Privacy Policy B-First Medical Ltd.

B-First Medical Ltd. (the “Company”) is aware of the importance of confidentiality and security of your personal data as our customers, personnel, job applicants, business partners, marketing activity participants or any person involving the aforesaid persons. The Company is therefore required to provide the privacy policy (the “Policy”) so that the Company’s operation meets the international standards for the protection of personal data and relevant personal data protection laws. This Policy is deemed as one part of the Company’s terms and condition on service rendering.

To do any transaction relevant to the Company, you and/or your parents, guardian or legal representative (in case your age is under 20 years old) confirm and accept the guideline and procedure specified herein. In addition, you accept that disclosing a third party’s personal data to the Company for the Company’s purposes as set out below is made with his/her consent.

1. Enforcement

This Policy is enforced on (1) the Company’s customers, namely patients, emergency or unconscious patients, persons interested in receiving medical service; (2) the Company’s personnel; (3) job applicants; (4) business partners; (5) bloggers, influencers and marketing activity participants; or (6) any person involving the aforesaid persons including other persons relevant to the Company, for example, marketing agents, law firms, insurance companies or recruitment agencies.

2. Collected Personal Data

The Company collects the following personal data, namely any information that enables your identification, whether directly or indirectly:

  1. Personal data, namely first name, last name, sex, date of birth, place of birth, age, weight, height, marital status, military status, identification/passport number, occupation, nationality, race, blood group, religion, address, house phone number, mobile phone number, email and any other contact details. You may be requested to confirm the correctness of data you provided for the Company;
  2. Health data, namely health records, underlying diseases, contagious or serious illness records, medical treatments, surgeries, drug or food allergies, medical care records, radiotherapy and medical procedures, etc.;
  3. Biometric data If you are the Companys personnel, you are required to provide the Company with your biometric data, namely finger scan, face scan, etc. for the purpose of the security of individuals and the Companys property, crime monitoring and prevention in the Companys premises, and an access to the personal and restricted areas;
  4.  Data of family members (children, parents, brothers, sisters and spouse) If you are the Companys personnel, you are required to provide the Company with personal data of your family members namely, first name, last name, age, occupation, address, place of work, and telephone number, etc. for the purposes of creating a database relating to medical cost fringe benefits for family members
  5. Contact person data in case of emergency and relevant persons In the case that you use the Companys medical services or you are emergency or unconscious patient, the Company is required to collect the data of a contact person in case of emergency or an accompanying person, as the case may be, namely first name, last name, telephone number, etc., for the purposes of your medical treatment and health care;
  6. Guarantor’s data If you are the personnel working under the Companys employment contract,  you must provide a person having qualifications as specified by the Company to enter into a surety agreement with the Company. The following personal data shall be collected from the guarantor: first name, last name, occupation, job position, place of work, house phone number, and mobile phone number, etc.;
  7. Educational and membership registration data, namely the educational backgrounds from secondary school to bachelor degree and higher level (an institution name, a program of study, the duration of study and an average grade), membership registration data, personal data appeared on a copy of an educational certificate, a copy of a transcript, a copy of certificates and a license, etc.;
  8. Data on work experiences and training records, namely work experiences such as the former employers name, job position, the duration of employment, reasons for leaving a job, salary, position allowance and other allowances, phone number, a brief summary of job responsibilities, training records such as training courses, training organizers and the course duration, etc.;
  9. Data on competency and personal interests, namely language competency, computer competency, typing skills, driving skills, hobbies, sports and favorite activities, etc.;
  10.  Data on job application and reference persons, namely data on a job application and/or resume/CV (if any), a job position to be applied for, expected salary, job interview, reference persons, i.e. first name, last name, occupation, address, place of work, job position and phone number, etc.;
  11. Data on work performance and work performance assessment, namely employee identification number, job position, employment conditions, performance assessment result, work behaviors, training, disciplinary action, employment commencement date, probation period end date, employment termination date (if any), dates and hours of work, number of working hours, number of overtime, days of annual leave, remaining leave, details of leave and reasons of leave, clock inout records, and system access records, etc.; 
  12. Financial and fringe benefit data, namely salary, bonus, remuneration, welfare benefits, fringe benefits, payroll, bank account, etc. If you want the Company to facilitate the tax payment filing, you may give the Company consent to collect your tax identification number, information on withholding tax, tax deduction, social security, and provident fund;
  13. Business partner data If you are the Companys business partner, the Company is required to collect personal data of your shareholders, directors or coordinator for the Companys business operation or transactions, for example, first name, last name, mobile phone number, email, position, signature, and Line ID, etc.;
  14. Conversation and communication recording between you and the Company through communication channels, namely telephone, email, PrimoCare Patient application, website www.primocare.com and/or other social media such as Facebook, Instagram, Line application, including your data provided to the Company while joining activities, sales promotion campaigns, surveys, or any questionnaires provided by the Company such as a health checkup and advice on health conditions, etc.;
  15. Social media In the case that you access the Companys platform via other social media such as Facebook, Instagram, Line application, the Company may have access to your personal data provided to such social media, i.e. account name (such as Line ID), email, and phone number (if any);
  16. Technical data, namely IP Address connecting your computer with the internet, data for access a system, a type and version of a browser, an operating system and computer traffic including information collected by the Company through cookies or other similar technologies, etc.;
  17. Other data such as pictures or videos for online public relations, slides, animations, closedcircuit television (CCTV), usage records and platform search records, etc. 

