Privacy Policy
Buds Phuket Co., Ltd. (the Company)
The information you provided appears to be the introduction to a document or policy from a company named “Buds Phuket Co., Ltd.” The introduction states that the company is committed to protecting the personal data of individuals who are data subjects. It mentions that personal data will be protected according to the Personal Data Protection Act of 2019 The company, as the data controller, is responsible for notifying individuals about the reasons and methods used for collecting, using, or disclosing their personal data, as well as informing them of their rights as data subjects.
- Definitions:
- “Personal Data” means data relating to an individual that makes it possible to directly or indirectly identify that individual, excluding data of deceased persons.
- “Sensitive Personal Data” means personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, labor union membership, genetic data, biometric data (e.g., facial recognition data, iris scan data, fingerprint data), or any other data that may impact the data subject in a similar manner as declared by the Personal Data Protection Committee.
- “Medical Data” means the following data:
- Current and past medical history
- History of drug allergies and medication side effects
- History of food allergies
- List of medical procedures performed by the healthcare team
- Prescribed medications
- Reports from laboratory tests or radiology results
- Date of admission for medical treatment
- “Processing” means the collection, use, or disclosure of personal data.
- “Data Controller” means a person or legal entity with the authority to make decisions regarding the collection, use, or disclosure of personal data.
- “Data Processor” means a person or legal entity that processes personal data on behalf of the data controller. The person or legal entity acting as a data processor does not control personal data.
- “Network Healthcare Facility” means healthcare facilities within the network or affiliated with Hope Rehab and Nursing Center, whether operating within Thailand or internationally.
2. Personal Data Collected by the Company
The personal data collected by the Company can be categorized as follows:
Types of Personal Data | Detail |
| For Vendors: Name, Last Name, National ID, Tax Identification Number, Date of Birth |
2. Contact data | For Vendors: Phone Number, Email |
3. Financial Data | For Vendors: Bank Account Number |
4. Computer Usage Data | For Website Visitors: IP Address of the computer, Browser Type, Cookie Information, Time Zone Settings, Operating System, Platform, and Technology of the device used to access the website, and Online appointment system data. |
3. Sources of Personal Data
The Company collects your personal data directly from the following sources:
- When you visit the website https://www.thehoperehabilitation.com to access information about the Company’s services or when you contact the Company to inquire about its services.
- When you have contacted the Company regarding service inquiries, registered for healthcare services, or undergone health checkups through the Company’s various online channels.
- When your information has been publicly disclosed by individuals close to you, relatives, spouses, or by individuals or entities, whether governmental or non-governmental, that have registered you for examinations and treatment with us or have paid for services on your behalf.
4. Purposes of Collecting, Using, and Disclosing Personal Data
The Company processes your personal data within the limits specified by the Personal Data Protection Act of 2019 and only to the extent necessary for the purposes outlined. The Company summarizes the purposes for which your personal data is used and provides the lawful basis for processing as follows:
Purposes | Data Types | Lawful Basis of Processing in Accordance with the Law |
1.1. In providing medical services at the rehabilitation center, the medical team, nurses, and/or other rehabilitation team members of the company will record your personal data. Your personal data will be used for consulting with the medical team, specialists, and may include taking still and motion pictures for tracking your treatment progress or any related professional activities throughout your period of care and rehabilitation. The company will explain the details of your data before proceeding and provide an opportunity for you to ask questions until you are satisfied. 1.2. In cases where it is necessary to link data between healthcare facilities within the network for the benefit of providing medical services to you, the medical team, nurses, and/or other personnel involved, the company may disclose your personal data to healthcare facilities within the network when it is necessary to use data jointly. |
|
|
Purposes | Data Types | Lawful Basis of Processing in Accordance with the Law |
Hospitals within the network, for certain types of treatments, have established data protection measures with mutual agreements to prevent the unauthorized use of your personal data. 1.3 For the purpose of transferring patients between hospitals (Refer) in cases where the company has requested or received a request to move patients from one hospital to another, the company will follow the patient referral process established by the company’s standards and will use your personal data solely for the purpose of patient referral. It will not be used for any other purposes. | ||
2. For the purpose of research and analysis to improve the quality of care and rehabilitation, the company may use your personal data for research and analysis to enhance the quality of care and rehabilitation. This will be done in the form of aggregated reports that do not identify the individual, and the company will strictly maintain the confidentiality of your data. | – Statistical data | For the legitimate interest of the company, to analyze statistical data without using personally identifiable information to develop and enhance the efficiency of the organization in the healthcare sector (Article 24(5)). |
Purposes | Data Types | Lawful Basis of Processing in Accordance with the Law |
3. To facilitate the legitimate interests of the insurance company with which you have a contract, for the purpose of claiming insurance benefits or accessing healthcare expenses when you have entered into an agreement with the insurance company and have consented to the rehabilitation company (the Company) disclosing your personal information to the insurance company for the purpose of insurance claims and payments. In this regard, the Company is required to disclose your personal information to the insurance company for the purpose of fulfilling the contract you have made with the insurance company. However, the Company will not disclose your personal information to any unrelated third parties. |
| To fulfill a contractual obligation or to take steps at your request before entering into a contract (Article 24(3)) |
4. To disclose information to your employer when you have given consent to disclose your personal data to your employer. This is in cases where the sending party is not a government agency, private sector, or a state enterprise but is the one who sends you for medical examination or pays for the medical examination service. The company will disclose the medical examination results, which are sensitive personal data, to your employer only if you have consented to the disclosure. If you do not provide such consent, the company will directly provide you with the results of the medical examination. | – | Obtained your consent (Article 26). |
Purposes | Data Types | Lawful Basis of Processing in Accordance with the Law |
5.For marketing purposes of the Company, the Company may collect, use, and process personal data to analyze your health status, and to contact you for medical news, and to offer promotions, products, and services to you as you have consented. |
| The company will proceed with this matter only after obtaining your consent for using your health-related data for marketing purposes (Article 26). |
The company will not use your personal data for purposes other than those specified above, except in cases where it is necessary and permitted by the Personal Data Protection Act B.E. 2562. For example:
- To comply with legal requirements.
