Privacy Policy

Privacy Policy

At Miskawaan Health Group Company Limited (the “Company” or “we”), we value the safety and privacy of all our customers’ personal data. Accordingly, as our customers (the “Customer” or “you”) are required to provide us your personal data for our Customer registration and further for the appropriate products, services and/or treatments, the Company hereby creates this privacy policy for all Customer to provide the information relating to the collection, usage, and/or disclosure of your personal data, as well as your legal rights relating to your personal data under the current Personal Data Protection Act 2019 and its amendments (if any) (the “Policy”).  

To register as our Customer, you must be at least over 20 years old and must read all contents of this privacy policies and provide appropriate consent to us for our processing of your personal data as per the purposes and terms and conditions specified herein. If your age is lower than 20 years old, we strictly require written consent from your parent or legal guardian. 

If you are registering with us online via our website and enter to a third-party website or platforms through a link or banner that may appear on our website, please note that you shall be subject to the data processing policies of such third-party website or platform. Accordingly, we advice you to read through such third-party privacy policies and make sure you understand such policies when you use their website/platform.

1. Personal Data to be Collected by the Company

Personal data to be collected by the Company includes any information that can be used to identify your identity, whether directly or indirectly, including but not limited to the followings (“Personal Data”):

1.1 Data Provided by You

When you register as our Customer, whether through our website, online platform, live chat, telephone, email, or our social media, or when you participate in any activities or surveys organized by the Company, you may provide Personal Data to the Company, including but not limited to name and surname, nickname, date of birth, address, email, phone number, marital status, family member’s Personal Data, financial information, credit card information, photo, education information (such as school names and your degrees), and any other information to identify yourself. In this regard, the Company may ask you to confirm and verify the accuracy of the data you provided to the Company and may enquire you for information relating to your needs or preferences of products or services, as well as your opinion or feedback of the Company’s products or services. Further, the Company may record the communications we have with you, whether in a form of telephone call, email, chat, or social media communications.

1.2 Data Collected by the Company

(1) Technical data, which includes but not limited to the IP address used for the connectivity of your computer to the internet, system access information, type and version of your browser, cookies data, time zone, type and version of browser plug-in, operation system and platforms.

(2) Data relating to your visit, which includes but not limited to the URLs, the products that you are browsing on your website, page response time, download issues, visitation time, interaction on the page, phone number used to contact us.

(3) Sensitive Personal Data for your registration with the Company and as required for our products and/or services, which includes but not limited to data relating to racial, ethnic origin, religious or philosophical beliefs, sexual behavior, health data, disability, genetic information, biometric data or any data which may affect you in the same manner (“Sensitive Personal Data”). Your explicit consent shall always be required prior to our collection and/or processing of your Sensitive Personal Data.

1.3 Data the Company received from Third-Party

The Company may obtain your Personal Data (such as name-surname, nickname, age, address, phone number, family member’s Personal Data, school name, education degree) from sources relating to you (such as family, school, friend, and referral), as well as third-party sources (such as business partner, website operator, application operator or platforms you may use, technical vendors, payment processing operator, advertisement operator, analysts, search engine operator, etc.) (“Company Partners”) that include but not limited to the followings:

(1) When you visit or use the website or application of a third-party that relates to the Company;

(2) When you use or request for a service with a third-party that relates to the Company, such as registering for a payment service with an operator that relates to the Company;

In case you provide Personal Data of your family members (such as name-surname, email, address, telephone number) to the Company, we shall check and ensure that the Company is consented to collect, use and process Personal Data from such family member (except in case where the Company has the legal rights that exempt the consent requirement).

2. Uses of Personal Data

The Company shall collect, use or disclose Personal Data only when necessary, including for the purposes of the Company’s legitimate interests, your consents, and/or other legal grounds applicable. The uses of Personal Data shall be as follows: 

2.1 To Comply with the Company’s Legal Obligations 

The Company shall collect, use or disclose your Personal Data strictly in accordance to the laws and other rules as required by the government agencies and/or regulatory authorities, including but not limited to:

(1) to be compliant with the PDPA;

(2) to be compliant with other laws relating to the Company’s businesses (such as the Child Protection Act, Computer Crimes Act, Cyber Security Act, and other applicable laws); and/or

(3) to be compliant with rules and/or order from the authorized government agencies (such as orders from the court, government agencies, regulatory authority, or competent official).

2.2 To Comply with Agreements made with the Company

The Company shall collect, use or disclose Personal Data as per your request or agreement you made with the Company, including but not limited to the followings:

(1) to comply with your request prior to entering into the agreement with the Company and to consider the products or services, as well as the delivery of products or services to you;

(2) to fulfill the Company’s obligations to provide information, products, and services to you;

(3) to verify or identify your identity following your access to the Company’s products or services;

(4) to monitor or make record of your usage or purchase of the Company’s products or services (such as to make report, summary, tests, or purchase history, etc.);

(5) to provide you all the functionalities and services from the Company, such as the providing you with the services and/or products report via email, or to make contact with your parents and/or guardian, etc;

(6) to update you with the changes or new services and/or products from the Company;

(7) to provide you the access to the Company’s live chat services; and

(8) to provide you the assistance/recommendation and the answer to any questions that you may have regarding the services and/or products of the Company.