3. Sources of Personal Data

The Company may receive your personal data from the following ways:

  1. Personal data you provided to the Company directly, for example, sending the data to the Company directly through filling in a questionnaire or Google form, and/or any channel whether by telephone, email, PrimoCare Patient application, website www.primocare.com, and/or other social media such as Facebook, Instagram, Line application, including data you provided during the recruitment and selection, the employment, and/or doing business with the Company, as the case may be, etc;
  2.  Personal data you provided to the Company automatically, for example, the Company may receive your personal data and technical data concerning your equipment automatically, which the Company may collect this personal data by cookies and/or other similar technologies, etc.;
  3. Personal data received from a third party, for example, the Company may receive your personal data from a marketing agency, shutterstock provider, recruitment agency, talent acquisition unit which is a work unit of an affiliated company and accompanying persons (in case that you are an emergency or unconscious patient).

4. Purposes of Collection, Use, Disclosure of Personal Data

The Company shall collect, use, or disclose your personal data for various purposes on legal bases, including (a) for compliance with a contract and the conditions on service rendering between you and the Company; (b) for legitimate interests; (c) for preventing or suppressing a danger to your life, body or heath, or other persons life, body or health; (d) for compliance with legal obligations; and/or (e) on any other legal bases, as the case may be.

In addition, the Company may request your consent for collection, use or disclosure of your data for specific purposes as set out below:

4.1 Patients and relevant persons (such as relatives)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name – last name
  • age
  • Identification card/passport number 
  • Date of birth
  • Birthplace 
  • Weight, height 
  • Marital status 
  • Gender 
  • Military status
  • Nationality 
  • Occupation
  • Address
  • Phone number and
  • Any other contact details
  • For identification and verification of your right to medical care 
  • For communication with patients and relevant persons 
  • For providing you with health services
  • For complying with laws and creating any legal rights (if any)
  • The Company’s legitimate interests
  • Complying with a contract between you and the Company
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Blood group 
  • Religion
  • Nationality
  • Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
  • physical disability, and
  • genetic data
  • For identification and verification of your right to medical care 
  • For diagnoses
  • For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)
  • Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care 
  • The explicit consent

Types of Personal Data

General personal data

  • First name – last name
  • age
  • Identification card/passport number 
  • Date of birth
  • Birthplace 
  • Weight, height 
  • Marital status 
  • Gender 
  • Military status
  • Nationality 
  • Occupation
  • Address
  • Phone number and
  • Any other contact details

Sensitive data

  • Blood group 
  • Religion
  • Nationality
  • Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
  • physical disability, and
  • genetic data

Purposes

  • For identification and verification of your right to medical care 
  • For communication with patients and relevant persons 
  • For providing you with health services
  • For complying with laws and creating any legal rights (if any)
  • For identification and verification of your right to medical care 
  • For diagnoses
  • For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Complying with a contract between you and the Company
  • Consent
  • The Company’s legal obligations
  • Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care 
  • The explicit consent

4.2 Emergency or unconscious patients and relevant persons (such as accompanying persons) 

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name – last name
  • age
  • Identification card/passport number 
  • Date of birth
  • Gender
  • Nationality
  • Address
  • Phone number and
  • Any other contact details
 
