with applicable laws, regulations, orders of competent authorities, and court orders.
- We rely on vital interests to process your personal data to prevent and suppress danger to life, body, or health, for instance, emergency contact and communicable disease control and prevention.
- If you have given your explicit consent, we will process your Personal Data to send news, advertisements, notifications, benefits and promotions of products and services, beneficial campaigns, or invitations to the Hospital’s activities via all communication channels that you have indicated to the Hospital.
5.2 We process your Sensitive Data based on legal bases as provided below:
- We rely on legal obligations to process your Sensitive Data in order to achieve the objectives relating to preventive or occupational medicine, medical diagnosis, health or social services, medical treatments, and health management, for instance:
- Diagnosis and medical treatment;
- Symptoms examination and preliminary physical examination;
- Use of Personal Data for the purpose of laboratory diagnostics of the Hospital;
- Referral of patient to another hospital for further treatment;
- Processing of genetic data to verify identity or relationships before the process of organ transplantation; and
- Compliance with ethics and professional ethics.
- We rely on contractual obligations to process your Sensitive Data in order to achieve objectives relating to diagnosis and treatment, for instance, disclosure of Sensitive Data to external laboratories or an external radiology center to conduct experiments and diagnosis.
- We rely on legitimate interest to process your Sensitive Data in order to establish legal claim as permitted by law, for instance, collecting patients’ medical expenses, invoicing, requesting patients to pay off the invoice, issuing a receipt, and examining patient’s billing and debt payment status.
- We rely on vital interests to process your Sensitive Data in order to prevent and suppress dangers to life, body, or health such as emergency contact, communicable disease control and prevention.
- We process your health data, biological samples, and the data obtained from such samples, in an anonymized form, for quality, service, and Hospital operation improvement.
- In the event that you have given your explicit consent, we will process your Sensitive Data for the purposes set forth in each of the following consent:
- Use of a copy of your national ID card that contains Sensitive Data such as religion and blood type to verify your identity;
- Disclosure of your health data and medical certificate to insurance company to claim your health insurance benefit;
- Disclosure of your health data and medical certificate to your embassy, employer, agency, organization, governmental agencies, or any relevant person to collect payments for your medical services;
- Disclosure of your health data to insurance company as requested by you or the insurer for the purpose of entering into an insurance agreement;
- Disclosure of your health data to third parties such as your family members, relatives, dependents, or intimate persons upon their request;
- Disclosure of your health data, medical certificate and health record to the airline for Fit for Air Travel;
- Processing of your health data for purposes of healthcare service quality improvement;
- Disclosure of your health data to our business partners for purposes of developing medical products; and
- Processing of your health data, biological samples, and the data obtained from such samples, and disclosure of such data to external laboratories for research and academic purposes.
- De-identify your health data, biological samples, and the data obtained from such samples to be unidentifiable data for research and academic purposes.
- Disclose your sensitive data to internal organizations such as Bureau Veritas to verify Internal Organization for Standardization (ISO), Joint Commission International (JCI), and Healthcare Accreditation Institute (Public Organization) (HAI) for quality improvement and accreditation of the Hospital.
- Disclosure of Your Personal Data
6.1 We will not disclose your Personal Data for purposes other than specified herein, unless having been consented to do so.
6.2 Personal Data that you have provided to us may be transferred outside Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
6.3 We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g., insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of drugs and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are alliance with us, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers, and internal organizations such as Bureau Veritas, Joint Commission International (JCI), and Healthcare Accreditation Institute (Public Organization)(HAI). We may proceed any other actions to complete the purposes specified in this Notice in order to benefit our services.
6.4 We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
6.5 Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as embassy, the Immigration Office, or to relevant agencies in order to verify your Personal data to prevent fraud or corruption, we reserve the right to do so without your prior consent.
- Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons
Where we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them.
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
If we become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, we will delete or destroy such data from the Hospital's system immediately.
- Websites and Third Parties
Our websites and applications might contain certain hyperlinks which are technically connected with other websites. Since these websites are owned and operated by third parties, thus these third party websites have their own Privacy Policies, including Cookies. They govern the use of personal information you submit or are collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
- Retention Periods & Security Protection Measures
9.1 We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law.
9.2 We have an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for the purpose of collecting specified by this Notice.
