Praram 9 Hospital
& Praram 9 Medical Center
Praram 9 Hospital Public Company Limited (“Company”) is committed to protecting and respecting of your privacy under the Thai Personal Data Protection Act B.E. 2562, as amended from time to time, as well as other applicable laws and rules in Thailand (collectively “the PDPA”). We intend to protect your personal information that we collect, use, or disclose during the course of our business activities, including our core services, services via website or via applications. We have the obligations as stipulated in any laws regarding the protection of personal data, privacy, or data security that are applicable and effective in Thailand. This Policy is a part of our efforts to fulfil the objective of this Policy, which is to comply with the PDPA.
This Policy stipulates our practice concerning privacy; the purposes of collection, use, or disclosure of Personal Data; the categories of Personal Data that we may collect, use, or disclose; the intention of Personal Data use; third parties whom we may disclose Personal Data to; the collection and retention of Personal Data; how you can access or request rectification of your Personal Data that is stored by us; and how you can lodge a complaint in case of noncompliance with the applicable law on personal data protection.
Please read this Policy carefully.
“Company” means Praram 9 Hospital Public Company Limited, including any representative of any such company.
“Affiliate” means Praram 9 Hospital Public Company Limited and any companies associated with or its subsidiaries of Praram 9 Hospital Public Company Limited, including any representative of any such company.
“Personal Data” means any information that relates, whether directly or indirectly, to an identified or identifiable person, or which can be used to distinguish or trace an individual’s identity, whether by reference to such information alone, or when combined with other identifying information.
“Sensitive Personal Data” means any information as specified in Section 26 of the Thai Personal Data Protection Act, as amended from time to time, as well as other applicable laws and rules, such as information about race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal backgrounds, health information, disability, labor union information, genetic data, biometric data, or any other information that similarly affects the data subject.
“Processing” means the collection, use, or disclosure of Personal Data.
“Personal Data Controller” means any individual or legal entity authorized to make decisions concerning the collection, use, or disclosure of Personal Data.
“Personal Data Processor” means any individual or legal entity that processes the collection, use, or disclosure of Personal Data, in accordance with instructions, or on behalf, of the Controller. Any person who performs the Processing is not considered a Controller.
1. What type of information about you do we collect?
We collect only Personal Data that is reasonably necessary for our activities. The categories of individuals whose Personal Data are collected include, but are not limited to, the following:
The patient and/or persons regarded as having any relationship to the patient(s) e.g., the patient has reached adulthood and has the ability to make decisions under the law and/or patients who are minors which require consent from a parent or legal guardian, including any relatives in the case where the patient is unconscious.
The categories of Personal Data that we may collect depend on the nature of the activities that you have with us, including your locations, and the means used to collect the Personal Data, which may include the following information:
- Personally identifiable information, such as your name, address or contact details, gender, age, nationality, marital status, date of birth, and passport/ID Card number
- Financial status, such as your income, the source country of your income, your other sources of income, your sources of investment funds, the value of your personal property, your accounts, identification information about your property, such as your car license number, details relating to your bank accounts, bonds, certificates of deposit, bills of exchange, debentures, listed securities, and investment units, and your salary certificate
- Educational background and work experience, such as your highest education level achieved, the institutions from which you obtained your education, the field(s) of your education, the year of your graduation, certificates, your finance-related educational background, your career, details about your work, the name of your company and the type of business, your position and department, the nature of your work, your responsibilities, the name of your secretary and his/her telephone number, your length of service to date, and your work experience
- Legal offense record, such as records of anti-money laundering offenses; information about transaction suspension, involvement in any anti-money laundering scheme, or transaction rejections by any financial institution, if any; information about bankruptcy; information about any related legal entities; any information for the KYC process; information about occupations or businesses considered risky under anti-money laundering law; and information about offenses received from supervisory bodies
- Information for investment assessment
- Information about sales and purchase transaction and other transactions
- Information about persons relating to a Stakeholder, such as his/her spouse, children, emergency contacts, his/her guarantor; persons who give consent on behalf of legal representatives, guardians, and/or estate administrators; parents and/or legal representatives; grantors of powers at all levels; and beneficiaries.
