Privacy Policy - Primocare Medical

Privacy Policy B-First Medical Ltd.

B-First Medical Ltd. (the “Company”) is aware of the importance of confidentiality and security of your personal data as our customers, personnel, job applicants, business partners, marketing activity participants or any person involving the aforesaid persons. The Company is therefore required to provide the privacy policy (the “Policy”) so that the Company’s operation meets the international standards for the protection of personal data and relevant personal data protection laws. This Policy is deemed as one part of the Company’s terms and condition on service rendering.

To do any transaction relevant to the Company, you and/or your parents, guardian or legal representative (in case your age is under 20 years old) confirm and accept the guideline and procedure specified herein. In addition, you accept that disclosing a third party’s personal data to the Company for the Company’s purposes as set out below is made with his/her consent.

1. Enforcement

This Policy is enforced on (1) the Company’s customers, namely patients, emergency or unconscious patients, persons interested in receiving medical service; (2) the Company’s personnel; (3) job applicants; (4) business partners; (5) bloggers, influencers and marketing activity participants; or (6) any person involving the aforesaid persons including other persons relevant to the Company, for example, marketing agents, law firms, insurance companies or recruitment agencies.

2. Collected Personal Data

The Company collects the following personal data, namely any information that enables your identification, whether directly or indirectly:

Personal data, namely first name, last name, sex, date of birth, place of birth, age, weight, height, marital status, military status, identification/passport number, occupation, nationality, race, blood group, religion, address, house phone number, mobile phone number, email and any other contact details. You may be requested to confirm the correctness of data you provided for the Company;
Health data, namely health records, underlying diseases, contagious or serious illness records, medical treatments, surgeries, drug or food allergies, medical care records, radiotherapy and medical procedures, etc.;
Biometric data If you are the Company’s personnel, you are required to provide the Company with your biometric data, namely finger scan, face scan, etc. for the purpose of the security of individuals and the Company’s property, crime monitoring and prevention in the Company’s premises, and an access to the personal and restricted areas;
Data of family members (children, parents, brothers, sisters and spouse) If you are the Company’s personnel, you are required to provide the Company with personal data of your family members namely, first name, last name, age, occupation, address, place of work, and telephone number, etc. for the purposes of creating a database relating to medical cost fringe benefits for family members
Contact person data in case of emergency and relevant persons In the case that you use the Company’s medical services or you are emergency or unconscious patient, the Company is required to collect the data of a contact person in case of emergency or an accompanying person, as the case may be, namely first name, last name, telephone number, etc., for the purposes of your medical treatment and health care;
Guarantor’s data If you are the personnel working under the Company’s employment contract, you must provide a person having qualifications as specified by the Company to enter into a surety agreement with the Company. The following personal data shall be collected from the guarantor: first name, last name, occupation, job position, place of work, house phone number, and mobile phone number, etc.;
Educational and membership registration data, namely the educational backgrounds from secondary school to bachelor degree and higher level (an institution name, a program of study, the duration of study and an average grade), membership registration data, personal data appeared on a copy of an educational certificate, a copy of a transcript, a copy of certificates and a license, etc.;
Data on work experiences and training records, namely work experiences such as the former employer’s name, job position, the duration of employment, reasons for leaving a job, salary, position allowance and other allowances, phone number, a brief summary of job responsibilities, training records such as training courses, training organizers and the course duration, etc.;
Data on competency and personal interests, namely language competency, computer competency, typing skills, driving skills, hobbies, sports and favorite activities, etc.;
Data on job application and reference persons, namely data on a job application and/or resume/CV (if any), a job position to be applied for, expected salary, job interview, reference persons, i.e. first name, last name, occupation, address, place of work, job position and phone number, etc.;
Data on work performance and work performance assessment, namely employee identification number, job position, employment conditions, performance assessment result, work behaviors, training, disciplinary action, employment commencement date, probation period end date, employment termination date (if any), dates and hours of work, number of working hours, number of overtime, days of annual leave, remaining leave, details of leave and reasons of leave, clock in–out records, and system access records, etc.;
Financial and fringe benefit data, namely salary, bonus, remuneration, welfare benefits, fringe benefits, payroll, bank account, etc. If you want the Company to facilitate the tax payment filing, you may give the Company consent to collect your tax identification number, information on withholding tax, tax deduction, social security, and provident fund;
Business partner data If you are the Company’s business partner, the Company is required to collect personal data of your shareholders, directors or coordinator for the Company’s business operation or transactions, for example, first name, last name, mobile phone number, email, position, signature, and Line ID, etc.;
Conversation and communication recording between you and the Company through communication channels, namely telephone, email, PrimoCare Patient application, website www.primocare.com and/or other social media such as Facebook, Instagram, Line application, including your data provided to the Company while joining activities, sales promotion campaigns, surveys, or any questionnaires provided by the Company such as a health checkup and advice on health conditions, etc.;
Social media In the case that you access the Company’s platform via other social media such as Facebook, Instagram, Line application, the Company may have access to your personal data provided to such social media, i.e. account name (such as Line ID), email, and phone number (if any);
Technical data, namely IP Address connecting your computer with the internet, data for access a system, a type and version of a browser, an operating system and computer traffic including information collected by the Company through cookies or other similar technologies, etc.;
Other data such as pictures or videos for online public relations, slides, animations, closed–circuit television (CCTV), usage records and platform search records, etc.