9.3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means to ensure that your Personal Data is protected with secured and trustworthy security protection measures of international standard against loss, and unauthorized or unlawful access, use, change, modification, and disclosure.
9.4 We limit access to your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your personal data by data processors or other third parties will take place appropriately according to our instruction.
- Data Subject’s Right
10.1 Under the PDPA, you, as the Data Subject, are entitled to:
- Request access to, or copies of, your Personal Data collected, used and disclosed by the Hospital.
- Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Hospital reserves the right to charge you a fee, the amount of which is at our discretion.)
- Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
- Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
- Sequester your Personal Data from further use by any method unless the law provides otherwise.
- Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
- File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA.
10.2 We endeavor to maintain the accuracy and up-to-datedness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to request for corrections thereto.
10.3 The exercise of your rights specified above must comply with the law. The Hospital reserves the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the personal data processing record as required by law.
10.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason, accordingly.
- Amendment
We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. If such changes occur, we will inform you of the amended, adjusted, or modified content in the designated channel as soon as it becomes effective. New Notice will only apply to you upon your use of service after the revision.
- Contact Us
Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our Notice, you can contact us via the following channels:
TPP Healthcare International Co., Ltd.
MedPark Hospital
3333 Rama IV Rd, Khlong Toei, Bangkok 10110
Data Protection Officer
Email: DPO@medparkhospital.com
Tel: +6602-023-3333
Announced on 1st August 2022
With Best Regards,
MedPark Hospital
……………………………….
Privacy Notice for Website and Application of
TPP Healthcare International Co., Ltd.,
MedPark Hospital
TPP Healthcare International Co., Ltd., the operator of MedPark Hospital (hereinafter referred to as the “Hospital”, “MedPark”, “us” or “we”, as the case may be), the Hospital provides a website and application platform for the convenience of website visitors and Hospital’s patients. This privacy notice (the “Notice”) covers the website: www.medparkhospital.com (hereinafter referred to as the “Website”), and the application named “My MedPark” (hereinafter referred to as the “Application”), including Website displayed on mobile devices or mobile Application (“Platform”) serving as the contact and communication channel between Hospital and its service users (“User”, “Users, “Patient”, “you” or “your”), such as scheduling an appointment, accessing to user’s health data, updating a user's personal data, and other purposes.
We are deeply aware of the importance of protecting personal data and right to privacy of the user of the Website and Application, (hereinafter referred to as “User” or “you”). We, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Hospital.
We give assurance that your personal data will be secured by a stringent security standard throughout the processing procedure. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.
- Definitions
"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Hospital as specified in this Notice.
“Sensitive Data” refers to Personal Data classified as sensitive data under the Personal PDPA that the Hospital is permitted to collect, use, disclose and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.
"User" means a person using the Platform (registered or not).
"Identification Code" means Login Name, Username, Password, Mobile PIN (Mobile Personal Identification Number), OTP (One Time Password), including other codes for identification of user accessing services, either set by us or user.
- Personal Data Collection
Your personal information will only be collected if necessary. This given information can be directly derived from you through several channels which include our websites, applications and other authorized channels e.g. online doctor appointments, online registration, E-newsletters, and offline transactions. Besides information obtained from you, we might receive your information from third parties which include your family members, friends or someone who are close to you. We keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).
- Personal Data Collected, Used and/or Disclosed by the Hospital
We will collect, use, and/or disclose your Personal Data which includes, but is not limited to, the following:
3.1 General Personal Data
- Personal information, e.g., title, first name, middle name, last name, date of birth, gender, nationality, photograph, country of residence, hospital number, national ID card number, and passport number.
- Contact information, e.g., address, mobile phone number, home phone number, and email address.
- Personal information for access of accounts (such as Line, Facebook, Email and WhatsApp), e.g., username and password.
- Financial information, e.g., bank account, credit or debit card information.
- Information relating to patient treatments which may include Sensitive Data, e.g., health data, data about illnesses to be consulted, disabilities, medication, drug allergy, health-related reports, laboratory test results, and diagnoses, photos, and videos for service operations.
We also collect your Personal Data from your registration and log-ins through third-party platforms such as Google, Facebook, Twitter and Apple. We may receive your additional Personal Data through these platforms as they are capable of verifying the authenticity of your identity and providing you with the option to disclose certain Personal Data, e.g., your name, email address and social media accounts, to the Hospital if you have authorized their platforms to share your Personal Data with us.
