Privacy Policy
Vibhavadi Hospital
Vibhavadi Hospital recognizes the importance of protecting personal data
and maintaining the standard for maintaining the security of personal
data in accordance with appropriate standards and international
standards. Therefore, this Privacy Policy has been prepared and
disseminated to the general public associated with the hospital and is
applicable to the management, employees, and third parties. All hospital
operators shall comply, and the management of all departments is
responsible for supporting, pushing, and monitoring operations in strict
accordance with the policy and laws relating to the protection of
personal data as follows:
1) The collection of personal data shall be carried out in a limited
manner only to the extent necessary and for the purposes of use, and in
alignment with the policies, manuals, and/or guidelines prescribed by
the hospital.
2) The quality of personal data collected shall take into account its
accuracy and suitability, and shall have appropriate measures to
maintain the security of personal data, including risk management and
raising awareness in the field of personal data security.
3) The purpose for which personal data is collected, used, or disclosed
must be legal, and data processing must be limited to the specified
purposes. The personal data collected shall not be disclosed to third
parties, except in the following cases:
• For the sake of life, health or safety;
• For the performance of contracts with which there is an obligation
between them;
• For the performance of duties prescribed by law or by court order,
order of a legal authority, or any other case of the same nature;
• For legitimate interests;
• For the performance of legal duties;
• For the purpose of studying, researching or preparing statistics;
• It is the case with the consent of the owner of the personal data.
4) The Privacy Policy shall be publicized and disseminated, including
practices related to the protection of personal data through the
hospital’s website, and proceed with other matters as required by law,
such as measures to support the exercise of the rights of the personal
data subject, determination of the responsibilities of the person who is
responsible for the data controller and data processor, and provision
for the Personal Data Protection Officer (DPO).
5) All personnel of the hospital should have conscience and
responsibility and be ready to protect the personal information of those
concerned as if it were their own personal information.
This policy also aims to inform all parties of the details of the
collection, use, or disclosure of personal data. This includes the
transfer of personal data to affiliated hospitals either within the
country or abroad, as well as measures to manage and secure personal
data in order to comply with the Personal Data Protection Act, B.E. 2562
(2019), relevant laws, and in accordance with international personal
data protection standards. The hospital makes every effort to maintain
limited collection of personal information as necessary for the purposes
of its use only to the benefit of providing services to the data subject
and processing the data for the intended purposes.
1. Scope of Enforcement
This Privacy Policy is applicable to personal data that the hospital may
collect, use, disclose, or transfer to affiliated hospitals, both
domestically or internationally, of the following groups of people:
1) Those who are current hospital clients, in the past, and the
hospital’s target clients in the future.
2) Trade partners, counterparties, which cover
• Normal people, who are currently contractual parties to the hospital,
in the past, and may be trade partners or counterparties of the hospital
in the future.
• Employees, personnel, officers, representatives, agents, authorized
persons acting on behalf of a juristic person, directors, visitors, and
other natural persons acting on behalf of juristic persons who are
partners or legal entity counterparties of the hospital.
3) Shareholders, investors, including any persons interested in
investing.
4) Visitors and third parties entering the hospital’s area of
responsibility are required to collect personal information for security
purposes within the area of responsibility.
5) CSR stakeholders or any persons at the hospital may collect personal
information from relevant parties or for social purposes or for any
other purpose.
6) A group of personnel, employees, and job applicants, which encompasses
family members or referrals referred to by employees or job applicants.
This Privacy Policy also covers various channels between the personal
data subject and the hospital that enable the hospital to receive or
collect personal information, whether it is the hospital’s contact
channels, electronic systems, websites, hotlines (call centers), or
customer service centers, complaint or recommendation channels, online
communication channels, mobile applications, activities, public places,
or communities where the hospital is responsible for society and/or
other related purposes.
This Privacy Policy describes the types of personal information the
hospital collects; methods; sources of personal information; purposes
the hospital collects, uses, discloses, and transfers personal data
abroad; persons who may be exposed or transferred their personal
information from the hospital; retention period of personal data; and
the rights of the personal data subject in accordance with the Personal
Data Protection Act, B.E. 2562 (2019), as well as the security of
personal data according to appropriate measures.
2. Definitions mentioned in this Policy
“Hospital” refers to Vibhavadi Hospital.
“Personal Information” means information about an individual, which makes
it possible to identify that person, whether directly or indirectly, but
it does not include the deceased’s information, for example, name and
surname, national identification number, passport number, social
security card number, taxpayer identification number, account number,
address, email, telephone number, IP address, cookie ID, date of birth,
nationality, weight, height, education information, financial
information, employment information, etc.
“Sensitive Personal Information” means information that is inherently
personal but sensitive and may be vulnerable to unfair discrimination,
such as race, ethnic group, political opinion, cult, religious, or
philosophical beliefs, sexual behavior, criminal record, health
information, disability, labor union information, genetic data,
biological data, or any other information that similarly affects the
owner of the personal data.