3. Sources of Personal Data

The Company may receive your personal data from the following ways:

Personal data you provided to the Company directly, for example, sending the data to the Company directly through filling in a questionnaire or Google form, and/or any channel whether by telephone, email, PrimoCare Patient application, website www.primocare.com, and/or other social media such as Facebook, Instagram, Line application, including data you provided during the recruitment and selection, the employment, and/or doing business with the Company, as the case may be, etc;
Personal data you provided to the Company automatically, for example, the Company may receive your personal data and technical data concerning your equipment automatically, which the Company may collect this personal data by cookies and/or other similar technologies, etc.;
Personal data received from a third party, for example, the Company may receive your personal data from a marketing agency, shutterstock provider, recruitment agency, talent acquisition unit which is a work unit of an affiliated company and accompanying persons (in case that you are an emergency or unconscious patient).

4. Purposes of Collection, Use, Disclosure of Personal Data

The Company shall collect, use, or disclose your personal data for various purposes on legal bases, including (a) for compliance with a contract and the conditions on service rendering between you and the Company; (b) for legitimate interests; (c) for preventing or suppressing a danger to your life, body or heath, or other person’s life, body or health; (d) for compliance with legal obligations; and/or (e) on any other legal bases, as the case may be.

In addition, the Company may request your consent for collection, use or disclosure of your data for specific purposes as set out below:

4.1 Patients and relevant persons (such as relatives)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name – last name
age
Identification card/passport number
Date of birth
Birthplace
Weight, height
Marital status
Gender
Military status
Nationality
Occupation
Address
Phone number and
Any other contact details

For identification and verification of your right to medical care
For communication with patients and relevant persons
For providing you with health services
For complying with laws and creating any legal rights (if any)

The Company’s legitimate interests
Complying with a contract between you and the Company
Consent
The Company’s legal obligations

Sensitive data

Blood group
Religion
Nationality
Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
physical disability, and
genetic data

For identification and verification of your right to medical care
For diagnoses
For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)

Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care
The explicit consent

Types of Personal Data

General personal data

First name – last name
age
Identification card/passport number
Date of birth
Birthplace
Weight, height
Marital status
Gender
Military status
Nationality
Occupation
Address
Phone number and
Any other contact details

Sensitive data

Blood group
Religion
Nationality
Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
physical disability, and
genetic data

Purposes

For identification and verification of your right to medical care
For communication with patients and relevant persons
For providing you with health services
For complying with laws and creating any legal rights (if any)

For identification and verification of your right to medical care
For diagnoses
For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)

Legal Bases for Data Processing

The Company’s legitimate interests
Complying with a contract between you and the Company
Consent
The Company’s legal obligations

Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care
The explicit consent

4.2 Emergency or unconscious patients and relevant persons (such as accompanying persons)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name – last name
age
Identification card/passport number
Date of birth
Gender
Nationality
Address
Phone number and
Any other contact details

For identifying patients before providing services
For providing basic medical care
For complying with laws and creating any legal rights (if any)

Preventing or suppressing a danger to a person’s life, body or health
The Company’s legitimate interests
Consent
The Company’s legal obligations

Sensitive data

Blood group
Religion
Nationality
Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
physical disability, and
genetic data

For diagnoses
For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)

Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care
The explicit consent

Types of Personal Data

General personal data

First name – last name
age
Identification card/passport number
Date of birth
Gender
Nationality
Address
Phone number and
Any other contact details

Sensitive data

Blood group
Religion
Nationality
Health records: underlying diseases, drug or food allergies, medical care records, contagious or serious illness records
physical disability, and
genetic data

Purposes

For identifying patients before providing services
For providing basic medical care
For complying with laws and creating any legal rights (if any)

For diagnoses
For support of diagnoses (such as patients from the United Kingdom or the European Union may develop vaccine-induced immune thrombotic thrombocytopenia)

Legal Bases for Data Processing

Preventing or suppressing a danger to a person’s life, body or health
The Company’s legitimate interests
Consent
The Company’s legal obligations

Necessary for complying with the laws to achieve the purposes of medical diagnoses or medical care
The explicit consent

4.3 The Company’s personnel and relevant persons (such as guarantor)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name – last name
Date of birth
Gender
Identification/passport number
Address
Phone number
Competency
Training records
Military status
Driving license number
Education and
membership registration
Reference persons
Family members
Guarantor’s occupation, position, place of work
Employee’s identification number
Welfare benefits and fringe benefits
Probation period end date
Employment termination date (if any)
Bank account number and other payment details
Tax identification number
Withholding tax
Tax deduction
Social security, and
Provident fund

For identification or verification before placement
For entering into an employment contract and a surety contract
For communication with the Company’s personnel and relevant persons
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For providing welfare and fringe benefits, including a right to medical care
For creating an account to access HIS server
For creating the Company’s email account for external and internal communication
For any other purposes related to the employment
For complying with laws and creating any legal rights (if any)

The Company’s legitimate interests
Complying with a contract between you and the Company
Consent
The Company’s legal obligations

Sensitive data

Blood group
Religion
Race
Health: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records
Physical disability, and
Genetic data
(finger scan and face scan)

For entering into a contract
For checkup before starting to work
For security of individuals and the Company’s property
For having access to personal and restricted areas

The explicit consent

Types of Personal Data

General personal data

First name – last name
Date of birth
Gender
Identification/passport number
Address
Phone number
Competency
Training records
Military status
Driving license number
Education and
membership registration
Reference persons
Family members
Guarantor’s occupation, position, place of work
Employee’s identification number
Welfare benefits and fringe benefits
Probation period end date
Employment termination date (if any)
Bank account number and other payment details
Tax identification number
Withholding tax
Tax deduction
Social security, and
Provident fund

Sensitive data

Blood group
Religion
Race
Health: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records
Physical disability, and
Genetic data
(finger scan and face scan)

Purposes

For identification or verification before placement
For entering into an employment contract and a surety contract
For communication with the Company’s personnel and relevant persons
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For providing welfare and fringe benefits, including a right to medical care
For creating an account to access HIS server
For creating the Company’s email account for external and internal communication
For any other purposes related to the employment
For complying with laws and creating any legal rights (if any)

For entering into a contract
For checkup before starting to work
For security of individuals and the Company’s property
For having access to personal and restricted areas

Legal Bases for Data Processing

The Company’s legitimate interests
Complying with a contract between you and the Company
Consent
The Company’s legal obligations

The explicit consent

4.4 Applicants and relevant persons (such as reference persons)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name – last name
Identification/passport number
Date of birth
Address
Phone number
Competency
Training records
Military status
Driving license number
Family members
Education and
membership registration, and
Reference persons

For job applications, selection, interview, and doing any acts relevant to job applications
For communication with applicants and relevant persons

