4. Disclosure of Personal Data

To provide you with services and to serve aforesaid purposes, the Company may be required to disclose your personal data to the following third parties

1. Affiliated companies or a corporate group including their executives, directors, employees and/or personnel relevant to and necessary for your data processing; 
2. The Company’s business alliances and business partners such as business alliances participating in a joint accumulation and privilege program, laboratories, life insurance companies, and other companies relevant to clinics’ services;
3.  State agencies such as Anti Money Laundering Office, Office of the National Anti-Corruption Commission, Office of The Narcotics Control Board, Social Security Office, The Revenue Department, Legal Execution Department, Courts; 
4. Service providers, agents and data processors assigned or engaged by the Company to manage/process personal data, for example, Cloud providers, information technology providers;
5. Banks, credit card companies, payment service providers, provident fund management companies;
6. Destination hospitals in case of patient transfers for medical treatment;
7. The Company’s advisors, for example, legal counsels and auditors.

In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity.  You however have the right not to give your consent.

5. Sending or Transferring Personal Data to a Foreign Country

The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services.  The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business.  The Company is also required to send or transfer your personal data to destination hospitals, laboratories, and medical device manufacturers in a foreign country (such as the Federal Republic of Germany), including overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads).  The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.

6. Retention of Personal Data

The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Company’s data storage system, storing data in locked file cabinets to prevent unauthorized access, using a digital locking system to limit the persons entitled to access data, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Company’s personnel and service providers have the duty to keep the data subject’s personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.

In the case that the Company or you set a password for the use of the Company’s platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data.

7. Retention Period for Personal Data

The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws.  Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:

1. Patients and relevant persons (such as relatives) throughout a period of time you have been served the Company’s medical services.  In the case that you no longer have contact with the Company, the Company shall retain your personal data for a least 5 years from the last day you have been served a medical care;
2. Emergency or unconscious patients and relevant persons (such as accompanying persons) throughout a period of time you have been served the Company’s medical services.                   In the case that you no longer have contact with the Company, the Company shall retain your personal data for a least  5 years from the last day you have been served a medical care;
3. The Company’s personnel and relevant persons (such as guarantor) throughout a period of time you have been the Company’s personnel;
4. Job applicants and relevant persons (such as reference persons) throughout a period of time you have been in the process of recruitment, selection, interview and doing any activities relevant to a job application. The Company shall retain your personal data for at least 2 years from the deadline for application;
5. Business partners and relevant persons throughout a period of time you have been the Company’s business partners.  The Company shall retain your personal data as long as necessary for serving the purposes of data processing from a termination date;
6. Persons interested in receiving medical service throughout a period of time you have been using the Company’s platform and/or at least 5 years from a date you stop using it completely;
7. Bloggers, influencers, and marketing activity participants Data shall be retained as long as necessary for serving the purposes of data processing.

The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period.

8. Your Rights

You can exercise your rights to your personal data under this Policy Notice by contacting the Company by the means specified in article 13.  If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative.  The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time.  You are entitled to the following rights:

1. Request access to and obtain a copy of personal data:  You are entitled to request access to and obtain a copy of your personal data collected by the Company, or to request the disclosure of a source of your personal data acquired without your consent;
2. Request the correction of personal data:  You are entitled to request the correction of your personal data to be accurate, up to date, and not misleading;
3. Request the erasure or destruction of personal data:  You are entitled to request the erasure or destruction of your personal data, or data anonymization;
4.  Request a restriction on the use of personal data: You are entitled to request a restriction on the use of personal data in case that the Company is pending examination process in accordance with your request/objection, or in case that you request the Company to restrict the use of personal data instead of erasure or destruction of unnecessary personal data;
5.  Object to your personal data processing:  You are entitled to object to your personal data   processing as prescribed by the personal data protection law;
6. Transfer personal data:  You are entitled to obtain your personal data, and to request the Company to send or transfer your personal data to a third party in order to facilitate the exercise of your rights, unless it is impossible to do so because of the technical circumstances. The exercises of rights shall be subject to the provisions prescribed by law;
7. Withdrawal of consent:  In the event that you have given consent to the Company to collect, use, and/or disclose personal data, you are entitled to withdraw the consent at any time via the Company’s contact channels, unless there is a restriction of the withdrawal of consent by law, or there is a contract giving you benefits.
   Such withdrawal of consent shall not affect the collection, use, or disclosure of personal data that have been processed by the Company on the basis of consent.  In some cases, the withdrawal of consent may affect you, for instance, inconvenient for providing you with welfare benefits, inconvenient for business coordination, notifications of benefits, promotion, news or new offers, not being served with better products or services and not being served with products or services that meet your needs, etc.
8. File a complaint:  You are entitled to file a complaint with a person in authority (such as a personal data protection committee/office) in the event that you believe that the Company breaches the personal data protection law.

The exercise of your rights may be restricted or rejected with some reasons, for instance,  the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc.  The Company shall inform you of a reason for rejection.

9. Cookie Policy

The Company collects personal data by using cookie and other similar technologies when you use the Company’s platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Company’s products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partially. However, you may not be able to access some part of the Company’s platform.
You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Company’s control. Using cookie usually more relates the Company’s platform and advertisements thereon to your interests, which enable the development of the Company’s platform.

10. Marketing Media

When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the Marketing Media”) via notification on the platform, telephone, and/or email.  You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.

The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.

11. Amendment