3.2 Automatically Collected Data
We may automatically collect information about your use of service, e.g., access time, device ID, or other unique identifiers, IP address, MAC address, overall usage data, usage history, settings, language information, device name and model, location and time zone, network provider, operating system information, and session length.
- Source of Your Personal Data
We will receive your Personal Data through the following primary channels:
4.1 From the process of creating a user account through registration via the Hospital's Website or Application; and
4.2 From the Personal Data you voluntarily release to us to request our services, whether through filling out a service request form at the Hospital, contacting via social media accounts, phone calls, or other forms filled out through the Hospital's Website and Application such as appointment forms, inquiry forms, product purchase or service request forms, and news subscription forms.
We may receive your Personal Data from other sources, e.g., your family members, intimate persons, or any other third party assigned by you to register and complete your service request form. We may also receive your Personal Data from hospitals, representatives, or alliances that refer or introduce you to our services.
- Purposes and Legal Bases
5.1 We will process your Personal Data based on the following legal bases :
- We rely on contractual obligations to process your Personal Data, for instance:
- Consider registration requests to create user accounts on the Website and Application;
- Verify your identity when registering to create an account on the Website and Application;
- Register new patients into the Hospital's information system;
- Proceed with the registration of service with the Hospital through online platforms such as Booking an Appointment, Pre-registration, Telemedicine, Tele-Consultation with Doctor, Medicine Refill and Home Healthcare;
- Assist you in purchasing products and services from the Hospital through online platforms such as buying vouchers for health check-up programs and other medical treatment programs;
- Collect payment for products and services, e.g., service packages, purchased products, etc. through the Website;
- Estimate the cost of medical treatment and the service fee for consulting with a doctor; and
- Facilitate the processing of hotel reservations in the vicinity of the Hospital.
5.2 We rely on legal obligations to process your Personal Data, for instance:
- Comply with the applicable laws to achieve the objectives relating to medical diagnosis, health services, medical treatment, compliance with professional ethics, health management, insurance proceedings, and welfare regarding medical treatment for those who are legally entitled;
- Submit Personal Data to government agencies as required by law;
- Comply with court orders or orders of competent authorities as required by law;
- Pay legal fees; and
- Establish and exercise legal claim as permitted by law.
5.3 We rely on legitimate interest to process your Personal Data, for instance:
- Facilitate your access to the Website and Application;
- Allow you to access services through the Hospital's online platforms reserved for members with user accounts;
- Manage bookings and appointments for medical treatments or consulting with a doctor;
- Contact you for service of Telemedicine, Tele-Consultation with Doctor, Medicine Refill, and Home Healthcare via channels specified by the Hospital;
- Deliver doctor’s appointment notification messages or offer of assistance;
- Provide assistance, answer questions, respond to inquiries, and accept the request with regard to services;
- Contact you due to your complaint or comments on the Hospital’s services that you want to improve;
- Track your use of services to improve the quality of the Hospital’s services;
- Develop and improve service quality, increase service efficiency, and facilitate the use of services through the Hospital’s channels to the User and customers;
- Disclose your Personal Data, where it is necessary, to investigate, prevent, or act in response against suspected illegality or fraud, or to safeguard the safety, rights, or property of the Hospital or of another person; and
- Disclose your Personal Data for the purpose of internal auditing.
5.4 In the instances that you have given your explicit consent, we will collect, use, disclose and/or transfer your Personal Data for the purposes set forth in each of the following consent:
- Delivery of news, advertisements, notifications, benefits and promotions of products and services, beneficial campaigns or invitations to the Hospital’s activities via all communication channels that you have provided to the Hospital.
- Disclosure of Your Personal Data
6.1 We will not disclose your Personal Data for purpose other than those specified herein, unless having been consented to do so.
6.2 The Personal Data that you have provided to us may be transferred out of Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
6.3 We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g., insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of medicines and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are our alliance, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers. We may undertake any other actions according to the purposes specified in this Notice for the benefit of the Hospital services.
6.4 We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
6.5 Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as the Embassy and Immigration Office, or to relevant agencies in order to verify your Personal Data to prevent fraud or corruption, we reserve the right to do so without your prior consent.
- Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons
In the event that we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, given consents on their behalf.
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require dual consent from them and their legal representative.
If we become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, we will delete or destroy such data from the Hospital's system immediately.