  • For identifying patients before providing services
  • For providing basic medical care
  • For complying with laws and creating any legal rights (if any)
  • Preventing or suppressing a danger to a person’s life, body or health
  • The Company’s legitimate interests
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Blood group 
  • Religion
  • Nationality
  • Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
  • physical disability, and
  • genetic data 
  • For diagnoses
  • For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia) 
  • Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care 
  • The explicit consent

Types of Personal Data

General personal data

  • First name – last name
  • age
  • Identification card/passport number 
  • Date of birth
  • Gender
  • Nationality
  • Address
  • Phone number and
  • Any other contact details
 

Sensitive data

  • Blood group 
  • Religion
  • Nationality
  • Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
  • physical disability, and
  • genetic data 

Purposes

  • For identifying patients before providing services
  • For providing basic medical care
  • For complying with laws and creating any legal rights (if any)
  • For diagnoses
  • For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia) 

Legal Bases for Data Processing

  • Preventing or suppressing a danger to a person’s life, body or health
  • The Company’s legitimate interests
  • Consent
  • The Company’s legal obligations
  • Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care 
  • The explicit consent

4.3 The Company’s personnel and relevant persons (such as guarantor)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name – last name
  • Date of birth
  • Gender
  • Identification/passport number
  • Address
  • Phone number
  • Competency
  • Training records
  • Military status
  • Driving license number
  • Education and 
  • membership registration 
  • Reference persons
  • Family members
  • Guarantor’s occupation, position, place of work
  • Employee’s identification number  
  • Welfare benefits and fringe benefits
  • Probation period end date 
  • Employment termination date                 (if any)
  • Bank account number and other payment details
  • Tax identification number
  • Withholding tax 
  • Tax deduction 
  • Social security, and
  • Provident fund
  • For identification or verification before placement
  • For entering into an employment contract and a surety contract 
  • For communication with the Company’s personnel and relevant persons
  • For issuing payment slips and withholding tax filing 
  • For electronic transactions 
  • For preparing tax documents and invoices
  • For providing welfare and fringe benefits, including a right to medical care 
  • For creating an account to access HIS server 
  • For creating the Company’s email account for external and internal communication
  • For any other purposes related to the employment 
  • For complying with laws and creating any legal rights (if any)
  • The Company’s legitimate interests
  • Complying with a contract between you and the Company
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Blood group
  • Religion
  • Race 
  • Health: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records 
  • Physical disability, and
  • Genetic data 
  • (finger scan and face scan)
  • For entering into a contract
  • For checkup before starting to work
  • For security of individuals and the Company’s property
  • For having access to personal and restricted areas
  • The explicit consent

Types of Personal Data

General personal data

  • First name – last name
  • Date of birth
  • Gender
  • Identification/passport number
  • Address
  • Phone number
  • Competency
  • Training records
  • Military status
  • Driving license number
  • Education and 
  • membership registration 
  • Reference persons
  • Family members
  • Guarantor’s occupation, position, place of work
  • Employee’s identification number  
  • Welfare benefits and fringe benefits
  • Probation period end date 
  • Employment termination date                 (if any)
  • Bank account number and other payment details
  • Tax identification number
  • Withholding tax 
  • Tax deduction 
  • Social security, and
  • Provident fund

Sensitive data

  • Blood group
  • Religion
  • Race 
  • Health: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records 
  • Physical disability, and
  • Genetic data 
  • (finger scan and face scan)

Purposes

  • For identification or verification before placement
  • For entering into an employment contract and a surety contract 
  • For communication with the Company’s personnel and relevant persons
  • For issuing payment slips and withholding tax filing 
  • For electronic transactions 
  • For preparing tax documents and invoices
  • For providing welfare and fringe benefits, including a right to medical care 
  • For creating an account to access HIS server 
  • For creating the Company’s email account for external and internal communication
  • For any other purposes related to the employment 
  • For complying with laws and creating any legal rights (if any)
  • For entering into a contract
  • For checkup before starting to work
  • For security of individuals and the Company’s property
  • For having access to personal and restricted areas

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Complying with a contract between you and the Company
  • Consent
  • The Company’s legal obligations
  • The explicit consent

