Privacy Policy
P.S. Center Clinic by Infinity Wellness Co Ltd. (hereinafter referred to as “Company”, “we” or “us”) places importance on privacy and protection of personal data. This Privacy Policy (“Policy”) was made to notify our patients (collectively referred to as “you” or “data subject”) of how your personal data are collected, used and disclosed (collectively referred to as “process/processing”) as well as your rights as a data subject, the details of which are as follows:
- Scope of Application
This policy is applicable to personal data of patients, visitors, next of kins, emergency contact persons, beneficiaries and any other person that relates to you, whose personal data will be collected, used and/or disclosed for the purposes as specified by this Privacy Policy.
- Types of Collected Personal Data
Personal Data means any information which enables the identification of you, either directly or indirectly (excluding information of deceased persons in particular). The Company may collect your personal data directly from you or may acquire them from other sources, such as your next of kin or healthcare facility or other organization referring you for medical treatment with us, conditional upon the relationship between you and the Company as well as the purpose and necessity of the processing of personal data.
- General Personal Data
The personal data that the Company collects, uses and discloses include:
Types of Personal Data | Details and Examples |
Personal details | – Title, name, middle name, surname – Gender, age, date and place of birth – Marital status, information of family members – Relationship information (e.g. father, mother, beneficiaries, emergency contact) – Nationality, citizenship, country of residency – Signature – Information as appeared on government-issued documents – Photo or video |
Contact details | – Address as appeared on identification document or current address – Telephone or mobile numbers, email – Electronics communication accounts or social media accounts (e.g. LINE ID and other information on social media) |
Financial information | – Payment information (e.g. debit or credit card information, receipt) – Details of medical reimbursement under welfare benefits |
Medical service records | – History of medical examinations, diagnoses and treatments – Laboratory test results – History of drug allergies or adverse reactions to treatment – Information on chronic diseases or disabilities – Information on other services received from the Company’s personnel |
Technical information or information acquired from devices or equipment | – CCTV – Information automatically recorded by the Company’s systems or programs when you access or use the Company’s website or information systems. |
Other information | – Any other information that can directly or indirectly identify you |
- Sensitive Information
Sensitive Personal Data means personal data in relation to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
The Company is required to collect your sensitive personal data, particularly your medical service records which is considered as health and/or disability data as defined above. The Company will collect, use and/or disclose your sensitive personal data only upon your explicit consent or as necessary and permitted by law.
In the event that we are required to request copy(ies) of your personal identification data such as identification card, passport or other documents which may contain sensitive personal data such as ethnicity, religion or blood group, the Company have no intention to collect any such sensitive personal data. Therefore, the Company kindly request that you delete or redact any such Sensitive Personal Data.
Hereinafter in this Privacy Policy, unless otherwise specified, personal data and sensitive personal data shall collectively be referred to as ‘personal data’.
- Personal Information of a Third Party
In case you provide personal data of a third party to the Company, such as your family member, emergency contact or beneficiary, you shall notify them of the details in this Privacy Policy as well as obtaining their consent, if required for disclosure to the Company, in order that the Company can collect, use and/or disclose the personal data of a third party in compliance with the law.
- Purposes for collection, Use and/or Disclosure of Personal Data
The Company will collect, use and/or disclose your personal data as necessary for the purposes permitted by law.