- Cookies
8.1 We may place cookies on your device and use them to automatically collect your Personal Data when you visit the Website.
8.2 Cookies are small pieces of data sent from a website that are stored on your computer. They help record the User’s browsing activities conducted on the Hospital’s website, such as preferred languages, list of favorites, most common use, and other settings, to customize the Website to fit your preference and make internet browsing faster and easier.
8.3 You can customize your browser settings to block the use of cookies in order to prevent your browser from automatically accepting new cookies, but it may affect the quality of Website usage or difficulty in making any request or entering into any transaction with us on the Website.
8.4 We reserve the right to place cookies on your devices for the purpose of collecting your Personal Data.
You may learn more about cookies on the Website at https://www.medparkhospital.com/en/page/cookie-policy
- Retention Periods and Security Protection Measures
9.1 We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law.
9.2 We have established an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for collection purpose specified in this Notice.
9.3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means with appropriate Personal Data security protection measures against loss, and unauthorized or unlawful access, use, change, modification and disclosure.
9.4 We have limited the access to your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your Personal Data by data processors or other third parties will take place under appropriate monitoring.
- Data Subject’s Right
10.1 Under the PDPA you, as the Data Subject, are entitled to
- Request access to, or copies of, your Personal Data collected, used and disclosed by the Hospital.
- Request to receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Hospital reserves the right to charge you a fee, the amount of which is at our discretion.)
- Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
- Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
- Sequester your Personal Data from further use by any method unless the law provides otherwise.
- Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
- File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with the PDPA.
10.2 We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.
10.3 The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.
10.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason accordingly.
- Notifications, Reminders, and Location Settings
The Hospital may deliver a notification or reminder to your device. You can opt out of receiving these messages at any time by changing the notification setting on your device or by adjusting the notification settings on the Application or by changing the notification settings on your mobile phone and in the Application.
- Links to Third Parties
Some of the Hospital's online services may contain links to third-party applications or websites. Access to and usage of such applications or websites shall be governed by the privacy notice of such third parties. We refuse to be held liable to the User if such applications or websites do not comply with or operate in accordance with a third party’s privacy notice.
- Amendment
We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. The amended, adjusted, or modified notice shall be announced to you as soon as it becomes effective. Your use of the service after such amendment, adjustment, or modification is posted shall constitute your acceptance of the new notice.
- Contact Us
Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our privacy notice, you can contact us via the following channels:
TPP Healthcare International Co., Ltd.
MedPark Hospital
3333 Rama IV Rd, Khlong Toei, Bangkok 10110
Data Protection Officer
Email: DPO@medparkhospital.com
Tel: +6602-023-3333
Announced on 1st August 2022
With Best Regards,
MedPark Hospital
……………………………….
Privacy Notice for Vendors of
TPP Healthcare International Co., Ltd.,
MedPark Hospital
TPP Healthcare International Company Limited, the operator of Med Park Hospital (hereinafter referred to as the “Company” or “we”), has a wide range of specialists for treating patients. The Company, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), are aware of the importance of protecting your personal data as our business partners, contracting parties, manufacturers, and vendors at the present, in the past, and possibly in the future acting on behalf of a juristic person who is a business partner of the Company, a witness and other related persons (hereinafter referred to as “you” or “Data Subject”), we therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Company.
We ensure that the processing of your personal data will be safe guarded by standard protection measures. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.
- Definitions
"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Company as specified in this Notice.
“Sensitive Data” refers to Personal Data classified as sensitive data under the PDPA that the Company is permitted to collect, use, and/or disclose with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.
“Partners”, “manufacturers”, “vendors” include Sellers, contractors and/or service providers, including their employees, personnel, officers, representatives, agents, authorized directors of the juristic person, directors, contact persons and any other natural persons to TPP Healthcare International Co., Ltd, both legal entities and natural persons. This includes the subcontractors of the product vendors, contractors and/or service providers thereof.
- Personal Data Collection
Your personal information will only be collected to the extent as necessary. This given information can be directly derived from you through several channels which include our websites, applications and other channels e.g. online doctor appointments, online registration, E-newsletters subscription, and offline transactions. Besides information obtained from you, we might receive your information from third parties which include your family members, friends or someone who are close to you. We keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).