4.4 Applicants and relevant persons (such as reference persons)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name – last name
  • Identification/passport number
  • Date of birth
  • Address
  • Phone number
  • Competency
  • Training records
  • Military status
  • Driving license number
  • Family members
  • Education and 
  • membership registration, and 
  • Reference persons
  • For job applications, selection, interview, and doing any acts relevant to job applications 
  • For communication with applicants and relevant persons
  • The Company’s legitimate interests
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Blood group
  • Religion, and
  • Race
  • For job applications, selection, interview and doing any acts relevant to job applications
  • Explicit consent

Types of Personal Data

General personal data

  • First name – last name
  • Identification/passport number
  • Date of birth
  • Address
  • Phone number
  • Competency
  • Training records
  • Military status
  • Driving license number
  • Family members
  • Education and 
  • membership registration, and 
  • Reference persons

Sensitive data

  • Blood group
  • Religion, and
  • Race

Purposes

  • For job applications, selection, interview, and doing any acts relevant to job applications 
  • For communication with applicants and relevant persons
  • For job applications, selection, interview and doing any acts relevant to job applications

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Consent
  • The Company’s legal obligations
  • Explicit consent

4.5 Business partners and relevant persons (such as shareholders, directors, or coordinators in case of a business partner being a juristic person)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • General personal data
  • First name – last name
  • Identification/passport number
  • Date of birth
  • Address
  • Phone number
  • Email, and
  • Bank account and other payment details
  • For identification or verification before entering into a contract with the Company
  • For entering into a contract 
  • For business communication and coordination 
  • For issuing payment slips and withholding tax filing
  • For electronic transactions
  • For preparing tax documents and invoices
  • For complying with laws and creating any legal rights (if any)
  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Blood group
  • Religion, and
  • Race
  • For entering into a contract
  • The explicit consent

Types of Personal Data

General personal data

  • General personal data
  • First name – last name
  • Identification/passport number
  • Date of birth
  • Address
  • Phone number
  • Email, and
  • Bank account and other payment details

Sensitive data

  • Blood group
  • Religion, and
  • Race

Purposes

  • For identification or verification before entering into a contract with the Company
  • For entering into a contract 
  • For business communication and coordination 
  • For issuing payment slips and withholding tax filing
  • For electronic transactions
  • For preparing tax documents and invoices
  • For complying with laws and creating any legal rights (if any)
  • For entering into a contract

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations
  • The explicit consent

4.6 Persons interested in receiving medical service

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name– last name
  • Address
  • Phone number, and
  • Email
  • For marketing purposes
  • For offering marketing activities that may be of interest and beneficial to you
  • For making an appointment with the Company’s medical personnel, and/or the Company’s business alliances
  • For giving you useful platform information
  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records 
  • For diagnoses
  • The explicit consent

Types of Personal Data

General personal data

  • First name– last name
  • Address
  • Phone number, and
  • Email

Sensitive data

  • Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records 

Purposes

  • For marketing purposes
  • For offering marketing activities that may be of interest and beneficial to you
  • For making an appointment with the Company’s medical personnel, and/or the Company’s business alliances
  • For giving you useful platform information
  • For diagnoses

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations
  • The explicit consent

4.7 Bloggers, influencers, and marketing activity participants

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

  • First name– last name
  • Gender
  • Date of birth
  • Age
  • Weight, height 
  • Marital status
  • Identification number
  • Nationality
  • Address
  • House phone number
  • Mobile phone number
  • Email, and
  • Any other contact details
  • For online advertisement and marketing activities
  • For research, development and improvement of the Company’s services
  • For identification or verification before entering into an advertisement contract with the Company
  • For entering into a contract
  • For issuing payment slips and withholding tax filing 
  • For electronic transactions  
  • For preparing tax documents and invoices
  • For complying with laws and creating any legal rights (if any)
  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations

Sensitive data

  • Religion
  • Race 
  • Blood group, and
  • Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records
  • For online advertisement and marketing activities
  • For research, development and improvement of the Company’s services
  • For entering into a contract
  • The explicit consent

5. Disclosure of Personal Data

The Company may be required to disclose your personal data to third parties: (1) affiliated companies or a corporate group including their executives, directors, employees and/or personnel relevant to and necessary for your data processing; (2) the Company’s business alliances such as laboratories, life insurance companies; (3) state agencies such as Anti Money Laundering Office, Office of the National Anti-Corruption Commission, Office of The Narcotics Control Board, Social Security Office, The Revenue Department, Legal Execution Department, Courts; (4) service providers and data processors assigned or engaged by the Company to manage/process personal data, for example, Cloud providers; (5) banks, credit card companies, provident fund management companies; (6) destination hospitals in case of patient transfers for medical treatment, and (7) the Company’s advisors, for example, legal counsels and auditors for rendering services to you and complying with aforesaid purposes
In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity. You however have the right not to give your consent.