The Company’s legitimate interests
Consent
The Company’s legal obligations

Sensitive data

Blood group
Religion, and
Race

For job applications, selection, interview and doing any acts relevant to job applications

Explicit consent

Types of Personal Data

General personal data

First name – last name
Identification/passport number
Date of birth
Address
Phone number
Competency
Training records
Military status
Driving license number
Family members
Education and
membership registration, and
Reference persons

Sensitive data

Blood group
Religion, and
Race

Purposes

For job applications, selection, interview, and doing any acts relevant to job applications
For communication with applicants and relevant persons

For job applications, selection, interview and doing any acts relevant to job applications

Legal Bases for Data Processing

The Company’s legitimate interests
Consent
The Company’s legal obligations

Explicit consent

4.5 Business partners and relevant persons (such as shareholders, directors, or coordinators in case of a business partner being a juristic person)

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

General personal data
First name – last name
Identification/passport number
Date of birth
Address
Phone number
Email, and
Bank account and other payment details

For identification or verification before entering into a contract with the Company
For entering into a contract
For business communication and coordination
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For complying with laws and creating any legal rights (if any)

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

Sensitive data

Blood group
Religion, and
Race

For entering into a contract

The explicit consent

Types of Personal Data

General personal data

General personal data
First name – last name
Identification/passport number
Date of birth
Address
Phone number
Email, and
Bank account and other payment details

Sensitive data

Blood group
Religion, and
Race

Purposes

For identification or verification before entering into a contract with the Company
For entering into a contract
For business communication and coordination
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For complying with laws and creating any legal rights (if any)

For entering into a contract

Legal Bases for Data Processing

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

The explicit consent

4.6 Persons interested in receiving medical service

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name– last name
Address
Phone number, and
Email

For marketing purposes
For offering marketing activities that may be of interest and beneficial to you
For making an appointment with the Company’s medical personnel, and/or the Company’s business alliances
For giving you useful platform information

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

Sensitive data

Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records

For diagnoses

The explicit consent

Types of Personal Data

General personal data

First name– last name
Address
Phone number, and
Email

Sensitive data

Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records

Purposes

For marketing purposes
For offering marketing activities that may be of interest and beneficial to you
For making an appointment with the Company’s medical personnel, and/or the Company’s business alliances
For giving you useful platform information

For diagnoses

Legal Bases for Data Processing

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

The explicit consent

4.7 Bloggers, influencers, and marketing activity participants

Types of Personal Data

Purposes

Legal Bases for Data Processing

General personal data

First name– last name
Gender
Date of birth
Age
Weight, height
Marital status
Identification number
Nationality
Address
House phone number
Mobile phone number
Email, and
Any other contact details

For online advertisement and marketing activities
For research, development and improvement of the Company’s services
For identification or verification before entering into an advertisement contract with the Company
For entering into a contract
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For complying with laws and creating any legal rights (if any)

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

Sensitive data

Religion
Race
Blood group, and
Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records

For online advertisement and marketing activities
For research, development and improvement of the Company’s services
For entering into a contract

The explicit consent

5. Disclosure of Personal Data

The Company may be required to disclose your personal data to third parties: (1) affiliated companies or a corporate group including their executives, directors, employees and/or personnel relevant to and necessary for your data processing; (2) the Company’s business alliances such as laboratories, life insurance companies; (3) state agencies such as Anti Money Laundering Office, Office of the National Anti-Corruption Commission, Office of The Narcotics Control Board, Social Security Office, The Revenue Department, Legal Execution Department, Courts; (4) service providers and data processors assigned or engaged by the Company to manage/process personal data, for example, Cloud providers; (5) banks, credit card companies, provident fund management companies; (6) destination hospitals in case of patient transfers for medical treatment, and (7) the Company’s advisors, for example, legal counsels and auditors for rendering services to you and complying with aforesaid purposes
In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity. You however have the right not to give your consent.

6. Sending or Transferring Personal Data to a Foreign Country

The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services. The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business. The Company is also required to send or transfer your personal data to destination hospitals and overseas medical device manufacturers (such as the Federal Republic of Germany) and overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads). The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.