Purpose | Example of Personal Data | Lawful basis and consent |
1. Purposes for Service Recipients | ||
Identity verification and authentication | – Personal details – Contact details | – Legitimate interest – Compliance with law |
Medical examination, treatment, and service delivery according to professional standards | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Other information | General Personal Data – Legitimate interest Sensitive Personal Data – Necessity to protect or suppress threatening to life, body or health, in case the owner of personal data cannot give self-consent. – Necessity for compliance with a healthcare agreement you have with medical professionals or persons responsible for maintaining the confidentiality of personal data. |
Disclosure of information for patient referral between healthcare facilities | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Other information | General Personal Data – Legitimate interest – Necessity to protect or suppress threatening to life, body or health, in case the owner of personal data cannot give self-consent. (emergency case) Sensitive Personal Data – The Company will request your explicit consent. (non-emergency cases) |
Disclosure of information to the insurance company with which you have a contract for the purpose of claiming compensation or medical expense reimbursement rights. | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Financial information – Other information | General Personal Data – Performance of contract – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent. |
Disclosure of information to the person who referred you for medical examination or who pays for your medical expenses on your behalf | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Financial information – Other information | General Personal Data – Performance of contract – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent. |
Disclosure of health information to external parties requesting it who are related to you, e.g. family members | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Other information | General Personal Data – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent. |
Use or disclosure of information for research and academic purposes | – Personal details – Contact details – Sensitive personal data, e.g. health data or medical service records – Other information | General Personal Data – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent. |
2. Purposes for Personnel and/or Contractors | ||
Recruitment, selection, and background screening | – Personal details – Contact details – Educational and employment information – Other information – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | General Personal Data – Processing of requests/applications prior to entering into a contract. – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent. – Compliance with law |
Contracting and performance of contractual obligations | – Personal details – Contact details – Educational and employment information – Employment history – Financial information – Other information – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | General Personal Data – Performance of contract Sensitive Personal Data – The Company will request your explicit consent. – Compliance with law |
Payment of, compensation or other benefits to you | – Personal details – Contact details – Financial information | – Performance of contract – Legitimate interest |
Performance evaluation, job position consideration based on qualifications, and salary adjustment | – Personal details – Contact details – Educational and employment information – Employment history
| – Performance of contract – Legitimate interest |
Skills and competency development | – Personal details – Contact details – Educational and employment information – Employment history | – Legitimate interest |
Contacting government agencies, individuals, or other legal entities in connection with performance of contractual obligations | – Personal details – Contact details – Other informatioon | – Performance of contract – Legitimate interest – Compliance with laws |
Management of resignation or contract termination | – Personal details – Contact details – Educational and employment information – Employment history – Financial information – Other information – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | – Performance of contract – Legitimate interest – Compliance with laws |
Management of welfare and activities for personnel | – Personal details – Contact details – Financial information – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | General Personal Data – Performance of contract – Legitimate interest – Compliance with laws Sensitive Personal Data – The Company will request your explicit consent. – Compliance with law |
Creating databases and carrying out other human resource management operations | – Personal details – Contact details – Educational and employment information – Employment history – Financial information – Other information – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | General Personal Data – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent.
|
3. Other Purposes of the Company | ||
Maintaining security | – Technical information or information acquired from devices or equipment – Sensitive personal data, e.g. Biometric (such as facial recognition, fingerprint data) | General Personal Data – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent.
|
User account creation, identity verification for system access, and access to information technology systems | – Personal details – Contact details – Technical information or information acquired from devices or equipment
| – Legitimate interest
|
Compliance with laws or orders from authorized legal authorities | – Personal details – Contact details – Educational and employment information – Employment history – Financial information – Other information – Technical information or information acquired from devices or equipment – Sensitive personal data, e.g. criminal record, health data, religious belief or disability | General Personal Data – Compliance with laws Sensitive Personal Data – Compliance with laws
|
Corporate communication, corporate image, and marketing | – Personal details – Contact details – Educational and employment information – Sensitive personal data, e.g. medical service records to the extent that it does not affect your rights – Other information | General Personal Data – Legitimate interest Sensitive Personal Data – The Company will request your explicit consent.
|
Improvement and development of service quality | – Personal details – Contact details – Satisfaction information – Other information | – Legitimate interest
|
In case the Company is required to collect your personal data fo performance of contract or compliance with the laws or as necessary for entering into a contract or providing service to you, and if you deny providing your personal data or object to the processing of your personal data in accordance with the purpose of activities or services, we would not be able to proceed or provide a service to you, whether in whole or in part.
- Disclosure of Personal Data
The Company may disclose your personal data to a third party, whether located in Thailand or in other country (“Receiving Party”), by your consent or as permitted by law.
