(Last updated: 5 October 2017)
“You” or “your” means any individual to whom the Act applies and includes an individual actual or prospective customer but excludes any corporate entity (including corporate customers) and any other entity that is excluded under the Act.
“Personal Data” refers to data, whether true or not, about an individual who can be identified from that data in combination with other information to which the organization may have access and includes the meaning otherwise as defined in the applicable Act as amended from time to time.
You may contact your legal counsel to obtain information pertaining to the prevailing local Act on privacy and personal data protection in the country which you are employed.
2. Collection and consent
2.1 Personal Data may be collected from you in one or more of the following ways:
(a) when you use, download information or brochures, or access our website;
(b) when you contact us or request that we contact you;
(c) when you respond to our promotions, campaigns or other initiatives or attend our events;
(d) when following or posting comments or responses on social media or other similar facilities;
(e) when we receive references from business partners and third parties, for example, where you have been referred by them;
(f) when you submitted your Personal Data to us for any other reasons; and/or
(g) when we collect your Personal Data by other lawful means.
2.2 Personal Data may include but not limited to name, title, contact details, email addresses, mailing addresses and/or any other form of Personal Data required for us to carry out Purposes as defined in this Policy.
2.3 The Company provides services to its customers that operates healthcare infrastructure and provide healthcare services to patients (e.g. hospitals, polyclinics and clinics). From time to time, such customers provide personal data that includes Government related identifiers to enable the Company to carry out its obligations to its customers. The Company, on its own does, not collect, retain or use Government related identifiers (e.g. driver’s license or passport numbers) for the Purposes mentioned in this Policy.
2.4 Unless permitted by applicable laws, we will not collect Personal Data without your consent. Consent is obtained from you when data is collected in the manner prescribed above.
2.5 You warrant and represent to us that (a) Personal Data which you disclose to us is accurate and complete and (b) where you volunteer Personal Data of another person to us, that you are authorized by such other person to disclose such Personal Data to us, and that such Personal Data is accurate and complete.
3.1 Your Personal Data may be collected, used and/or disclosed for the following purposes:
(a) To manage, develop, improve and ensure that content from our website is presented in the most effective manner for you and for your computer.
(b) To facilitate the provision of our services to you.
(c) To respond and deal with enquiries, complaints and other customer-care matters or otherwise communicate with you.
(d) To send you information, promotions, updates, marketing and advertising materials in relation to our services.
(e) To carry out our obligations arising from any contracts which may be entered into between you and us.
(f) To facilitate your participation in interactive features of our services, when you choose to do so.
(g) To notify you about changes to our services.
(h) To comply with legal and regulatory requirements.
(i) To facilitate business asset transactions (which may extend to any mergers, acquisitions or asset sales).
(j) For other purposes for which we have obtained your consents.
(k) For any other purposes, reasonably necessary, ancillary or related to the above specified purposes and other circumstances authorised by the applicable laws and regulations.
3.2 Your Personal Data may be disclosed for the purposes indicated above to our officers and employees, affiliates, service providers, advisors, which include without limitation, the following persons or entities:
(a) Banks, credit card companies and payment vendors.
(b) Logistics and courier services companies.
(c) Our business partners.
(d) Relevant government regulators or authorities or law enforcement agencies.
(e) Our insurers and advisors, including consultants, auditors and lawyers.
(f) Data intermediaries.
(g) Any other party to whom you authorize us to disclose your Personal Data.
3.3 Disclosure for other than the purposes indicated is permitted to the maximum allowed by the law in the country of your employment. Otherwise express consent has to be obtained from you.
3.4 If you subscribe to receive electronic newsletters from us, you have the option to remove yourself from our mailing list at any time. Each newsletter we send to subscribers will have facility to opt out of receiving further communications from us.
3.5 Your Personal Data may be transferred, stored and/or processed in a country or territory outside your country of employment and you consent to any such transfer, storage and/or processing of your Personal Data outside in those circumstances. We will however ensure that any party to whom we transfer your Personal Data outside your country of employment provides to such Personal Data a standard of protection at least comparable to the protection under the Act.
4. Withdrawal of Consent
4.1 You may withdraw your consent to our continued use and disclosure of your Personal Data at any time by contacting our Privacy Officer(s). You may also withdraw your consent for specific forms of communication and on specific communications via the unsubscribe options as stated on our email or other marketing messages.
4.2 In withdrawing your consent, you acknowledge that we may not be able to facilitate or continue facilitating the provision of services to and effective use and access to our website by you and we may cease facilitating such provision accordingly without any liability.
5. Accuracy, Access and Correction
5.1 We will attempt to ensure that your Personal Data we use is sufficiently accurate and complete in making any decision that impacts you.
5.2 To help us maintain the accuracy of your Personal Data, we encourage you to inform us when there are changes to your Personal Data which you have provided us. We will correct or complete your Personal Data as soon as reasonably practicable.
6. IP Addresses and Cookies
6.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is only statistical data and does not identify any individual.
6.2 We may use “cookies”, which are small pieces of information that are stored by your browser on your computer’s hard drive, to enhance the user experience of the website. You may at any time refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies.
7. Security and Protection
7.1 We will endeavour to protect your Personal Data in our possession or control against risks of unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction, through reasonable and appropriate security measures. We strive to ensure that our systems are secure and they meet industry standards.
7.2 To prevent unauthorized access, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data we collect. Notwithstanding our security measures for protecting your Personal Data, you acknowledge that no data transmission over the Internet is completely secure and by providing your Personal Data, you are transmitting information at your own risk.
7.3 In the event that there is a serious data breach involving the unauthorised access or disclosure of personal information, credit reporting information or tax file information, and which puts the individuals at real risk of serious harm, we will take all reasonable steps to remedy the breach as soon as reasonably practicable after we become aware of the breach.
7.4 If we are unable to remedy the breach, we will notify the local Regulating Authorities and, if possible the person affected by the breach.
7.5 If we are required to notify the Regulating Authorities of a serious data breach, the notification will include:
(a) Our identifications and contact details;
(b) A description of the serious breach;
(c) The kinds of information concerned; and
(d) Recommendation about the steps that individuals should take in response to the serious data breach.
8. Retention of Personal Data
We will retain your Personal Data for as long as you use or access our website and as may be necessarily required or relevant for business or legal purposes.
9. Other websites
We take all complaints seriously and intend to resolve your complaint within a reasonable time frame. Any complaints relating to this Policy should be directed to the Privacy Officer(s) by emailing in the first instance. We will respond to your complaint in writing within a reasonable time frame. You may also lodge with your local Regulatory Authorities as defined by Act within your country of employment.
11. Privacy Officer
Privacy Officer(s) may be contacted at the following:
Mailing Address: 18th Floor, Tonson Tower, 900 Ploenchit Road, Lumpini, Pathumwan, Bangkok 10330, Thailand