7. Retention of Personal Data

The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Company’s data storage system, using a digital locking system to limit the persons entitled to access data, storing data in locked file cabinets to prevent unauthorized access, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Company’s personnel and service providers have the duty to keep the data subject’s personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.

In the case that the Company or you set a password for the use of the Company’s platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data.

8. Retention Period for Personal Data

The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws, for instance, Accounting Act B.E. 2543, Anti–Money Laundering Act B.E. 2542, Computer–related Crime Act B.E. 2550, and Revenue Code. Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:

Patients and relevant persons (such as relatives) throughout a period of time you have been served the Company’s medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
Emergency or unconscious patients and relevant persons (such as accompanying persons)
throughout a period of time you have been served the Company’s medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
The Company’s personnel and relevant persons (such as guarantor) throughout a period of time you have been the Company’s personnel;
Job applicants and relevant persons (such as reference persons) throughout a period of time you have been in the process of recruitment, selection, interview and doing any activities relevant to a job application. The Company shall retain your personal data for [please specify a data retention period] from the deadline for application;
Business partners and relevant persons throughout a period of time you have been the Company’s business partners. The Company shall retain your personal data for [please specify a data retention period] from a termination date;
Persons interested in receiving medical service throughout a period of time you have been using the Company’s platform and/or [please specify a data retention period] from a date you stop using it completely;
Bloggers, influencers, and marketing activity participants [please specify a data retention period]

The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period

9. Your Rights

You can exercise your rights to your personal data under this Policy by contacting the Company by the means specified in article 13. If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative. The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time. You are entitled to the following rights:

Request access to and obtain a copy of personal data: You are entitled to request access to and obtain a copy of your personal data collected by the Company, or to request the disclosure of a source of your personal data acquired without your consent;
Request the correction of personal data: You are entitled to request the correction of your personal data to be accurate, up to date, and not misleading;
Request the erasure or destruction of personal data: You are entitled to request the erasure or destruction of your personal data, or data anonymization;
Request a restriction on the use of personal data: You are entitled to request a restriction on the use of personal data in case that the Company is pending examination process in accordance with your request/objection, or in case that you request the Company to restrict the use of personal data instead of erasure or destruction of unnecessary personal data;
Object to your personal data processing: You are entitled to object to your personal data processing as prescribed by the personal data protection law;
Transfer personal data: You are entitled to obtain your personal data, and to request the Company to send or transfer your personal data to a third party in order to facilitate the exercise of your rights, unless it is impossible to do so because of the technical circumstances. The exercise of rights shall be subject to the provisions prescribed by law;
Withdrawal of consent: In the event that you have given consent to the Company to collect, use, and/or disclose personal data, you are entitled to withdraw the consent at any time via the Company’s contact channels, unless there is a restriction of the withdrawal of consent by law, or there is a contract giving you benefits.
Such withdrawal of consent shall not affect the collection, use, or disclosure of personal data that have been processed by the Company on the basis of consent. In some cases, the withdrawal of consent may affect you, for instance, inconvenient for providing you with welfare benefits, inconvenient for business coordination, notifications of benefits, promotion, news or new offers, not being served with better products or services, and not being served with products or services that meet your needs, etc. After being informed of your withdrawal of consent, the Company shall inform you of such consequences thereof so that you make a decision whether you intend to do so.
File a complaint: You are entitled to file a complaint with a person in authority (such as a personal data protection committee/office) in the event that you believe that the Company breaches the personal data protection law.

The exercise of your rights may be restricted or rejected with some reasons, for instance, the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc. The Company shall inform you of a reason for rejection.

10. Cookie Policy

The Company collects personal data by using cookie and other similar technologies when you use the Company’s platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Company’s products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partially. However, you may not be able to access some part of the Company’s platform.

You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Company’s control. Using cookie usually more relates the Company’s platform and advertisements thereon to your interests, which enable the development of the Company’s platform.

11. Marketing Media

When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the “Marketing Media”) via notification on the platform, telephone, and/or email. You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.
The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.