Type of Receiving Party | Details of Disclosure |
Group or affiliated companies | The company may disclose or transfer personal data to the Infinity Group of companies only in cases where you have given consent to the company for such disclosure, or when it is necessary for the performance of contracts, requests, and/or agreements you have made with the company, or to achieve other purposes as specified in this policy. |
Service Provider | The company may assign or outsource to other companies, agents, or contractors, both domestically and internationally, to perform or support the company’s operations, such as data storage service providers or information system providers, etc. |
Partner | The company may disclose or transfer personal data to its business partners or associates for the company’s business operations and/or your benefit, such as insurance companies or contracted partners for processing your medical claim entitlements. |
Counsel or experts | For the benefit of the company’s operations, the company may disclose your information to external auditors, legal advisors, trainers, or other experts. |
Person designated under laws | The company may be required to disclose your personal data in order to comply with orders from authorized or legally entitled persons and/or to comply with applicable laws, such as those issued by the police, public prosecutors, courts, or other government authorities. |
Other person (if required) | The company may disclose your personal data to other persons in accordance with the purposes stated in this notice, or as requested by you or other data recipients, e.g. the company or organization that referred you for treatment, family members, close contacts, other healthcare facilities, or the public. |
- Retention Period of Personal Data
The company will retain your personal data for the duration of your relationship with the company in order to fulfill the purposes stated in this notice. In addition, the company may continue to retain your personal data thereafter, as necessary, in accordance with legal limitation periods or as required by applicable laws. Once the necessity or the legal retention period has ended, the company will proceed to destroy the personal data or anonymize it so that it can no longer be used to identify you.
- Security of Personal Data
The company will implement security measures to ensure that your personal data is not accessed, altered, modified, deleted, or destroyed by unauthorized persons. The company will also maintain and monitor such measures to ensure the continued effectiveness of data security protection.
- Your Data Subject Right
You, as the data subject, have the following legal rights regarding your personal data:
Type of Rights | Details |
Right to consent withdrawal | You have the right to withdraw your consent to the processing of your personal data previously given to the Company, unless such withdrawal is restricted by law or a contract that benefits you as the data subject. |
Right to access | You have the right to request access to and obtain a copy of your personal data under the Company’s responsibility, including the right to request the Company to disclose the source of such data that you have not consented to provide. |
Right to data portability | You have the right to request the transmission or transfer of your personal data to another data controller in an automated manner, unless it is technically unfeasible. (Currently, the Company does not have a system to support exercising this right.) |
Right to objection | You have the right to object to the collection, use, or disclosure of your personal data in certain cases. |
Right to erasure, destruction or anonymization of personal data | You have the right to request the deletion of your personal data if your personal data is no longer necessary for the purposes for which the Company has collected it. |
Right to restriction | You have the right to request the Company to suspend the processing of your personal data in certain cases, such as during the period when the Company is verifying your other rights requests. |
Right to rectification | You have the right to request the Company to correct your personal data to be complete, accurate, up-to-date, and not misleading. |
Right to complaint | You have the right to file a complaint with the Personal Data Protection Committee if the Company neglects or violates the Personal Data Protection Law. |
You may exercise the aforementioned rights by contacting the Company through the contact channels provided in Section 9. Upon receipt of your request, the Company will process it within the period prescribed by law. However, the Company reserves the right to refuse or decline to comply with such requests, to extend the response time, and to charge fees where permitted by law.
- Amendment to this Privacy Policy
The Company may review and amend this announcement as deemed appropriate. The Company will notify the current version of the Privacy Policy on [website (if any), notice board, or website].
- Contact Details for Enquiry or Exercise of Rights
You may contact the Company regarding your personal data as stated in this announcement at:
[Specify the contact information of the point of contact, which may be an admin, for example …]
Administrative Officer (Admin)
27 Soi Phatthanasin, Thung Maha Mek Subdistrict, Sathorn District, Bangkok 10120, Thailand
Tel. 02-125-3959