6. Sending or Transferring Personal Data to a Foreign Country

The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services. The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business. The Company is also required to send or transfer your personal data to destination hospitals and overseas medical device manufacturers (such as the Federal Republic of Germany) and overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads). The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.

7. Retention of Personal Data

The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Companys data storage system, using a digital locking system to limit the persons entitled to access data, storing data in locked file cabinets to prevent unauthorized access, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Companys personnel and service providers have the duty to keep the data subjects personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.

In the case that the Company or you set a password for the use of the Companys platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data. 

8. Retention Period for Personal Data

The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws, for instance, Accounting Act B.E. 2543, AntiMoney Laundering Act B.E. 2542, Computerrelated Crime Act B.E. 2550, and Revenue Code. Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:

  1. Patients and relevant persons (such as relatives) throughout a period of time you have been served the Companys medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
  2. Emergency or unconscious patients and relevant persons (such as accompanying persons)
  3. throughout a period of time you have been served the Companys medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
  4. The Companys personnel and relevant persons (such as guarantor) throughout a period of time you have been the Companys personnel;
  5. Job applicants and relevant persons (such as reference persons) throughout a period of time you have been in the process of recruitment, selection, interview and doing any activities relevant to a job application. The Company shall retain your personal data for [please specify a data retention period] from the deadline for application;
  6. Business partners and relevant persons throughout a period of time you have been the Companys business partners. The Company shall retain your personal data for [please specify a data retention period] from a termination date;
  7. Persons interested in receiving medical service throughout a period of time you have been using the Companys platform and/or [please specify a data retention period] from a date you stop using it completely;
  8. Bloggers, influencers, and marketing activity participants [please specify a data retention period]

The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period

9. Your Rights

You can exercise your rights to your personal data under this Policy by contacting the Company by the means specified in article 13. If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative. The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time. You are entitled to the following rights:

  1. Request access to and obtain a copy of personal data: You are entitled to request access to and obtain a copy of your personal data collected by the Company, or to request the disclosure of a source of your personal data acquired without your consent;
  2. Request the correction of personal data: You are entitled to request the correction of your personal data to be accurate, up to date, and not misleading;
  3. Request the erasure or destruction of personal dataYou are entitled to request the erasure or destruction of your personal data, or data anonymization;
  4. Request a restriction on the use of personal data: You are entitled to request a restriction on the use of personal data in case that the Company is pending examination process in accordance with your request/objection, or in case that you request the Company to restrict the use of personal data instead of erasure or destruction of unnecessary personal data;
  5. Object to your personal data processing: You are entitled to object to your personal data processing as prescribed by the personal data protection law;
  6. Transfer personal data: You are entitled to obtain your personal data, and to request the Company to send or transfer your personal data to a third party in order to facilitate the exercise of your rights, unless it is impossible to do so because of the technical circumstances. The exercise of rights shall be subject to the provisions prescribed by law;
  7. Withdrawal of consentIn the event that you have given consent to the Company to collect, use, and/or disclose personal data, you are entitled to withdraw the consent at any time via the Companys contact channels, unless there is a restriction of the withdrawal of consent by law, or there is a contract giving you benefits.
    Such withdrawal of consent shall not affect the collection, use, or disclosure of personal data that have been processed by the Company on the basis of consent. In some cases, the withdrawal of consent may affect you, for instance, inconvenient for providing you with welfare benefits, inconvenient for business coordination, notifications of benefits, promotion, news or new offers, not being served with better products or services, and not being served with products or services that meet your needs, etc. After being informed of your withdrawal of consent, the Company shall inform you of such consequences thereof so that you make a decision whether you intend to do so.
  8. File a complaint: You are entitled to file a complaint with a person in authority (such as a personal data protection committee/office) in the event that you believe that the Company breaches the personal data protection law.