12. Amendment

The Company reserves the right to amend this policy from time to time in order to be in compliance with the Company’s guideline and/or statutory requirements. The Company shall notify you thereof via an appropriate means. If such amendment affects the essential rights of a data subject, the Company may request consent before any amendment as prescribed by law.
The Company recommend that you check this Policy from time to time so that you are aware of any amendment or change made to this Policy.

13. Contact

If you have any question about this Policy or intend to exercise your right and file any complaint with the Company about the processing of your personal data by the Company, you can contact the Company through the following channels:

Address: B-First Medical Co., Ltd. No. 1, Soi Krungthep Kreetha 4 (B. Grimm) Hua Mak sub-district, Bang Kapi district, Bangkok 10240
Phone: +66 2038 5595
Fax: +66 2038 5542
Email: [email protected]
Line ID: @primocare

Types of Personal Data

General personal data

First name– last name
Gender
Date of birth
Age
Weight, height
Marital status
Identification number
Nationality
Address
House phone number
Mobile phone number
Email, and
Any other contact details

Sensitive data

Religion
Race
Blood group, and
Health records: underlying diseases, drug/food allergies, medical care records, contagious or serious illness records

Purposes

For online advertisement and marketing activities
For research, development and improvement of the Company’s services
For identification or verification before entering into an advertisement contract with the Company
For entering into a contract
For issuing payment slips and withholding tax filing
For electronic transactions
For preparing tax documents and invoices
For complying with laws and creating any legal rights (if any)

For online advertisement and marketing activities
For research, development and improvement of the Company’s services
For entering into a contract

Legal Bases for Data Processing

The Company’s legitimate interests
Compliance with a contract between you and the Company
Consent
The Company’s legal obligations

The explicit consent

5. Disclosure of Personal Data

The Company may be required to disclose your personal data to third parties: (1) affiliated companies or a corporate group including their executives, directors, employees and/or personnel relevant to and necessary for your data processing; (2) the Company’s business alliances such as laboratories, life insurance companies; (3) state agencies such as Anti Money Laundering Office, Office of the National Anti-Corruption Commission, Office of The Narcotics Control Board, Social Security Office, The Revenue Department, Legal Execution Department, Courts; (4) service providers and data processors assigned or engaged by the Company to manage/process personal data, for example, Cloud providers; (5) banks, credit card companies, provident fund management companies; (6) destination hospitals in case of patient transfers for medical treatment, and (7) the Company’s advisors, for example, legal counsels and auditors for rendering services to you and complying with aforesaid purposes
In addition, the Company may request your further consent from time to time so that the Company can disclose some types of your personal data (such as user accounts on social media, and opinions on the Company’s platform) on the Company’s social media for platform publicity. You however have the right not to give your consent.

6. Sending or Transferring Personal Data to a Foreign Country

The Company uses Cloud services from overseas provider, i.e. Google Cloud Platform (GCP) to provide you with services. The Company is therefore required to send or transfer your personal data to the service provider’s country for retention and processing that is one part of the Company’s ordinary course of business. The Company is also required to send or transfer your personal data to destination hospitals and overseas medical device manufacturers (such as the Federal Republic of Germany) and overseas data processors assigned or engaged by the Company to analyze personal data for the Company (such as Google Analytics, Google Ad, and Facebook Ads). The Company shall make the best effort to send or transfer personal data to reliable destination countries having security measures equivalent to the ones prescribed by the national laws.

7. Retention of Personal Data

The company takes appropriate security measures for both organizational measures and technical measures to retain your personal data, for instance, entering a code to prevent access to the Company’s data storage system, using a digital locking system to limit the persons entitled to access data, storing data in locked file cabinets to prevent unauthorized access, storing data on Google Cloud and Inet to prevent the loss of data, and using Firewall. Furthermore, the Company’s personnel and service providers have the duty to keep the data subject’s personal data confidential, and strictly comply with a security standard and a security policy when using, sending, transferring or processing your personal data.

In the case that the Company or you set a password for the use of the Company’s platform, you shall be responsible for keeping it confidential to prevent other persons from having unlawful access to your personal data.

