Privacy Notice
Bangkok Chain Hospital Public Company Limited and its affiliates, which are service providers of the following hospital groups: (a) World Medical Hospital Group (b) Kasemrad International Hospital Group (c) Kasemrad Hospital Group and (d) Karunvej Hospital Group including a polyclinic and other businesses (hereinafter referred to as the “Group”), values your personal data given to the Group. Therefore, the Group has developed a Privacy Notice to inform you of the methods, rights and purposes of collecting, using and disclosing personal data, to ensure that the Group has processed your personal data in accordance with the purposes and in compliance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”).
1. Type of Personal Data
“Personal Data” means any information relating to any individual that can identify the person's identity whether directly or indirectly. It does not include the information of the deceased in particular or any other personal data required by the Personal Data Protection Act. The Group may collect and use your personal data as follows:
- Identifiable information such as name, surname, nickname, gender, age, date of birth, nationality, photograph, video recordings, ID card or passport number, marital status, occupation, name of company or organization of work, vehicle registration, and information of related persons such as family members or other identifiable information in a similar manner;
- Sensitive personal data such as facial scans, fingerprint scans, health check results, ethnicity, health information, genetic information, biological information and criminal records;
- Contact information such as address, telephone number, email, Line ID, Facebook account or other contact information in a similar manner;
- Membership information such as membership number, type, and the start and end date of membership.
- Employment information such as position, salary or other compensation, welfare and benefits under the employment contract, expense reimbursement history, entry and exit information, performance assessment results and any other assessment results, information on complaints, grievances, investigations and disciplinary action;
- Financial information such as information about investments in the Group, bank account numbers, bank account type, compensation, tax information, deductions or expenses, and details of transactions with the Group;
- Preferences and interests information such as satisfaction and opinion on products and/or services of the Group;
- Qualification information such as work history and experience, skills, specialization, certificate, professional aptitude, license, and other qualification information in a similar manner;
- Security information such as recordings from CCTV or other security information used for the Group's safety; and
- Website access information such as IP Address, Cookies, and other information in a similar manner.
For personal data collected before 1 June 2022, the Group will process such personal data in accordance with the Personal Data Protection Act. However, if you no longer wish the Group collecting and using such personal data, you can withdraw your consent at any time by contacting the Group or our Data Protection Officer as detailed in Clause 11.
2. Personal Data Collection
The Group may collect your personal data directly or through other channels as follows:
- Website: The Group may collect your personal data when you browse the Group's website and applications through Cookies or similar technologies, likewise when you use the service or access to the internet network of the Group;
- Related person: The Group may collect your personal data from your coordinator, secretary, contact person or any other related person such as an attorney, legitimate representative, family members, references or colleague;
- Related organizations: The Group may collect your personal data from companies or organizations associated with you, such as a company you work for including your business partners or service providers who are business partners of the Group; and
- Public sources: The Group may collect your personal data from public sources such as government agencies, state enterprises, and regulatory agencies including public websites or social media.
3. Retention Period of Personal Data
The Group will retain your personal data as necessary to achieve the objectives under this Privacy Notice. The retention period for personal data is as specified in the Personal Data Protection Policy.
However, the Group may retain your personal data as long as (a) the Personal Data Protection Act and/or other relevant laws will allow (b) the Group and the data subject still have a legal relationships (c) the Group is legally obligated to retain personal data (d) consent is given to the Group and/or (e) necessity within the framework of the law to achieve the purposes of processing in accordance with the Privacy Notice.
4. Purpose of processing personal data
Your personal data will be collected, used and disclosed for the purposes listed in clause 5 including any other purposes specified in the Privacy Notice or under your given consent to or as prescribed by the Personal Data Protection Act and/or other relevant laws.
5. Use and Disclosure of Personal Data
For the purposes set out in this Privacy Notice, Personal Data Protection Policy, consent letter, other purposes as permitted or prescribed in the Personal Data Protection Act and/or other relevant laws, your personal data may be disclosed or transferred to third parties and/or government agencies.
The Group may disclose or transfer your personal data to individuals or other organizations outside the Kingdom of Thailand (if any). Such operations will be conducted as necessary for the purposes stated in this Privacy Notice and Personal Data Protection Policy only. The Group shall provide necessary safety protection measures that is suitable for transferring personal data outside the Kingdom of Thailand. In the event that the destination country has insufficient standards, the Group will supervise the transfer of personal data in accordance with the exceptions set out in the Personal Data Protection Act or other relevant laws.
6. Cookies
Cookies are small pieces of information sent from the Group's website to your computer when you visit the Group's website. This will store details of your computer traffic data (Log Files) such as the first language chosen, system user, or other settings. The Group may collect Cookies and similar technologies when you interact or transact with the Group via the internet including visiting the website of the Group or a website that the Group be in control.
7. Measures and Policies about Personal Data
The Group realizes the importance of complying with the relevant laws and the Personal Data Protection Act. Therefore, in order to protect and maintain the security of your personal data, the Group complies with measures and policy guidelines as follows to keep your personal data safe.
- Policy for establishing security measures of personal data;
- Policy for responding to requests or orders for access to personal data from government agencies; and
- Disclosure policy among companies within the Group.
8. Your Rights as a Data Subject
You have rights under the Personal Data Protection Act. Such rights are subject to the rules prescribed by the Personal Data Protection Act and related laws. The Group has prepared a request for you to exercise the rights as a data subject and published on the website of the Group at www.bangkokchainhospital.com. You, as a data subject, can download and submit the request form to exercise your rights to express your intention in accordance with the rules of the Personal Data Protection Act and relevant laws. You can exercise the rights as a data subject by contacting the Group or our Data Protection Officer as detailed in Clause 11.
9. Privacy Notice of Other Websites
This Privacy Notice applies solely to the activities and use of the website of the Group. The website or application of the Group may contain links that can direct you to other party’s website or applications. However, if you click on the link to other party’s website or applications, you must separately consider the Privacy Notice displayed on that website or application prior filling in or submitting any of your personal data. The Group shall not be responsible for the processing of personal data or the use of Cookies on other party’s websites or application that you have accessed through the website or application of the Group.
10. Review and Amendment
The Group will review this Privacy Notice on a regular basis to comply with the amendments to the Personal Data Protection Act and other relevant laws. Additionally, the Group will review this Privacy Notice when necessary or when technology changes in order to provide appropriate security. However, if there are any changes or amendments to this Privacy Notice, the Group will immediately publish such changes on the Group's website.
11. Contact us
If you have any questions or inquiries about this Privacy Notice or other activities of the Group including the exercise of the rights specified in Clause 8, please contact our Data Protection Officer as detailed below:
To: Data Protection Officer
Address: 44 Moo 4, Pakkret Sub district, Pakkret District, Nonthaburi Province Thailand 11120
Contact number: (66) 02-836-9999
Email: dpo@bangkokchainhospital.com
For more details on the Privacy Notice and other related documents, please find below.