- Personal Data Collected by the Company
The Company will collect, use, disclose and/or transfer your Personal Data which includes, but is not limited to, the following:
3.1 General Personal Data
- Personal Information, e.g., name, surname, title, nationality, gender, age, date of birth, photograph, identification number, tax identification number, professional license number, etc.
- Contact information, e.g., telephone numbers, fax number, address, e-mail, etc.
- Work Information, e.g., occupation, job title, etc.
- Information about your work history, such as historical and work information. Information about employment and information for the management of occupational safety, health, and your work environment
- Accounting and Financial information, e.g., compensation, bank account numbers, etc.
- Information appearing on legal documents, e.g., a copy of an ID card, copy of professional license, copy of any other license issued, etc.
- Other personal data, e.g., pictures or videos from CCTV footage
- Information about the electronic device you use, such as your IP Address or Other Device Identifier.
- The type and version of the browser you use including the type and version of the browser plug-in
- Time zone setting
- *MAC Address and Location Data only if you use TPP's Free Wi-Fi service.
3.2 Sensitive Data
The Sensitive Data that we may collect, use, disclose and/or transfer is the information that appears in the copy of the national ID card, e.g., religion, ethnicity, and blood group. We will only process your Personal Data only with your prior explicit consent or as required by law.
- Source of Your Personal Data
We may collect your Personal Data from the Personal Data you have provided us through communication channels including for procurement of goods and services, exchanging business cards, information you provide through electronics platforms or channels, etc. We also may receive your Personal Data from other sources such as a referral by other persons or medical professionals that has recommended you to us, your close acquaintances and through public information search, etc.
- Purposes and Legal Bases
5.1 We will process your Personal Data based on legal bases as provided below:
- We rely on contractual obligations to process your Personal Data in order to:
- Complete contractual obligations
- Review your various application requests before entering into a contract e.g.
- Consider procurement selection
- Consider qualification before entering into the contract
- Consider or enter into a contract
- Communicate for the purchase of goods and/or services
- Perform in accordance with contracts or contractual obligations
- Act in relation to collecting or paying for goods or services
- Deliver or receive of goods or services, etc.
- We rely on legitimate interest to process your Personal Data for the following purposes:
- Procurement
- Verification of receipt of goods or services
- Inspection and follow-up on the performance of the contract
- Verification of the compliance or quality of the goods or services
- Verification and confirmation of identity in connection with entering into transactions or contracts
- Performance evaluation
- Investigation or fact verification
- Consult for the establishment of legal claim or proof in legal process
- Disclosure to an external service provider for accounting, financial, and IT service purpose
- Recording through CCTV for security in the building or premises security
- To improve TPP Healthcare International Co., Ltd. services by conducting a questionnaire to survey your satisfaction, etc.
- For the legitimate interests of TPP’s regarding various security aspects, such as implementing security measures such as computers and cyber security, entering TPP's premises, logging-in to a website or application
- We rely on legal obligations to process your Personal Data in order to comply with laws related our business operation such as carrying out any accounting and financial activities, such as audits, notification and collection of debts, issuing tax invoices and evidence of various transactions as required by law, collection of Personal Data as required by law, disclose or submit Personal Data to government agencies as required by law, compliance with applicable laws, regulations, orders of competent authorities, and court orders, payment of legal fee, establishment or exercise legal or judicial claim, etc.
- We rely on vital interests to process your Personal Data to prevent and suppress dangers to life, body, or health such as emergency contact, and communicable disease control and prevention.
5.2 In the event that you have given your explicit consent, we will process your Sensitive Data to use a copy of your national ID card that contains Sensitive Data such as religion and blood type to verify your identity.
- Disclosure of Your Personal Data
6.1 We will not disclose your Personal Data to third parties for purposes other than specified herein, except as stated in this policy and unless having been consented to do so.
However, we may disclose your Personal Data to our group companies and affiliates or third parties to carry out accounting audit, seeking legal advice, litigation, and taking any other action necessary for the purposes stated in this Notice for the benefit of our operation. We will ensure that these individuals will process your Personal Data strictly in accordance with this Notice and according to law.
6.2 Where it is necessary to disclose your Personal Data to any governmental or regulatory agency such as the Revenue Department or disclose information as directed by any government agency or regulator, we reserve the right to do so without your prior consent or having to act in compliance with the law.
- Retention Periods & Security Measures
7.1 We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data according to valid agreements, accounting standards, prescription periods, legal obligations (for example, the general legal age of up to 10 years), establishment of or exercise legal claim according to law.
