Privacy Policy
Vibhavadi Hospital

Vibhavadi Hospital recognizes the importance of protecting personal data and maintaining the standard for maintaining the security of personal data in accordance with appropriate standards and international standards. Therefore, this Privacy Policy has been prepared and disseminated to the general public associated with the hospital and is applicable to the management, employees, and third parties. All hospital operators shall comply, and the management of all departments is responsible for supporting, pushing, and monitoring operations in strict accordance with the policy and laws relating to the protection of personal data as follows:

1) The collection of personal data shall be carried out in a limited manner only to the extent necessary and for the purposes of use, and in alignment with the policies, manuals, and/or guidelines prescribed by the hospital.

2) The quality of personal data collected shall take into account its accuracy and suitability, and shall have appropriate measures to maintain the security of personal data, including risk management and raising awareness in the field of personal data security.

3) The purpose for which personal data is collected, used, or disclosed must be legal, and data processing must be limited to the specified purposes. The personal data collected shall not be disclosed to third parties, except in the following cases:
• For the sake of life, health or safety;
• For the performance of contracts with which there is an obligation between them;
• For the performance of duties prescribed by law or by court order, order of a legal authority, or any other case of the same nature;
• For legitimate interests;
• For the performance of legal duties;
• For the purpose of studying, researching or preparing statistics;
• It is the case with the consent of the owner of the personal data.

4) The Privacy Policy shall be publicized and disseminated, including practices related to the protection of personal data through the hospital’s website, and proceed with other matters as required by law, such as measures to support the exercise of the rights of the personal data subject, determination of the responsibilities of the person who is responsible for the data controller and data processor, and provision for the Personal Data Protection Officer (DPO).

5) All personnel of the hospital should have conscience and responsibility and be ready to protect the personal information of those concerned as if it were their own personal information.

This policy also aims to inform all parties of the details of the collection, use, or disclosure of personal data. This includes the transfer of personal data to affiliated hospitals either within the country or abroad, as well as measures to manage and secure personal data in order to comply with the Personal Data Protection Act, B.E. 2562 (2019), relevant laws, and in accordance with international personal data protection standards. The hospital makes every effort to maintain limited collection of personal information as necessary for the purposes of its use only to the benefit of providing services to the data subject and processing the data for the intended purposes.

1. Scope of Enforcement

This Privacy Policy is applicable to personal data that the hospital may collect, use, disclose, or transfer to affiliated hospitals, both domestically or internationally, of the following groups of people:

1) Those who are current hospital clients, in the past, and the hospital’s target clients in the future.

2) Trade partners, counterparties, which cover
• Normal people, who are currently contractual parties to the hospital, in the past, and may be trade partners or counterparties of the hospital in the future.
• Employees, personnel, officers, representatives, agents, authorized persons acting on behalf of a juristic person, directors, visitors, and other natural persons acting on behalf of juristic persons who are partners or legal entity counterparties of the hospital.

3) Shareholders, investors, including any persons interested in investing.

4) Visitors and third parties entering the hospital’s area of responsibility are required to collect personal information for security purposes within the area of responsibility.

5) CSR stakeholders or any persons at the hospital may collect personal information from relevant parties or for social purposes or for any other purpose.

6) A group of personnel, employees, and job applicants, which encompasses family members or referrals referred to by employees or job applicants.

This Privacy Policy also covers various channels between the personal data subject and the hospital that enable the hospital to receive or collect personal information, whether it is the hospital’s contact channels, electronic systems, websites, hotlines (call centers), or customer service centers, complaint or recommendation channels, online communication channels, mobile applications, activities, public places, or communities where the hospital is responsible for society and/or other related purposes.

This Privacy Policy describes the types of personal information the hospital collects; methods; sources of personal information; purposes the hospital collects, uses, discloses, and transfers personal data abroad; persons who may be exposed or transferred their personal information from the hospital; retention period of personal data; and the rights of the personal data subject in accordance with the Personal Data Protection Act, B.E. 2562 (2019), as well as the security of personal data according to appropriate measures.

2. Definitions mentioned in this Policy

“Hospital” refers to Vibhavadi Hospital.

“Personal Information” means information about an individual, which makes it possible to identify that person, whether directly or indirectly, but it does not include the deceased’s information, for example, name and surname, national identification number, passport number, social security card number, taxpayer identification number, account number, address, email, telephone number, IP address, cookie ID, date of birth, nationality, weight, height, education information, financial information, employment information, etc.

“Sensitive Personal Information” means information that is inherently personal but sensitive and may be vulnerable to unfair discrimination, such as race, ethnic group, political opinion, cult, religious, or philosophical beliefs, sexual behavior, criminal record, health information, disability, labor union information, genetic data, biological data, or any other information that similarly affects the owner of the personal data.