8. Retention Period for Personal Data

The Company shall retain your personal data as necessary and according to the retention period set out by the specific laws, for instance, Accounting Act B.E. 2543, Anti–Money Laundering Act B.E. 2542, Computer–related Crime Act B.E. 2550, and Revenue Code. Provided no specific retention period set out by law, the Company shall set a retention period as necessary for its operation as follows:

Patients and relevant persons (such as relatives) throughout a period of time you have been served the Company’s medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
Emergency or unconscious patients and relevant persons (such as accompanying persons)
throughout a period of time you have been served the Company’s medical services. In the case that you no longer have contact with the Company, the Company shall retain your personal data for a further 5 years from the last day you have been served a medical care;
The Company’s personnel and relevant persons (such as guarantor) throughout a period of time you have been the Company’s personnel;
Job applicants and relevant persons (such as reference persons) throughout a period of time you have been in the process of recruitment, selection, interview and doing any activities relevant to a job application. The Company shall retain your personal data for [please specify a data retention period] from the deadline for application;
Business partners and relevant persons throughout a period of time you have been the Company’s business partners. The Company shall retain your personal data for [please specify a data retention period] from a termination date;
Persons interested in receiving medical service throughout a period of time you have been using the Company’s platform and/or [please specify a data retention period] from a date you stop using it completely;
Bloggers, influencers, and marketing activity participants [please specify a data retention period]

The Company shall erase, destroy, or anonymize the aforesaid data to become the anonymous data at the end of such retention period

9. Your Rights

You can exercise your rights to your personal data under this Policy by contacting the Company by the means specified in article 13. If you are under the age of 20 or you have a limited capacity under the law, you can exercise your right by your parents, guardian, or legal representative. The Company shall make the best effort to take action or give an explanation within 30 (thirty) days or within an appropriate time. You are entitled to the following rights:

Request access to and obtain a copy of personal data: You are entitled to request access to and obtain a copy of your personal data collected by the Company, or to request the disclosure of a source of your personal data acquired without your consent;
Request the correction of personal data: You are entitled to request the correction of your personal data to be accurate, up to date, and not misleading;
Request the erasure or destruction of personal data: You are entitled to request the erasure or destruction of your personal data, or data anonymization;
Request a restriction on the use of personal data: You are entitled to request a restriction on the use of personal data in case that the Company is pending examination process in accordance with your request/objection, or in case that you request the Company to restrict the use of personal data instead of erasure or destruction of unnecessary personal data;
Object to your personal data processing: You are entitled to object to your personal data processing as prescribed by the personal data protection law;
Transfer personal data: You are entitled to obtain your personal data, and to request the Company to send or transfer your personal data to a third party in order to facilitate the exercise of your rights, unless it is impossible to do so because of the technical circumstances. The exercise of rights shall be subject to the provisions prescribed by law;
Withdrawal of consent: In the event that you have given consent to the Company to collect, use, and/or disclose personal data, you are entitled to withdraw the consent at any time via the Company’s contact channels, unless there is a restriction of the withdrawal of consent by law, or there is a contract giving you benefits.
Such withdrawal of consent shall not affect the collection, use, or disclosure of personal data that have been processed by the Company on the basis of consent. In some cases, the withdrawal of consent may affect you, for instance, inconvenient for providing you with welfare benefits, inconvenient for business coordination, notifications of benefits, promotion, news or new offers, not being served with better products or services, and not being served with products or services that meet your needs, etc. After being informed of your withdrawal of consent, the Company shall inform you of such consequences thereof so that you make a decision whether you intend to do so.
File a complaint: You are entitled to file a complaint with a person in authority (such as a personal data protection committee/office) in the event that you believe that the Company breaches the personal data protection law.

The exercise of your rights may be restricted or rejected with some reasons, for instance, the exercise of your rights may be in violation of the law/order of a competent agency, for public interest purpose, or may affect freedom of a person, etc. The Company shall inform you of a reason for rejection.