The exercise of your rights may be restricted or rejected with some reasons, for instance, the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc. The Company shall inform you of a reason for rejection.

10. Cookie Policy

The Company collects personal data by using cookie and other similar technologies when you use the Companys platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Companys products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partiallyHowever, you may not be able to access some part of the Companys platform.

You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Companys control. Using cookie usually more relates the Companys platform and advertisements thereon to your interests, which enable the development of the Companys platform.

11. Marketing Media

When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the “Marketing Media”) via notification on the platform, telephone, and/or email. You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.
The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.

12. Amendment

The Company reserves the right to amend this policy from time to time in order to be in compliance with the Company’s guideline and/or statutory requirements. The Company shall notify you thereof via an appropriate means. If such amendment affects the essential rights of a data subject, the Company may request consent before any amendment as prescribed by law.
The Company recommend that you check this Policy from time to time so that you are aware of any amendment or change made to this Policy.

13. Contact

If you have any question about this Policy or intend to exercise your right and file any complaint with the Company about the processing of your personal data by the Company, you can contact the Company through the following channels:

Address: B-First Medical Co., Ltd. No. 1, Soi Krungthep Kreetha 4 (B. Grimm) Hua Mak sub-district, Bang Kapi district, Bangkok 10240
Phone: +66 2038 5595
Fax: +66 2038 5542
Email: [email protected]
Line ID: @primocare

Types of Personal Data

General personal data

  • First name– last name
  • Gender
  • Date of birth
  • Age
  • Weight, height 
  • Marital status
  • Identification number
  • Nationality
  • Address
  • House phone number
  • Mobile phone number
  • Email, and
  • Any other contact details

Sensitive data

  • Religion
  • Race 
  • Blood group, and
  • Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records

Purposes

  • For online advertisement and marketing activities
  • For research, development and improvement of the Company’s services
  • For identification or verification before entering into an advertisement contract with the Company
  • For entering into a contract
  • For issuing payment slips and withholding tax filing 
  • For electronic transactions  
  • For preparing tax documents and invoices
  • For complying with laws and creating any legal rights (if any)
  • For online advertisement and marketing activities
  • For research, development and improvement of the Company’s services
  • For entering into a contract

Legal Bases for Data Processing

  • The Company’s legitimate interests
  • Compliance with a contract between you and the Company
  • Consent
  • The Company’s legal obligations
  • The explicit consent

5. Disclosure of Personal Data

The Company may be required to disclose your personal data to third parties: (1) affiliated companies or a corporate group including their executives, directors, employees and/or personnel relevant to and necessary for your data processing; (2) the Company’s business alliances such as laboratories, life insurance companies; (3) state agencies such as Anti Money Laundering Office, Office of the National Anti-Corruption Commission, Office of The Narcotics Control Board, Social Security Office, The Revenue Department, Legal Execution Department, Courts; (4) service providers and data processors assigned or engaged by the Company to manage/process personal data, for example, Cloud providers; (5) banks, credit card companies, provident fund management companies; (6) destination hospitals in case of patient transfers for medical treatment, and (7) the Company’s advisors, for example, legal counsels and auditors for rendering services to you and complying with aforesaid purposes
In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity. You however have the right not to give your consent.

6. Sending or Transferring Personal Data to a Foreign Country

The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services. The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business. The Company is also required to send or transfer your personal data to destination hospitals and overseas medical device manufacturers (such as the Federal Republic of Germany) and overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads). The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.

7. Retention of Personal Data

The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Companys data storage system, using a digital locking system to limit the persons entitled to access data, storing data in locked file cabinets to prevent unauthorized access, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Companys personnel and service providers have the duty to keep the data subjects personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.

In the case that the Company or you set a password for the use of the Companys platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data. 