Any provision of your Personal Data is voluntary. You have the option not to give any information that is requested by the Company. However, lack of such information may result in the Company’s inability to provide you with certain benefits, or the Company may not be able to perform its contractual obligations related to its services to you.
Some of the Personal Data collected by us may be considered “Sensitive Personal Data.” We intend to collect Sensitive Personal Data only upon your explicit consent, and as reasonably necessary for our business operations, or as required by law, court orders, or orders of any government agencies, or in cases where you intentionally disclose such data to the public. We intend to share Sensitive Personal Data only when we deem that it is necessary to be collected, used, or processed which the Company is not required to receive your explicit consent if the processing is for any of the following objectives:
- To prevent or suppress a danger to the life, body, or health of the data subject, when the data subject is incapable of giving consent for whatever reason
- To carry out legitimate activities, with appropriate safeguards, of foundations, associations, or any other not-for-profit bodies with political, religious, philosophical, or trade union purposes for their members.
- The information is disclosed to the public with your explicit consent
- To establish, comply with, exercise, or defend legal claims
- It is necessary for compliance with the law to achieve purposes relating to
– preventive medicine or occupational medicine, the assessment of working capacity of the employee, medical diagnosis, the provision of health or social care, medical treatment, the management of health or social care systems and services. In the event that it is not for compliance with the law, and such Personal Data is under the responsibility of the occupational or profession practitioner or person having the duty to keep such Personal Data as confidential under the law, it must be for compliance with the contract between the data subject and the medical practitioner
– public interest in public health, such as protecting against cross-border dangerous contagious disease or epidemics which may be contagious or pestilent, or ensuring standards or quality of medicines, medicinal products or medical devices, on the basis that there is a provision of suitable and specific measures to safeguard the rights and freedom of the data subject, in particular maintaining the confidentiality of Personal Data in accordance with the duties or professional ethics
– employment protection, social security, national health security, social health welfare of the entitled person by law, the road accident victims protection, or social protection in which the collection of Personal Data is necessary for exercising the rights or carrying out the obligations of the Data Controller or the data subject, by providing the suitable measures to protect the fundamental rights and interest of the data subject
– scientific, historical, or statistical research purposes
– the substantial public interest
2. How do we collect your Personal Data?
Generally, we collect your Personal Data directly from you, such as patients registration form, job application forms or any documents provided before becoming the Company’s personnel, director, or executive; forms or systems for registration as our service provider or vendor; the Company’s channels for receipt of information or its website; oral methods, such as by phone or through video/virtual conferences; emails or other communication channels; and through mobile applications which are made available by the Company or any related company.
In some circumstances, we may collect your Personal Data from another person, to whom you may or may not have direct connections. For example, we may collect your Personal Data from:
- Persons who have any relationship with the patient, whether they are relatives or not. who provide your information to the company
- Your employer, when your employer gives us your contact details
- Hospitals in networks, other hospitals, companies in network, business partners and allied businesses
- Any organization of which you are a member
- An employee of the group of companies, who recommends you, via telephone, email, or other communication channels
- Business partners such as insurance companies, car rental companies, hotels or other venue providers or their representatives, partners participating in the loyalty program list and benefits and other companies involved in providing services to you or fulfill the above objectives
- Thailand Securities Depository Co., Ltd., and/or banks/financial institutions
- Contractors, vendors, or service providers
- Banks, and payment service providers such as credit / debit card companies
- Officers or security and safety agencies
- Immigration agency and customs agency
- Government agencies, regulators and other agencies as permitted or required by law
- Your representatives and
- Information disclosed to the public, any mailing or marketing list that is disclosed to the public, for commercial purposes, by the private sector, any trade association, and/or any government agency, such as on a website, or online social media (such as Facebook or LinkedIn), etc.