2.3 For the Company’s Legitimate Interests

The Company shall use the basis of its legitimate interest for its own and/or other parties’ interests. In this regard, such interests shall not breach the applicable laws or your legal rights, which include but not limited to the followings:

(1) to administrate, operate, manage and protect the Company’s business interests as well as all of our group companies and affiliates (such as to regulate internal business operation, to manage and mitigate risks, to monitor, prevent and investigate corruption or breach of intellectual properties, etc.);

(2) to administrate, manage, adjust and improve the Company’s products and/or services including all the relevant systems to the highest standard for Customers’ needs. This includes but not limited to the analysis, test, research, statistics and/or surveys made to improve the Company’s products and/or services;

(3) to test and ensure the safety and security of the Company’s relevant security systems and technologies;

(4) to administrate and manage all relevant customer relations activities between the Customer and the Company (such as customer care, customer satisfaction survey, customer report/complaint management, etc.); and

(5) to evaluate and understand the effectiveness and efficiency of the advertisement that the Company is presenting to the Customer.

2.4 To Comply with your Consents

In certain cases, the Company may ask for your consent to collect, use or disclose your Personal Data for your greatest benefits and/or to enable the Company to provide the relevant services to you as you require, including but not limited to the followings:

(1) to present and/or advertise the relevant products, services, benefits, promotions, news, or the rights to participate the events organized by the Company, its affiliates, Company Partners, or related third party, as the case maybe. The Company shall make contact to you via a phone call, email, or other communication channels;

(2) in some cases, the Company may need send or transfer your Personal Data to its affiliates residing overseas, or to a recipient that is relevant to the Company’s business operation, such as to send or transfer Personal Data for storage purposes whether on service or clouds located in countries that may or may not have adequate security protection standard (except in case the laws allow us to proceed without your consent); and

(3) in case you are a minor (not over 20 years old), incapacitated person or quasi-incapable that require consent from your parent, legal guardian or conservator (as the case maybe) (except in case the laws allow us to proceed without your consent). 

2.5 To Comply with Other Legal Grounds

In addition to the legal grounds mentioned above, the Company may collect, use or disclose your Personal Data based on other legal grounds such as

(1) to prepare the historical documents or archives for public interest, or for purposes relating to research or statistics;

(2) for the prevention or suppression of a danger to the data subject’s life, body, or health; and

(3) as required for the public’s interest or to comply with the authority’s requests.

In addition, the Company has the rights to collect, use and disclose your Personal Data obtained prior to 1 June 2022 as per the intended purposes. If you do not wish the Company to process with your Personal Data the Company obtained prior to such date, the Customer has the right to revoke the consent provided to the Company at any time.

3. Purposes of Collection, Use or Disclosure of Personal Data

The Company shall collect, use or disclose your Personal Data and Sensitive Personal Data only when necessary. This includes in case where the Company is required by laws, to comply with terms and conditions under an agreement between Customer and the Company, for the Company’s legitimate interests, and/or as per other legal grounds, as the case maybe. In addition, the Company may request for your consents for certain collection, use or disclosure of your Personal Data as per the Appendix 1 attached herewith.

4. Disclosure of Personal Data

The Company may share or disclose your Personal Data to a third party as allowed by your consents or under the terms and conditions of this policies, and/or as allowed by applicable laws. The third party may include the Company’s affiliates, Company Partners, and/or persons or juristic persons that the Company has business relationship with, whether the disclosure is made for business purposes or not. This includes the Company’s executives, employees, staffs, contractors, representatives or consultants, including but not limited to the following persons or organizations:

  1. government agencies and/or regulatory authorities relating to the Company’s businesses;
  2. Company Partners, representatives, or other agencies (such as auditors, data and documents storage provider, Personal Data processor, or digital platform service providers that may have business relationship with Customer or the Company;
  3. in case of rehabilitation, merger, transfer of business whether in whole or in parts, purchase, sales, joint venture, give, transfer or sales of business whether in whole or in parts, assets, shares or other similar transactions, the Company shall be required to disclose your Personal Data to a third party who shall receive the transfer or wish to receive the relevant transfer from the Company;
  4. court, agencies or person that the Company is required to or authorized to disclose Personal Data under the applicable laws, rules or orders;
  5. analyst or search engine providers that work with the Company to develop and improve the Company’s products and/or services;
  6. well regarded social media platform providers, or advertisement agencies with the intent to present the Customers information relating to the products and/or services of the Company. The Company may use Customer’s interest and participation records to present the appropriate advertisement to the Customers. The Company shall not disclose any Personal Data that can be used to identify Customer, and only use the overview records and Customer’s behavior for the analysis purposes with a third party (such as a behavior data from 500 male adults under 30 years old that view online advertisement during certain time period);
  7. other service providers of the Company, including but not limited to (1) internet provider, (2) IT service provider, (3) payment processing and system provider, (4) marketing, advertisement, design, entertainment, communication and related activities service providers, (5) telecommunication providers, (6) data storage and cloud services providers whether local or overseas, (7) printing service providers, (8) lawyers, legal advisor, financial auditor and/or other professionals that assist the Company, (9) document storage and/or destroy service providers; and
  8. attorney-in-fact, sub-attorney-in-fact, agents, or authorized agents legally appointed by the Company. 