“Processing of Personal Data” means the collection, use, or disclosure of personal data.

“Personal Data Owner” means the person who owns the personal data but is not the person who has the state of being the owner of the data or who creates or collects the data himself or herself. The owner of this personal data refers only to natural persons. It does not include legal entities established by law, such as corporations, associations, foundations, or any other organization.

3. Cookies and Use of Cookies

On visiting the hospital’s website, cookies may be placed on the visitors’ devices and information is collected automatically. Some cookies are necessary for the website to function properly, and some are cookies intended to facilitate the visitors’ visit. More information can be found in the hospital’s cookie policy.

4. Privacy Policy Update

The hospital may review, improve, or change this Privacy Policy from time to time to conform to relevant guidelines, laws, rules, and regulations. In this regard, if any revisions or changes to this Privacy Policy are made, the hospital will publish the updated policy on the website and other channels.

5. Retention, Duration, and Safety Measures

The hospital will retain personal information for as long as reasonably necessary to achieve the purposes outlined in this Policy. The hospital will consider an appropriate period of retention of personal data from the contractual period, prescription, including the need to continue to collect personal data for the period necessary to comply with the law, for internal and external audits, or to establish legal rights/claims.

The hospital will maintain and store personal information to ensure proper security, whether it is in the form of documents, computer systems, and electronic systems, as well as tools used by the hospital to secure personal information. We would like you to ensure that the hospital’s personal data security measures are appropriate and meet international standards to prevent loss, unlawful access, use, change, modification, or disclosure of personal data or without lawful authority.

The hospital restricts access and uses technology to secure personal data to prevent unauthorized access to computers or electronic systems. Once personal data is disclosed to third parties who process it or to data processors, the hospital will supervise the person to take appropriate action following the order.

6. Rights of Personal Data Subjects

The consent given by the owner of the personal data to the hospital for collection, use, and disclosure of personal data remains valid until the data subject withdraws his or her written consent. The personal data subject may withdraw his or her consent or suspend the use or disclosure of personal data for the purpose of carrying out any activity by sending the request to the hospital in writing or via e-mail at [email protected].

Moreover, under the Personal Data Protection Act, B.E. 2562 (2019), the data subject has the right to make the following legal requests:

1) The right to receive a notice;
2) The right to ask the hospital to correct incorrect information or add incomplete information;
3) The right to withdraw consent to the processing of personal data that has been given to the hospital for the duration in which the personal data is with the hospital;
4) The right to suspend the use of personal data for certain reasons;
5) The right to access to personal data and ask the hospital to make a copy of such personal data, including asking the hospital to disclose the acquisition of personal data that the data subject did not give consent to the hospital;
6) The right to transfer personal data provided to hospitals to other data controllers or data subjects for certain reasons;
7) The right to object to the processing of personal data for certain reasons;
8) The right to ask the hospital to delete personal data for certain reasons subject to legal requirements;
9) The right to complain in the case of breach or failure to comply with the personal data protection laws or notifications issued under such laws.

The requests listed above must be made in writing and the hospital shall notify the result of the consideration within 30 days, unless there is a limitation on the legal rights. However, the withdrawal of consent may result in insufficient data being processed to achieve the stated objectives and may be inconvenient to receive the service, but it will not affect any rights already exercised for the purpose.

7. Contact to the Hospital

If you have any questions about this Privacy Policy or wish to exercise your rights regarding the processing of your personal data, please contact us for more information at

Data Protection Officer (DPO)

Email: [email protected]

Vibhavadi Hospital

51/3 Ngamwongwan Road, Lat Yao Subdistrict, Chatuchak District, Bangkok 10900

Telephone 02-058-1111

Website: www.vibhavadi.com

8. Additional Practices

The executives and hospital employees should constantly ask questions to check themselves to perform their work correctly in accordance with the policy, guidelines, manuals, and laws, whether the operation involves personal information or not and how, and it must be done consistently with the policy, including

• Always understand the content of the rules, regulations, policies, and guidelines, which are part of the policy, including various manuals;
• Always understand the laws, rules, and regulations both inside and outside the organization related to the performance and protection of personal data;
• If inconsistent practices have been witnessed, report a clue via email at [email protected] or the channels designated by the hospital.

9. Privacy Policy Review

The hospital may review and revise the Privacy Policy or guidelines from time to time in accordance with and compliance with the law. In this regard, if it is revised, changed, or modified, the hospital will notify it on the hospital’s website, www.vibhavadi.com.

Announced on June 1, 2022.