3. What are our objectives of processing your Personal Data?
We collect Personal Data to enable us to operate our business. Such Personal Data will be used for the following objectives:
- For employee and business administration and management, and the Company’s operations
- For verification or identification of shareholders and independent directors, including their related persons, such as their spouses, children, emergency contacts, guarantors, or persons who give consent on behalf of legal representatives, guardians, and/or estate administrators; parents and/or legal representatives; grantors of powers at all levels; and beneficiaries
- For any other benefits regarding our business operations and administration, such as to make meeting agendas for shareholders’ meetings, board of directors’ meetings, or other internal meetings, as well as other activities for Stakeholders to attend, and for a post-event satisfaction assessment
- For sale and purchase transactions or other transactions by Stakeholders, including risk assessments for investments, according to applicable procedures, laws, and regulations
- To comply with any applicable procedures, laws, rules, or court orders; comply with any applicable laws, rules, agreements, or policies set out by a government supervisory authority, law enforcement authority, government agency, dispute resolution agency, or any supervisory authority
- To enable data storage and processing to be in order and in compliance with any applicable laws, rules, and regulations, including the Company’s work rules and applicable laws, such as the Computer Crime Act B.E. 2550, as amended
- To comply with any requirements with respect to payment of wages, compensation, benefits, compensation plans, offers, rewards, and compensation schedules
- For performance appraisal, internal reporting, data analysis, and performance of contractual obligations
- For internal communications, notification of internal and external appointments, whether through telephone, text, email, post, electronic media, such as applications with communications features, or any communication channels in order to inform the Stakeholders.
- To process payments; collect charges or payments; fulfil accounting objectives; perform accounting management; perform auditing; pursue debt payments, in cases where Stakeholders owe the Company
- To facilitate investigations by competent officers; to provide assistance in respect to law enforcement, or investigations by, or on behalf of, the Company, by police officers, government agencies, or by any other supervisory agencies of any countries or jurisdictions; perform reporting obligations; perform any requirements under law, or as approved by government agencies or any other supervisory agencies of any countries or jurisdictions
- For anti-money laundering crime checks (e.g. transaction suspension, involvement in anti-money laundering schemes, or transaction rejections by financial institutions), examination of information about bankruptcy, information about any related legal entities, information for the KYC process, information about occupations or businesses considered risky under anti-money laundering laws, and information about offenses received from supervisory bodies; to examine, prevent, or perform any acts in connection with violation of law and risk prevention, in the case of threatened fraud, money laundering, national security issues, actual or threatened illegal acts, or threats to the lives, health, or safety of other persons
- To ensure the Company’s safety
- To conduct organizational restructuring or any other transactions, which may result in your Personal Data being transferred or disclosed, that are part of business acquisitions or sales, or business acquisition or sale proposals.
- To comply with rules; to conduct business inspections (both internal and external)
- To retain, record, backup, or destroy Personal Data
- To perform any management-related acts in connection with any of the above objectives; and
- To perform any necessary acts which are directly related to any of the above objectives.
If we collect your Personal Data for any other purposes, we intend to inform you of such objectives at the time of collection.
4. In which case and how do we disclose your Personal Data to a third party?
We do not sell Personal Data, but we may share anonymized or de-identified Personal Data to third parties.
We intend to disclose Personal Data only for the original purpose for which the data was collected, or for related objectives, for our business operations or management, including when it is necessary for the provision of products or services as per your requests, assisting us in our business operations, or for security purposes, as described above.
Furthermore, sometimes we may disclose your Personal Data to third parties, for the original purpose for which data was collected, or for related objectives. For example, we may disclose your Personal Data if it is necessary for the delivery of our products or services, or for your participation in activities, as requested by you, for the Company’s business operations, for security purposes, or for compliance with the law.