10. Cookie Policy

The Company collects personal data by using cookie and other similar technologies when you use the Company’s platform for the following purposes: (1) analyse and process your use of the platform; (2) broaden your experience and increase your satisfaction; (3) advertisements and public relations for the Company’s products and services; and (4) adjust marketing campaigns to meet your needs. You can set or delete cookie personally by setting an application on your mobile phone or web browser, which enables you to decline the use of cookie wholly or partially. However, you may not be able to access some part of the Company’s platform.

You are advised that a third party (such as an advertising network and a data processor analysing website visits, etc.) may use such cookie also, which is outside the Company’s control. Using cookie usually more relates the Company’s platform and advertisements thereon to your interests, which enable the development of the Company’s platform.

11. Marketing Media

When obtaining explicit consent from you verbally or via the platform, the Company may provide you with information for a marketing purpose, and for sales promotion and marketing activities of the Company and/or its business alliances that may interest and be beneficial to you (the “Marketing Media”) via notification on the platform, telephone, and/or email. You can cancel receipt of such marketing media at all times via the platform, the Company’s contact channels, and/or when the Company have contact with you.
The Company advises you that in the event that you choose not to receive such information, the Company shall be able to continue sending the information irrelevant to sales promotions or information about the use of platform for your benefits.

12. Amendment

The Company reserves the right to amend this policy from time to time in order to be in compliance with the Company’s guideline and/or statutory requirements. The Company shall notify you thereof via an appropriate means. If such amendment affects the essential rights of a data subject, the Company may request consent before any amendment as prescribed by law.
The Company recommend that you check this Policy from time to time so that you are aware of any amendment or change made to this Policy.

13. Contact

If you have any question about this Policy or intend to exercise your right and file any complaint with the Company about the processing of your personal data by the Company, you can contact the Company through the following channels:

Address: B-First Medical Co., Ltd. No. 1, Soi Krungthep Kreetha 4 (B. Grimm) Hua Mak sub-district, Bang Kapi district, Bangkok 10240
Phone: +66 2038 5595
Fax: +66 2038 5542
Email: [email protected]
Line ID: @primocare

1. Enforcement

2. Collected Personal Data

3. Sources of Personal Data

4. Purposes of Collection, Use, Disclosure of Personal Data

5. Disclosure of Personal Data

6. Sending or Transferring Personal Data to a Foreign Country

7. Retention of Personal Data

8. Retention Period for Personal Data

9. Your Rights

10. Cookie Policy

11. Marketing Media

12. Amendment

13. Contact

5. Disclosure of Personal Data

6. Sending or Transferring Personal Data to a Foreign Country

7. Retention of Personal Data

8. Retention Period for Personal Data

9. Your Rights

10. Cookie Policy

11. Marketing Media

12. Amendment

13. Contact

Doing Business with Compassion
for the Development of Civilisation in Harmony with Nature.

Part of B.Grimm Group | bgrimmgroup.com

About us

Contact

Doing Business with Compassion
for the Development of Civilisation in Harmony with Nature.

Part of B.Grimm Group | bgrimmgroup.com

About us

Contact

1. Enforcement

2. Collected Personal Data

3. Sources of Personal Data

4. Purposes of Collection, Use, Disclosure of Personal Data

5. Disclosure of Personal Data

6. Sending or Transferring Personal Data to a Foreign Country

7. Retention of Personal Data

8. Retention Period for Personal Data

9. Your Rights

10. Cookie Policy

11. Marketing Media

12. Amendment

13. Contact

5. Disclosure of Personal Data

6. Sending or Transferring Personal Data to a Foreign Country

7. Retention of Personal Data

8. Retention Period for Personal Data

9. Your Rights

10. Cookie Policy

11. Marketing Media

12. Amendment

13. Contact

Doing Business with Compassionfor the Development of Civilisation in Harmony with Nature.

Part of B.Grimm Group | bgrimmgroup.com

About us

Contact

Doing Business with Compassionfor the Development of Civilisation in Harmony with Nature.

Part of B.Grimm Group | bgrimmgroup.com

About us

Contact

Doing Business with Compassion
for the Development of Civilisation in Harmony with Nature.

Doing Business with Compassion
for the Development of Civilisation in Harmony with Nature.