7.2 We have a system to monitor for the deletion or destruction of Personal Data when the retention period has expired, or if such Personal Data is unrelated to or beyond the necessity for the purpose of data collection as specified in this Notice.
7.3 We retain your Personal Data in the form of documents, electronic files, computer systems, or other means with appropriate Personal Data security protection measures against loss, unauthorized or unlawful access, use, alteration, modification, and disclosure.
7.4 We limit access of your Personal Data and adopt technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your Personal Data by data processors or other third parties will take place appropriately according to Hospital instruction.
- Data Subject’s Right
8.1 Under the PDPA you, as the Data Subject, are entitled to:
- Request access to and/or obtain a copy of your Personal Data the Hospital collected, used, and disclosed.
- Request to send or transfer your Personal Data, in a form collected by us readable, usable, and accessible in an electronic format, to another party (the Company reserves the right to charge a fee, the amount of which is at our discretion.)
- Object to the collection, use, and/or disclosure of Personal Data to the extent permissible by law.
- Have your Personal Data deleted, destroyed, or anonymized to the extent permissible by law.
- Sequester your Personal Data from further use by any method unless the law provides otherwise.
- Withdraw your consent given to us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
- File a complaint with the competent officer authorized under the PDPA if you believe we have violated, or do not comply with, the PDPA.
8.2 We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.
8.3 The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.
8.4 To exercise your right, you may contact us via the contact information provided in this Notice. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason, accordingly.
- Amendment
We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. If such changes occur, we will inform you of the amended, adjusted, or modified content in the designated channel as soon as it becomes effective. New Notice will only apply to you upon your use of service after the revision.
- Contact Information
Should you wish to exercise any legal rights specified above or have any questions, concerns, suggestions, or complaints regarding our Notice, you can contact us via the following channels:
TPP Healthcare International Co., Ltd.
MedPark Hospital
3333 Rama IV Rd, Khlong Toei, Bangkok 10110
Data Protection Officer
Email: DPO@medparkhospital.com
Tel: +6602-023-3333
Announced on 1st August 2022
With Best Regards,
MedPark Hospital
……………………………….
Privacy Notice for CCTV of
TPP Healthcare International Co., Ltd.,
MedPark Hospital
TPP Healthcare International Co., Ltd., the operator of MedPark Hospital (hereinafter referred to as the “Hospital”), as data controller under the Personal Data Protection Act B.E. 2019, will collect, use, and/or disclose your personal data and sensitive data through CCTV System.
- Purpose of Collection, Use, and/or Disclosure of Your Personal Data
The Hospital will collect, use and/or disclose your personal data for the purpose of security based on its legitimate interest.
- Personal Data Collected by the Hospital
The Hospital will collect your personal data from the Hospital’s CCTV system, including images and videos, which records your physical appearance, vehicle, and vehicle license plate number when entering and exiting the Hospital.
- Source of Your Personal Data
The Hospital’s CCTV within the Hospital premises.
- Retention Period
The Hospital will retain your personal data for 30 days. Where any dispute or investigation occurs, the Hospital may retain your personal data until the dispute or investigation is resolved or finalized.
- Disclosure of Your Personal Data
Hospitals may need to disclose your data to a police officer, government officials, or any regulatory agency with legal power to comply with the law or court order.
- Your Rights
You have the following rights with respect to your personal data under the responsibility of the hospital. This must be in accordance with the provisions or limitations of law.
- To withdraw your consent to the collection, use or disclosure of personal information.
- To request access and/or obtain a copy of personal data or request the disclosure of means of acquisition of such information.
- To request to send or transfer your personal data to another person;
- To object to the collection, use, or disclosure of your personal data;
- To request the deletion, destruction, or anonymization of your personal data which must be in accordance with the law;
- To suspend the use of your personal information which must be in accordance with the law;
- To request that your personal data be made accurate, current, complete and does not cause misunderstandings.
- Contact Us
Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our Notice, you can contact us via the following channels:
TPP Healthcare International Co., Ltd.
MedPark Hospital
3333 Rama IV Rd, Khlong Toei, Bangkok 10110
Data Protection Officer
Email: DPO@medparkhospital.com
Tel: +6602-023-3333
Announced on 1st August 2022
With Best Regards,
MedPark Hospital
……………………………….