WIH International Hospital
What kind of PII is being Processed?
In order to perform the required services and features defined on the Platform, the Company would need to collect and process the following PII from the User:
- Directly Identifiable PII such as name, age, nationality and date of birth
- Contact information such as address, phone number, and e-mail address
- Payment information such as the payment transaction information, bank account information and credit card information
- Transactional data, such as username - password and logs, transaction number and history that the User transact and use the Service, including the gathered preference and interest from the transactional behavior
- Technical PII such as IP address number, the Service usage information, and web browser status and setting that have been used to connect to the Service.
- Image, Sound Record, VDO Record, Medical History, Health Information
How the Platform is processing the User’s PII?
- The Company would need to collect and analyze the PII of the User in order to assess the User’s interest with an aim to provide customized and personalized privileges or service that would meet your interest and preference and to improve our customer’s experience with each relevant User;
- The Company would need to collect and restore the User’s PII in order to assure the appropriate after-sale service provided by the Company in various forms, including the satisfaction survey or the support and complaint redress function;
- The User would need to collect and restore the User’s PII as obliged under the applicable laws and regulations, for instance, for the withholding tax payment purpose.
The Company represent that the Platform does not adopt the automated function of PII processing regarding the individual decision making, including profiling.
The Company would need to collect and store the PII of each relevant User for the defined purposes for as long as the User is still the registered User on the Platform and for 3 (three) years after the User termination, except the relevant laws and regulations defined otherwise. The storage of the PII after the User termination would be necessary for the legitimate interest of the Company in the legal proceedings that the Company may have against the relevant User.
Disclosure of the PII
In order to assure the performance of the Platform as committed, the Company may need to disclose the User’s PII in the following circumstances:
- To disclose the User’s PII to the outsourced service providers engaged in the performing direct service to the Platform, including without limitation the advisors and auditors as well as the logistic service provider; provided that the Company shall only disclose the User’s PII to the relevant recipient strictly on the need to know basis in strict compliance with the defined objectives for PII process defined;
- To disclose the User’s PII in the usage of the storage service on Computer System On-premise, Mobile Application, Web Application, Salesforce;
- To disclose the User’ PII to third party in the legal proceedings to protect the Company’s legitimate rights or to detect and prevent any fraud on the Platform; provided that such disclosure shall be done on the limited and specific purposes as defined.
- In case that the Company is obliged under the applicable laws, court judgment or administrative order to disclose any PII of any particular users, the Company would need to do so only on the necessary basis.
Representation on the Privacy Security
The Company represents and guarantees that the Company shall adopt the ‘Privacy-by-Design’ concept and shall use the most appropriate security measures to prevent the unauthorized access, amendment or disclosure of the PII in any form or in any circumstance by either internal or external persons and the Company commits to review those measures on the regular basis with the strong commitment to use the best industrial practice and to be in strict compliance with the applicable laws.
Data Subject Rights
The Company acknowledges and accepts the User’s rights as the data subject over their PII as defined under the applicable laws that include the following rights:
- Right to withdraw consent: Users can withdraw their consent and request the processors to stop collecting their personal data.
- Right of Access: Users can submit data access requests, which oblige processors to provide a copy of any personal data they hold regarding data subjects. This includes a request for a disclosure of platforms and methods in which the processors collected the data from.
- Right of Rectification: Users can request an update on an inaccurate or incomplete personal data.
- Right to Restriction of Processing: Users can request the service provider to limit the way their personal data is used.
- Right to be informed: Users have the right to be notified about the collection of their personal data such as storage periods and purposes.
- Right to Object: Users can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.
- Right to Data Portability: Users are permitted to obtain and reuse their personal data for their own purposes across different services.
- Right to Erasure: Users can request that the service provider erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or is no longer meeting the lawful ground for which it was collected. This includes the instance where the individual withdraws consent.
- Right not to be subject to automated individual decision-making: significant decision will not be solely based on automated means.
The User can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the User of the Company’s determination within 30 days after the receipt of the User’s valid request.
What are Cookies that the Company is using on the Platform?
Cookies are text files stored on the User’s computer browser directory or program data subfolder in order to keep data log of the User’s internet usage and the User’s behavior or interaction on the Platform. For the performance of the Platform, the Company need to use various types of Cookies for various purposes as defined below:
- Functionality Cookies being used to record information about choices the User have made in the Platform such as personal settings, languages, and fonts so this would allows the Company to tailor our Platform features that would match the User’s preference setting;
- Advertising Cookies being used to record the User’s on-site behavior and history of the Platform visited and this would allow the Company to provide the User the services and products that suit the User’s preferences and to assess the success of each function of the Platform.
- Strictly Necessary Cookies are essential for the User to browse the Platform and use its features, such as accessing secure areas of the Platform.
Name: THANADOL & KOJCHABOON CO., LTD.
Address: 1798 Debaratna Road, Bangna Tai, Bangna, Bangkok 10260
Contact detail: (+66) 0 2078 8919
Email address: firstname.lastname@example.org