Healthcare Expert!

at Your Fingertips

Personal Data Processing Notification (Privacy Notice) Health Plaza Co., Ltd.

Health Plaza Company Limited, affiliated company of Bangkok Dusit Medical Services Public Company Limited (“Company”), commits to protect your personal data as a patient who undergoes investigation, treatment and medical services including other services provided by the Company. Your personal data is to be protected in compliance with the Personal Data Protection Act B.E. 2562. The Company as a controller of such personal data is responsible by law for notifying you of this document for reasons and methodology the Company collects, gathers, uses or discloses your personal data, including informing you your rights as an owner of such personal data.

1. Definition

“Personal Data” means information related to an individual that can be identifiable either directly or indirectly excluding the information of the decreased particularly

“Sensitive Personal Data” means individual data related to race, ethnicity, political opinion, beliefs, religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic data, biological data (such as facial image data, iris simulation data, fingerprint replica) or any other information that affects the owner of personal data in a similar manner as defined by committee of personal data protection.

“Process” means collect, gather, use or disclose.

“Personal Data Controller” means an individual or juristic person who has authority in decision making about collection, gathering, use or disclose of personal data.

“Personal Data Processor” means individual or juristic person who perform collection, gathering, use or disclose of personal data according to orders or on behalf of a personal data controller, in addition, the individual or juristic person performing actions as above must not be a personal data controller.

“Bangkok Dusit Medical Services Group” includes companies in Bangkok Dusit Medical Services Public Company Limited’s network are currently existing or will be in the future, regardless it may be registered in Thailand or overseas, including Health Plaza Company Limited.

2. Personal data the Company collects from you

Your personal data collected by the Company can be classified as followings:

Type of Personal data Details
1. Personal Data Such as name, surname, ID card number, face image, gender, date of birth, passport or other identifiable numbers
2. Contact Data Such as address, telephone number, e-mail address
3. Financial Data Such as billing information, credit or debit information, bank statement, salary information, receipt information, invoice information
4. Marketing Data Such as registration information used for subscribe and marketing participation
5. Statistical Data Such as anonymous information, number of users and number of website view
6. Technical Data Such as IP Address of computer, type of browser, Cookies information time zone setting, operating system, platform and technology of devices used for accessing website and Online Appointment System
7. Health Data                           Such as treatment information of user, information about drug use and drug allergy, food allergy and/or congenital diseaseม list of prescribed medication, necessary information for providing services and consultation, medical services, information of feedback and treatments, follow up services as well as selling medicines/other health products both in online and offline channels.
3. Sources of Personal Data

The Company collects and gathers your Personal Data from the following sources:

  1. Personal Data directly collected from you whether in person or online channel are as follows
    • when you contact the Company to inquire about the Company's services. 
    • when you are our service receiver or member
    • when you are counterparty in any agreement with us
    • when you participate in our promotional activities
    • Personal Data from cookies when you enter into our website. Those information helps the Company in providing better, faster, and safer services when you use the website. Please see additional information in the Company's cookie policy in Clause 11.
  2. Personal Data indirectly collected from you are as follows
    • Personal Data from an agency or third party that are our partner, which may be an e-commerce platform or marketplace that receives your information for the Company to sell products or services to you. The Company will proceed according to the purpose of selling the product or service and will not illegally disclose the information to other persons/agency.
    • the Company has been assigned by another person or agency to take any action with the Personal Data as a Data Processor of such person or agency. The Company will not use Personal Data other than the purposes assigned to us.
4. Share of Personal Data with Bangkok Dusit Medical Services Group
  1. Since the Company is the affiliated company of Bangkok Dusit Medical Services Group, the Company may be required to share Personal Data with companies in Bangkok Dusit Medical Services Group in order to sell products and services of Bangkok Dusit Medical Services Group such as when you want to receive health checkup service with one of the companies in Bangkok Dusit Medical Services Group and contact the Company, the Company will connect your Personal Data with Bangkok Dusit Medical Services Group. Your Personal Data will be encrypted and pseudonymized to protect your Personal Data before sharing to Bangkok Dusit Medical Services Group. Such Personal Data will not be used other than the purposes assigned from Bangkok Dusit Medical Services Group.
  2. The Company and Bangkok Dusit Medical Services Group have mutual agreement to keep confidentiality and protect your Personal Data according to the standards set forth in the Personal Data Protection Act B.E. 2562.
5. Purpose of Personal Data Collection, Use and Disclosure

The Company processes your personal data under a scope as defined by Personal Data Protection Act B.E. 2562 and processes the data only as necessary for aforementioned action. The Company concludes the use of your Personal Data as well as explaining Lawful Basis of Processing for the data as below details.

