Privacy Notice
B-First Medical Ltd.
This privacy notice (the “Privacy Notice”) is provided in order that you as the Company’s customers, i.e. patients, emergency or unconscious patients, persons interested in receiving medical service, the Company’s personnel, job applicants, business partner, and marketing activity participants, or any persons involving the aforesaid persons (collectively referred to as “You”), have the knowledge of the procedure, which B-First Medical Ltd. as the operator of PrimoCare Medical Polyclinic, and PrimoCare Medical Clinic (the “Company”) follows to collect, use, or disclose your personal data, and your legal rights relevant to personal data under the Personal Data Protection Act B.E. 2562 and relevant statutory requirements.
For your understanding of the procedure that the Company follows to collect, use, or disclose your personal data, and your privacy right, please read this privacy notice thoroughly, and a notice to be amended in the future from time to time to be in compliance with the Company’s guideline and/or statutory requirements.
To do any transaction relevant to the Company, you and/or your parents, guardian or legal representative (in case your age is under 20 years old) confirm and accept the guideline and procedure specified herein. In addition, you accept that disclosing a third party’s personal data to the Company for the Company’s purposes as set out below is made with his/her consent.
This Privacy Notice is enforced on (1) the Company’s customers, namely patients, emergency or unconscious patients, persons interested in receiving medical service; (2) the Company’s personnel; (3) job applicants; (4) business partners; (5) bloggers, influencers and marketing activity participants; or (6) any person involving the aforesaid persons, including other persons relevant to the Company, for example, marketing agents, law firms, insurance companies or recruitment agencies.
The Company collects the following personal data, namely any information that enables your identification, whether directly or indirectly:
Further details are contained in the privacy policy (“Collected Personal Data”).
The Company may receive your personal data from the following ways:
The Company shall collect, use, or disclose your personal data for various purposes on legal bases, including (a) for compliance with a contract and the conditions on service rendering between you and the Company; (b) for legitimate interests; (c) for preventing or suppressing a danger to your life, body or heath, or other person’s life, body or health; (d) for compliance with legal obligations; and/or (e) on any other legal bases, as the case may be.
In addition, the Company may request your consent for collection, use or disclosure of your data for specific purposes as set out below:
3.1 Patients and relevant persons (such as relatives)
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.2 Emergency or unconscious patients and relevant persons (such as accompanying persons)
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.3 The Company’s personnel and relevant persons (such as guarantor)
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.4 Applicants and relevant persons (such as reference persons)
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.5 Business partners and relevant persons (such as shareholders, directors, or coordinators in case of a business partner being a juristic person)
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.6 Persons interested in receiving medical service
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
3.7 Bloggers, influencers, and marketing activity participants
Purposes
Legal Bases for Data Processing
General personal data
Sensitive data
Purposes
General personal data
Sensitive data
Legal Bases for Data Processing
4. Disclosure of Personal Data
To provide you with services and to serve aforesaid purposes, the Company may be required to disclose your personal data to the following third parties
In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity. You however have the right not to give your consent.
5. Sending or Transferring Personal Data to a Foreign Country
The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services. The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business. The Company is also required to send or transfer your personal data to destination hospitals, laboratories, and medical device manufacturers in a foreign country (such as the Federal Republic of Germany), including overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads). The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.
The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Company’s data storage system, storing data in locked file cabinets to prevent unauthorized access, using a digital locking system to limit the persons entitled to access data, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Company’s personnel and service providers have the duty to keep the data subject’s personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.
In the case that the Company or you set a password for the use of the Company’s platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data.
The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws. Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:
The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period.
You can exercise your rights to your personal data under this Policy Notice by contacting the Company by the means specified in article 13. If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative. The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time. You are entitled to the following rights:
The exercise of your rights may be restricted or rejected with some reasons, for instance, the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc. The Company shall inform you of a reason for rejection.
The Company collects personal data by using cookie and other similar technologies when you use the Company’s platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Company’s products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partially. However, you may not be able to access some part of the Company’s platform.
You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Company’s control. Using cookie usually more relates the Company’s platform and advertisements thereon to your interests, which enable the development of the Company’s platform.
When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the Marketing Media”) via notification on the platform, telephone, and/or email. You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.
The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.
1 Soi Krungthepkreetha 4 (B.Grimm), Huamark, Bangkapi, Bangkok 10240
Tel: +66 2038 5595
Line ID: @primocare
Email: [email protected]
1 Soi Krungthepkreetha 4 (B.Grimm), Huamark, Bangkapi, Bangkok 10240
Tel: +66 2038 5595
Line ID: @primocare
Email: [email protected]
©2022 PrimoCare Medical Limited. All rights reserved.
©2021 PrimoCare MEDICAL Limited All rights reserved.