We may share your Personal Data with any of the following parties:
- Our Affiliates, or any companies in the same group of companies as Praram 9 Hospital Public Company Limited
- Hospital affiliates, other hospitals, business affiliates, partnerships, and alliances
- Business partnerships, such as hospitality services or other event organizers
- Shareholders, including their executives, whether they are natural persons or legal entities, companies in the same group as the shareholders’
- Organizers, advertisers, the press, and sponsors of events or exhibitions
- Our contractors, service providers, suppliers, and other agents, who act on behalf of the Company or who are retained by the Company, such as event-related service providers, banking or financial service providers, hosting service providers, cloud application or network providers, event registration service providers, domestic and overseas tourism service providers, security service providers, auditing service providers, legal service providers, insurance service providers, marketing survey service providers, email management service providers, postal service providers, representatives and agents that sell or promote products and services on our behalf, auction service providers, each of which may not be based in Thailand, and which may be based in a country where personal data protection standards are inadequate, or sub-standard, when compared to the Thai PDPA.
- Thailand Securities Depository Co., Ltd., banks, or financial institutions, as the case may be
- Any persons to whom you agree to provide your Personal Data
- Persons engaged in the sale of the Company’s business, in whole or in part, a merger, or acquisition; and
- Any persons or government agencies, as required by the law, Court orders, or orders of any competent authorities
- Supervisory bodies, government agencies, private organizations, or state-owned enterprises having the duty, according to the law, to supervise the Company’s business operations, when they require the Company to disclose Personal Data
We may hire third parties to fulfil any of the above objectives, whether in whole or in part, or for the development or maintenance of our system. In such cases, we will control and put in place measures to ensure that such third parties will store and use Personal Data strictly in accordance with this policy, any data security requirements and conditions, and the personal data protection law.
5. Data Retention
To secure Personal Data, the Company has implemented the following measures:
- The right to access, use, disclose, and process Personal Data is limited to certain individuals. The identity verification requirement, before accessing or using Personal Data, must be strictly complied with.
- The Company has established a safe encoding method to prevent loss or unauthorized or unlawful access, destruction, use, alteration, or disclosure of Personal Data.
- Personal Data may be transferred, including transfer for storage on a database, to an external organization or a third country only if the personal data protection measures implemented by such organization, or third country, are of equal or higher standards than the measures hereunder.
- In cases the Company retains a third party to store the Personal Data of employees, such as document storage companies, the Company will require those companies to keep the information confidential, and prohibit any use out of the purposes determined by the Company.
We will collect, use, disclose, and retain your Personal Data throughout our legal relationship with you, such as throughout the service providing period, the hiring, the sale and purchase of our products. Upon the end of the relationship, we will retain your data, including Personal Data, only as necessary for the fulfilment of the above purposes, which in no case shall exceed 10 years from our last contact, or from the end of our relationship with you, except where it is necessary for the Company to retain your Personal Data for more than 10 years, to the extent that it is so permitted by law.
We may store Personal Data on networks of which the servers are in Thailand. However, we may transfer Personal Data to a third country, in order to achieve any of the purposes specified above. We will comply with any personal data protection law which is applicable to your Personal Data.
6. Our Website
When you visit publicly accessible pages on our website, the server of our website will keep log records, as well as the following data:
- Your IP address, which simply is a unique address that identifies your computer when it is connected to the Internet
- Your search words
- The operating system and Internet browser that you are using; and
- The information downloaded by you (such as web pages, document files, and software), and the time of such downloading.
The above data will be used only for statistical purposes, to analyze the frequency of users visiting each page of our website so that we can improve our website or services.
If you contact us, register through any of our websites, or email us, we intend to use your Personal Data only in response to your requests or inquiries. If your consent is given as required by law, we may add your email address to your contact details for mailing purposes. You may opt out of receiving information about the Company, events, sales promotions, or products and/or services of the Company.
It is important that you do not share your password with anyone, and you do not allow any person to access your computer without your authorization. You should log out every time, if you access our website through a shared computer.