No. Purpose Type of Data Lawful Basis of Processing
1. Serving interested parties and members as follows: medical services, health care products and skin care products - Identification information
- Information for contact
- Health Information
- Financial Information
- Statistical Information		 1. It is necessary for comply with the service agreement with you as a party to the Company (Section 24(3))
2. For the collection and use of your health information. The Company will proceed with your explicit consent (Section 26).
2. To manage our relationship with you as a customer (Customer Relations) by organizing various promotional activities. - Identification information
- Information for contact
- Statistical Information
- Information from using the website/activity		 It is necessary for the performance of the service agreement with you as a party to the Company (Section 24(3))
3. Collect customer statistics to improve the quality of the Company's services without using information that identifies the data subject and the Company will strictly maintain the confidentiality of such information. - Statistical Information
- Information from using the website/activity		 For the Company's legitimate interest in analyzing statistical data without using personally identifiable information to improve and increase the efficiency of services (Section 24(5))
4. To administer the Company's website so that visitors can use it efficiently and to solve technical problems that arise in the use of the website. - Statistical Information
- Information from using the website/activity
- Technical Information		 For the Company's legitimate interest in analyzing statistical data without using personally identifiable information to improve and increase service efficiency (Sectiom.24(5)).
5. To provide the Services through the Company's website and the mobile application to facilitate you to receive services more conveniently and to enable you to manage information through the website and application. - Identification information
- Information for contact
- Statistical Information		 It is necessary for the performance of the service agreement with you as a party to the Company (Section 24(3)).
6. For marketing purposes, by analyzing your behavior and interest data to develop, present and/or recommend the Company's products and services that you may interest by organizing various promotional activities through marketing communications directly to you. - Identification information
- Information for contact
- Application information and participate in the marketing activities		 The Company will seek for your consent for us to use your Personal Data for direct marketing (Section 24).

Apart from aforementioned purposes, the Company will not use your Personal Data for other purposes unless the Personal Data Protection Act B.E. 2562 permits such as

  • For legal compliance of the Company
  • For establishment rights for legal claims
  • For needs to comply with Labor protection law, provision of medical welfare, social security
  • For public health interests or other social protection as the company establishes appropriate measures to protect basic rights and benefits of personal data owner
6. Disclosure or Sharing of Personal Data

The Company will not disclose your Personal Data to other person except when laws permit for needs in operation so the Company may disclose your Personal Data for the following cases:

  1. Disclose Personal Data to government agency, authority agency or any person when laws define or authorize, including complying with court orders
  2. Disclose personal data to individual or juristic person the Company needs to comply with contract or for your benefits as an owner of Personal Data. The Company requires those individual or juristic person must maintain confidentiality and protect your Personal Data according to standards as defined by the Personal Data Protection Act B.E. 2562. Individual or juristic persons in this Clause are as listed below
    • Bangkok Dusit Medical Services Group
    • E-Marketplace platform and online platform
    • Marketing agency or consultant
    • Person or company that specialize in medical services.
    • Necessary personal data analysist for the Company’s operation such as employee, or laboratory service provider, database management, telecommunication, computer system, payment or Technology Outsource
    The Company determines above individuals or juristic persons which the Company discloses or shares your Personal Data that they must keep confidentiality and protect your Personal Data according to the standards set forth in the Personal Data Protection Act B.E. 2562 and use your Personal Data only for the purposes specified between the Company and such individuals or juristic persons to prevent the wrongful disclosure of Personal Data and prevent the use of your Personal Data other than the purposes agreed upon.

  3. The Company may maintain Personal Data in Cloud Computing by using such services from the third party located in Thailand or overseas. The Company makes a contract with mentioned persons very thoroughly and considers the security safety for storing Personal Data of such Cloud Computing service providers to protect Personal Data.
7. Retention Period of Personal Data
  1. The Company retains your Personal Data for the period necessary to carry out the purpose of the Services and in accordance with the period specified by accounting standards. legal standards and other relevant regulations.
  2. In determination of the retention period of Personal Data, the Company will consider the amount, nature of use, purpose of services, sensitivity of Personal Data, and potential risks from unlawful usage of Personal Data and the period prescribed by applicable laws.
  3. Your Personal Data obtained from cookies to collect information when you visit the website will be stored for no more than 12 months or as required by applicable laws.
  4. In order to comply with the law, a court order, or to establish legal claims under the law so as to become a party to any dispute resolution proceedings, the Company may maintain the Personal Data for the duration according to the legal statute or until the dispute is dissolved as the case maybe.
8. Measures of Personal Data Retention and Processing
  1. The Company will manage the retention of Personal Data with standards not less than a level required by law and with appropriate system to protect and safeguard such Personal Data such as the use of Secure Sockets Layer: SSL, protect with firewall, password and other technology measures for encryption of information via the internet, and store in a facility with access protection system that limits the person’s access to personal data kept in a document format.
  2. The Comapny limits access to Personal Data that may be accessed by staffs, agent, partner or third party. Access to Personal Data by third parties is strictly restricted to the extent prescribed or instructed by the Company, and such third party has the duty to maintain full confidentiality of and protect such Personal Data.
  3. The Company shall put in place technological methods for preventing unauthorized computer systems access.
  4. The Company has an auditing mechanism for destroying Personal Data which is no longer required for the operations of the Company.
  5. In case of sensitive Personal Data, the Company applies measures to maintain the security of documentation and electronic data for access and control of the use as well as having operating system and backup including emergency plan and conducting regularly risk assessment of the system.
9. Overseas Transfer of Personal Data
  1. Some cases, the Company may need to transfer your Personal Data to overseas. The Company may transfer after notifying you of the objectives of the transfer and receiving your consent. The Company will notify you of any inadequacies relating to Personal Data protection standards applicable to the recipient country.
  2. The Company may transfer your Personal Data without your consent in the case that transfer of Personal Data overseas is for the performance of an agreement to which you are a party, or compliance with your request prior to entering into such agreement and the Company has informed you of the objectives of the transfer.
10. Marketing Activities and Marketing Promotion