“Processing of Personal Data” means the collection, use, or disclosure of
personal data.
“Personal Data Owner” means the person who owns the personal data but is
not the person who has the state of being the owner of the data or who
creates or collects the data himself or herself. The owner of this
personal data refers only to natural persons. It does not include legal
entities established by law, such as corporations, associations,
foundations, or any other organization.
3. Cookies and Use of Cookies
On visiting the hospital’s website, cookies may be placed on the
visitors’ devices and information is collected automatically. Some
cookies are necessary for the website to function properly, and some are
cookies intended to facilitate the visitors’ visit. More information can
be found in the hospital’s cookie policy.
4. Privacy Policy Update
The hospital may review, improve, or change this Privacy Policy from time
to time to conform to relevant guidelines, laws, rules, and regulations.
In this regard, if any revisions or changes to this Privacy Policy are
made, the hospital will publish the updated policy on the website and
other channels.
5. Retention, Duration, and Safety Measures
The hospital will retain personal information for as long as reasonably
necessary to achieve the purposes outlined in this Policy. The hospital
will consider an appropriate period of retention of personal data from
the contractual period, prescription, including the need to continue to
collect personal data for the period necessary to comply with the law,
for internal and external audits, or to establish legal rights/claims.
The hospital will maintain and store personal information to ensure
proper security, whether it is in the form of documents, computer
systems, and electronic systems, as well as tools used by the hospital
to secure personal information. We would like you to ensure that the
hospital’s personal data security measures are appropriate and meet
international standards to prevent loss, unlawful access, use, change,
modification, or disclosure of personal data or without lawful
authority.
The hospital restricts access and uses technology to secure personal data
to prevent unauthorized access to computers or electronic systems. Once
personal data is disclosed to third parties who process it or to data
processors, the hospital will supervise the person to take appropriate
action following the order.
6. Rights of Personal Data Subjects
The consent given by the owner of the personal data to the hospital for
collection, use, and disclosure of personal data remains valid until the
data subject withdraws his or her written consent. The personal data
subject may withdraw his or her consent or suspend the use or disclosure
of personal data for the purpose of carrying out any activity by sending
the request to the hospital in writing or via e-mail at
[email protected].
Moreover, under the Personal Data Protection Act, B.E. 2562 (2019), the
data subject has the right to make the following legal requests:
1) The right to receive a notice;
2) The right to ask the hospital to correct incorrect information or add
incomplete information;
3) The right to withdraw consent to the processing of personal data that
has been given to the hospital for the duration in which the personal
data is with the hospital;
4) The right to suspend the use of personal data for certain reasons;
5) The right to access to personal data and ask the hospital to make a
copy of such personal data, including asking the hospital to disclose
the acquisition of personal data that the data subject did not give
consent to the hospital;
6) The right to transfer personal data provided to hospitals to other
data controllers or data subjects for certain reasons;
7) The right to object to the processing of personal data for certain
reasons;
8) The right to ask the hospital to delete personal data for certain
reasons subject to legal requirements;
9) The right to complain in the case of breach or failure to comply with
the personal data protection laws or notifications issued under such
laws.
The requests listed above must be made in writing and the hospital shall
notify the result of the consideration within 30 days, unless there is a
limitation on the legal rights. However, the withdrawal of consent may
result in insufficient data being processed to achieve the stated
objectives and may be inconvenient to receive the service, but it will
not affect any rights already exercised for the purpose.
7. Contact to the Hospital
If you have any questions about this Privacy Policy or wish to exercise
your rights regarding the processing of your personal data, please
contact us for more information at
Data Protection Officer (DPO)
Email: [email protected]
Vibhavadi Hospital
51/3 Ngamwongwan Road, Lat Yao Subdistrict, Chatuchak District, Bangkok
10900
Telephone 02-058-1111
Website: www.vibhavadi.com
8. Additional Practices
The executives and hospital employees should constantly ask questions to
check themselves to perform their work correctly in accordance with the
policy, guidelines, manuals, and laws, whether the operation involves
personal information or not and how, and it must be done consistently
with the policy, including
• Always understand the content of the rules, regulations, policies, and
guidelines, which are part of the policy, including various manuals;
• Always understand the laws, rules, and regulations both inside and
outside the organization related to the performance and protection of
personal data;
• If inconsistent practices have been witnessed, report a clue via email
at [email protected] or the channels designated by the hospital.
9. Privacy Policy Review
The hospital may review and revise the Privacy Policy or guidelines from
time to time in accordance with and compliance with the law. In this
regard, if it is revised, changed, or modified, the hospital will notify
it on the hospital’s website, www.vibhavadi.com.
Announced on June 1, 2022.