We may automatically keep log files, which include IP addresses, error reports, activities, timestamps, and URLs. Such information may be associated with personally identifiable information, and must be retained for a time period as required by law.
We use a CCTV system to record images of persons and vehicles around our premises, for public safety and for prevention and detection of crimes. Our CCTV cameras provide 24-hour footage of our entrance, lobby, balconies, outdoor parking areas, areas along our fence, and other accessible areas. The information is recorded for one month, and is then overwritten. Camera locations were chosen to avoid footage which is not related to the purpose of inspection and monitoring. We do not keep audio recordings.
Live feeds from our CCTV system can be examined, only in necessary circumstances, by an authorized person. We believe that live feeds and visual recordings are seen only by our authorized employees, who are directly responsible for access to such information. We respect your privacy. We do not have CCTV cameras in locations where privacy can be expected, such as toilets.
Other websites or applications
Our website may contain links to third-party websites. We do not control these websites, and we are not responsible for their practice concerning data and privacy.
Before you disclose your personal data to any websites linked from our website, or any websites or mobile applications operated or made available by us for third parties, we recommend that you read their privacy policies, and the terms and conditions of such websites or applications.
To the extent permitted by personal data protection law, when you use or access our website, or provide Personal Data to us, it shall be deemed that:
- You give consent to our collection, use, and processing of your Personal Data, for the purposes and by the methods specified above, which may be amended from time to time, unless and until you withdraw such consent. You may withdraw your consent at any time, by giving us written notice of your consent withdrawal. We can reject your request, if permitted by law; and
- You give consent to our disclosure, or the transfer, of your Personal Data to third parties, for the purposes and by the methods specified above. You may withdraw your consent anytime, by giving us written notice of your consent withdrawal.
If applicable personal data protection law requires any additional consent, we, or any of our third party service providers, will obtain your consent for the collection and use of your Personal Data at the time of collection.
You are obligated to provide your Personal Data to the Company to enable us to fulfil your requests, or to provide services to you, as requested. Your lack of approval for the collection, use, processing, or disclosure of certain types of Personal Data requested by us may result in our inability to fulfil our legal obligations, or perform our business, or conduct transactions with you.
9. Your rights
- Right of withdrawal of consent: You may withdraw your consent at any time, unless it is otherwise specified by law. Withdrawal of your consent will not affect the lawfulness of any data processing based on your consent before its withdrawal.
- Right to erasure of Personal Data: You have the right to request the erasure of your Personal Data that is in our possession or control, or request that such data be anonymized.
- Right to data portability: You have the right to request the transfer of your Personal Data, in a commonly used and machine-readable format, to another controller, which is subject to legal requirements.
- Right to object: You have the right to object to the collection, use, or disclosure of your Personal Data, or the cessation of our use of your Personal Data, except as requested in accordance with the relevant legal provisions.
- Right to temporarily restrict the use of your Personal Data: You have the right to request that we restrict the processing of your Personal Data. That is, the Controller may continue to keep your Personal Data, but can no longer process such data, unless consent is given, or it is permitted by law.
- Right of access: You have the right to request access to, and obtain a copy of, your Personal Data that is held by us. Any such request will take 30 days to process, unless otherwise specified by law.
- Right to rectification: You have the right to request that we keep your Personal Data accurate, complete, and updated, which we do in every step of our procedures.
- Right to complain: You have the right to file complaints with officers, or any supervisory authorities, in regard to personal data protection.
10. How to contact us ?
The following details must be provided to the company:
- Full Name, Identification Number / Passport Number
- The subject of contact purposes and details of the issues occurred
- Telephone number and reachable address, including an email address
11. Revisions of our Personal Data Protection Policy
Satian Pooprasert, M.D
Chief Executive Officer
Praram 9 Hospital Public Company Limited
Praram 9 Hospital has launched the innovative medication for Covid-19, the Antibody Cocktail. This medication has been approved and widely used around the world with effective results
This instruction is for customers who pre-ordered in June/July/August and have received the E-Voucher E-coupon registration