The Company may conduct marketing activities and marketing promotions or have third parties with whom the Company has agreements carry out the following cases:

  1. In the event that the Company uses your Personal Data for direct marketing with you, the Company may only do so if you have given your explicit consent to the Company and the Company has informed you of the purpose of using your Personal Data for direct marketing. You can withdraw your consent to direct marketing at any time through our opt-out system.
  2. For direct marketing with you, the Company uses your information to analyze your behavior in using the services to offer services that meet your needs.
  3. In the case of participating in the Company's promotional activities such as gaming activities or activities on various social network channels to promote the Company's products and services to the public. The Company will not process your Personal Data for direct marketing unless you have given your explicit consent to the Company to use your Personal Data for direct marketing, and the Company will inform you of the purpose of using your data for direct marketing, and you can withdraw your consent to direct marketing at any time through the Company's opt-out system.
11. Use of Cookies

Cookies are text files that are placed on your computer that are used to store log information about your internet usage or website browsing behavior. The Company uses cookies to store information about your visit to the website to help the Company provide better, faster and safer services. When you use the services through the website, the Company uses cookies in the following cases:

  1. Functionality Cookies: the Company use this kind of cookies to help the Company recognizes your device or browser so that the Company can tailor content to your personal interests more quickly and make the services and the platform more convenient and useful to you. To disable this kind of cookie, you can set your device by looking at your browser or device's help instructions.
  2. Analytic cookies: the Company uses Analytics Cookies provided by third parties to collect information about how visitors to the Company's website are used. The Company anonymizes website visitor information and transmits it to third parties who may use it or disclose it to third parties who process it as permitted by law. Third parties will not combine your information obtained from the Company's website with information that is already available to third parties. You can choose to disable this kind of cookie on the Company's website.
12. Rights of Personal Data Owner

As a personal data owner, you have rights to request the Company to take the following acts in relation to your Personal Data, to the extent permitted by law:

  1. Right to withdraw consent: you have the right to withdraw consent for the Company to process your Personal Data, for which you had given consent, any time which your Personal Data is retained with the Company;
  2. Right of access: you have the right to access your Personal Data and request the Company for a copy of aforementioned Personal Data, including requesting the Company to disclose the acquisition of your Personal Data you did not give your consent;
  3. Right to rectification: you have the right to request the Company to correct incorrect data or add to incomplete data;
  4. Right to erasure: you have rights to request the Company to erase your Personal Data for certain reasons
  5. Right to restriction of Processing: you have the right to request the Company to suspend the use of your Personal Data, for certain reasons
  6. Right to data portability: you have the right to transfer your Personal Data which you had provided to the Company to another Data Controller, or to yourself, for certain reasons
  7. Right to object: you have the right to object to the Processing of your Personal Data, for certain reasons
    You can contact data protection officer to request to exercise your rights as aforementioned at the following channels
    • Call center number 02-310-3899 or 
    • Health Plaza Company Limited, No. 2/4 Wireless Road, Lumpini Sub-district, Pathumwan District, Bangkok 10330
13. Amendments to the Personal Data Protection Policy

The Company may subsequently revise and make amendments to its Personal Data Protection Policy in order to ensure better protection of Personal Data. The Company will notify you of any revision or amendment.

14. Contact Information

You can contact the Data Controller, ask questions, or exercise any right in relation to Personal Data at 
Email: [email protected]
Health Plaza Company Limited
No. 2/4 Wireless Road, Lumpini Sub-district, Pathumwan District, Bangkok 10330