- To establish rights or claims under the law.
To prevent or mitigate threats to the life, body, or health of individuals, among other similar purposes.
5. Disclosure or Sharing of Personal Data
- The company may disclose or share your personal data with external parties, such as data processors necessary for the company’s operations. The company will require these external parties to maintain confidentiality and protect your personal data according to the standards set by the Personal Data Protection Act of 2019 and use your personal data for the purposes specified by the company or as instructed by the company. External parties will not be able to use your personal data for purposes beyond those specified.
- The company may store personal data in cloud computing systems provided by third parties, whether located in Thailand or abroad. The company will enter into contracts with these third parties with due diligence and consideration for data security measures in accordance with applicable data protection laws to safeguard your personal data.
- The company may disclose your personal data to government agencies, individuals, or legal entities as required by law or pursuant to court orders.
6. The duration of personal data retention.
- The company will retain the personal data received from you for the duration specified in the agreement between us and will continue to store it for an additional 5 years.
- In cases where the company is required to comply with the law, follow court orders, or establish rights according to the law to engage in any dispute resolution process, the company may retain personal data for the duration prescribed by the law, depending on the specific circumstances.
- Once the period specified in points 1 or 2 has elapsed, the company will proceed with the destruction of the personal data following the company’s data destruction procedures, completing the process without delay.
7. Measures for the Storage and Processing of Personal Data
- The company will manage the storage of personal data with security measures that meet or exceed the legal requirements. This will include using Secure Sockets Layer (SSL) protocols, firewall protection, passwords, and other technical measures to secure data transmitted over the internet. Data will be stored in locations with limited access for individuals who are authorized to access personal data, and it may be in physical or electronic document formats.
- The company restricts access to personal data to its employees, agents, partners, or external parties as defined and specified. External parties accessing personal data are required to maintain confidentiality and protect personal data as prescribed.
- The company has implemented technology measures to prevent unauthorized access to computer systems.
- The company has a data destruction process in place to manage the destruction of personal data that is no longer necessary for the company’s operations.
- In the case of sensitive personal data, the company has security measures in place for data access and control. This includes user authentication, backup systems, and emergency plans, as well as regular risk assessments and evaluations of the system’s security.
8. Transfer of Personal Data to Foreign Countries
In some cases, the company may need to transfer your personal data to foreign countries. The company may proceed with such transfer after notifying you of the purpose of such action and obtaining your consent. The company will also inform you of the data protection standards that may not be sufficient in the destination country.
The company may transfer your personal data without seeking your consent in cases where such transfer is necessary to fulfill a contract in which you are a party, or to carry out your pre-contractual requests, or in compliance with the provisions of the Personal Data Protection Act of 2019.
9. Cookie Policy
When you visit the company’s website, the company uses cookies to ensure that you have a good user experience on the website. Cookies are small files that store and record information on your computer or communication device when you access the website through the web browser of your choice while visiting the website.
The company uses cookies to collect the identity of your website visits, and this identity makes it easier for the company to remember the characteristics of your website usage. This information is used to improve the company’s website to better meet your needs, making it more convenient and efficient for you to use. Sometimes, the company may need to involve third parties in these operations, and they may need to use internet protocol (IP) addresses and cookies for analysis, linking data, and processing for marketing purposes. You can configure cookies when you access the company’s website, allowing you to choose whether or not to allow cookies to analyze, link data, and process for marketing purposes.
10. The rights of the data subject.
As the data subject, you have the following rights to request that the Company take actions regarding your personal data within the limits permitted by law:
Right to withdraw consent: You have the right to withdraw your consent for the processing of your personal data that you have previously given to the Company at any time during the period that your personal data is with the Company.
Right of access: You have the right to access your personal data, and you may request that the Company provide copies of your personal data, including any data that you have not provided consent for the Company to process.
Right to rectification: You have the right to request that the Company correct any inaccuracies or incompleteness in your personal data.
Right to erasure: You have the right to request that the Company erase your data under certain circumstances.
Right to restriction of processing: You have the right to request that the Company restrict the processing of your personal data under certain circumstances.
Right to data portability: You have the right to request the transfer of your personal data that you have provided to the Company to another data controller or yourself under certain circumstances.
Right to object: You have the right to object to the processing of your personal data under certain circumstances.
- You can contact our Data Protection Officer (DPO) at the following email address: thehoperehab.info@gmail.com or by phone at 080-268-8962 to exercise these rights.
11. Changes to the Personal Data Protection Policy
The Company may review and amend its Personal Data Protection Policy in the future to improve the protection of personal data. The Company will notify you every time there are changes to this policy.
12. Contact Information
You can contact the Data Controller, inquire, or exercise any rights related to personal data at Hope Rehab and Nurs Home, 14/11 Moo 9, Chao Fa Tawan Tok Road, Chalong, Muang Phuket, Phuket Province, 83130.