8. Retention Period for Personal Data

The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws, for instance, Accounting Act B.E. 2543, AntiMoney Laundering Act B.E. 2542, Computerrelated Crime Act B.E. 2550, and Revenue Code. Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:

  1. Patients and relevant persons (such as relatives) throughout a period of time you have been served the Companys medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
  2. Emergency or unconscious patients and relevant persons (such as accompanying persons)
  3. throughout a period of time you have been served the Companys medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
  4. The Companys personnel and relevant persons (such as guarantor) throughout a period of time you have been the Companys personnel;
  5. Job applicants and relevant persons (such as reference persons) throughout a period of time you have been in the process of recruitment, selection, interview and doing any activities relevant to a job application. The Company shall retain your personal data for [please specify a data retention period] from the deadline for application;
  6. Business partners and relevant persons throughout a period of time you have been the Companys business partners. The Company shall retain your personal data for [please specify a data retention period] from a termination date;
  7. Persons interested in receiving medical service throughout a period of time you have been using the Companys platform and/or [please specify a data retention period] from a date you stop using it completely;
  8. Bloggers, influencers, and marketing activity participants [please specify a data retention period]

The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period

9. Your Rights

You can exercise your rights to your personal data under this Policy by contacting the Company by the means specified in article 13. If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative. The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time. You are entitled to the following rights:

  1. Request access to and obtain a copy of personal data: You are entitled to request access to and obtain a copy of your personal data collected by the Company, or to request the disclosure of a source of your personal data acquired without your consent;
  2. Request the correction of personal data: You are entitled to request the correction of your personal data to be accurate, up to date, and not misleading;
  3. Request the erasure or destruction of personal dataYou are entitled to request the erasure or destruction of your personal data, or data anonymization;
  4. Request a restriction on the use of personal data: You are entitled to request a restriction on the use of personal data in case that the Company is pending examination process in accordance with your request/objection, or in case that you request the Company to restrict the use of personal data instead of erasure or destruction of unnecessary personal data;
  5. Object to your personal data processing: You are entitled to object to your personal data processing as prescribed by the personal data protection law;
  6. Transfer personal data: You are entitled to obtain your personal data, and to request the Company to send or transfer your personal data to a third party in order to facilitate the exercise of your rights, unless it is impossible to do so because of the technical circumstances. The exercise of rights shall be subject to the provisions prescribed by law;
  7. Withdrawal of consentIn the event that you have given consent to the Company to collect, use, and/or disclose personal data, you are entitled to withdraw the consent at any time via the Companys contact channels, unless there is a restriction of the withdrawal of consent by law, or there is a contract giving you benefits.
    Such withdrawal of consent shall not affect the collection, use, or disclosure of personal data that have been processed by the Company on the basis of consent. In some cases, the withdrawal of consent may affect you, for instance, inconvenient for providing you with welfare benefits, inconvenient for business coordination, notifications of benefits, promotion, news or new offers, not being served with better products or services, and not being served with products or services that meet your needs, etc. After being informed of your withdrawal of consent, the Company shall inform you of such consequences thereof so that you make a decision whether you intend to do so.
  8. File a complaint: You are entitled to file a complaint with a person in authority (such as a personal data protection committee/office) in the event that you believe that the Company breaches the personal data protection law.

The exercise of your rights may be restricted or rejected with some reasons, for instance, the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc. The Company shall inform you of a reason for rejection.

10. Cookie Policy

The Company collects personal data by using cookie and other similar technologies when you use the Companys platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Companys products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partiallyHowever, you may not be able to access some part of the Companys platform.

You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Companys control. Using cookie usually more relates the Companys platform and advertisements thereon to your interests, which enable the development of the Companys platform.

11. Marketing Media

When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the “Marketing Media”) via notification on the platform, telephone, and/or email. You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.
The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.

12. Amendment

The Company reserves the right to amend this policy from time to time in order to be in compliance with the Company’s guideline and/or statutory requirements. The Company shall notify you thereof via an appropriate means. If such amendment affects the essential rights of a data subject, the Company may request consent before any amendment as prescribed by law.
The Company recommend that you check this Policy from time to time so that you are aware of any amendment or change made to this Policy.

13. Contact

If you have any question about this Policy or intend to exercise your right and file any complaint with the Company about the processing of your personal data by the Company, you can contact the Company through the following channels:

 
Address: B-First Medical Co., Ltd. No. 1, Soi Krungthep Kreetha 4 (B. Grimm) Hua Mak sub-district, Bang Kapi district, Bangkok 10240
Phone: +66 2038 5595
Fax: +66 2038 5542
Email: [email protected]
Line ID: @primocare