In addition, you may enter the Company’s website or online platforms through third party’s log in such as Facebook, Apple or Google without providing any additional information on our online platforms. In this case, you agree to have your Personal Data maintained and stored on such social media or IT platforms, including other information during your usage of such log in on our website or online platforms.

In this regard, the abovementioned third party shall collect, use or disclose your Personal Data in accordance to the consent you provided only.  

5. Transfer or Delivery of Personal Data Overseas

As the Company may have group companies or affiliates overseas, the Company may be required to send or transfer your Personal Data to overseas locations to store and process. In such case, the Company shall use its best effort to send or transfer your Personal Data to a destination country with trustworthy security system as required under the applicable laws, except for the following cases:

(1) the delivery or transfer is required by laws;

(2) the Company has inform the Customers of the inadequate security standard of the destination country and Customers have provided the consent to transfer Personal Data to such destination;

(3) to comply with an agreement made between the Customer and the Company, or the Customer’s request prior to entering into the agreement;

(4) to comply with an agreement made between the Company and other person/juristic person for the Customers’ benefits;

(5) to prevent or reduce the danger against life, body or health of the Customer or other persons during the time that the Customer is unable to provide the consent; and

(6) as required for the public’s interest.

6. Storage and Security of Personal Data

The Company shall use security standard in both the organizational measure and technical measure to appropriately store Customer’s Personal Data safely. For example, the use of password locked access to prevent unauthorized access. Further, all employees, staffs, and contractor of the Company shall be required to keep all Personal Data confidential and must strictly follow all rules and policies regarding data security when there is a collection, use or processing of Customer’s Personal Data.

In case the Company or the Customer has set up a password for the Customer to access the website or online platform, Customer is solely responsible to safekeep and maintain such password confidential to prevent unauthorized access to Customer’s Personal Data.

The Company would like to emphasize that sending or transferring important data online is not 100% safe. Nonetheless, the Company shall use its best effort to safekeep your Personal Data. The Company cannot guarantee the security of Personal Data sent online to the Company and the Customer must be solely responsible for the safety of all data sent online. Any payment made on the Company’s website or online platform shall require your password for security reasons.

7. Personal Data Storage Period

The Company shall store Customer’s Personal Data as long as you are registered as our Customer so that the Company can operate accordingly to this policy and shall retain your Personal Data for the minimum period of 5 years following the cancelation of your registration as the Company’s Customer. Further, the Company may be required to retain your Personal Data for the period as required by applicable laws or statute of limitations. The Company shall delete, destroy or make your Personal Data unidentifiable to you when your Personal Data is no longer required or at the end of the abovementioned time periods.

8. Your Rights 

Customer has the rights to request for certain actions relating to your Personal Data under the PDPA and the terms and conditions as currently applicable or may be changed in the future. In case the Customer’s age is less than 20 years old, or is restricted by laws from completing any action, the Customer may exercise the rights through your parent, legal guardian, or representative.

  1. The right to request access to the Personal Data that we process about you, including the right to obtain information on and copy of such data;
  2. The right to request that we rectify your Personal Data if it is not up to date, inaccurate or incomplete;
  3. The right to request for deletion or destruction or Personal Data, or to make Personal Data to be unidentifiable to you;
  4. The right to request for a suspension to use Personal Data when the Company is in the process of complying with your request to rectify your Personal Data or challenge the completion of your Personal Data or in any cases where you request the Company to stop using your Personal Data instead of deletion or destruction;
  5. The right to object. Customer have the right to object to the collection, use or disclosure of your Personal Data when the Company processes your Personal Data on its legitimate interests or for direct marketing purposes or for scientific, history or statistic researches;
  6. The right to data portability. Customer has the right to receive your Personal Data in a structured, commonly used and machine-readable format, can use or open such Personal Data automatically and to transmit such data to third parties. Customer shall have the rights to request the Company to send or transfer Personal Data to a third party, receive such Personal Data or transfer such data to other data controller directly, except where such action is not possible due to technical reasons.
  7. The right to withdrawal. Customer has the right to withdraw your consent at any time if you have previously consented to us to collect, use or disclose your Personal Data (whether your consent was provided prior to the enforcement date of the PDPA or afterward). The Customer has the rights to withdrawal at any time as long as your Personal Data is stored by the Company in its intended form, except where there is restriction to such rights, or there is a contract that is beneficial to Customer.

In this regard, the withdrawal of Customer’s consents shall not have any impact on the collection, use or disclosure of Personal Data that the Company had already processed based on such consent provided. In certain cases, the withdrawal of your consent may further negatively impact your usage of our products and/or services, such as not receiving any updates, privileges, promotions, news, offers, services or products that suit your needs, or you may no longer able to use our products or services, etc. Therefore, after the Company receives your withdrawal request, the Company shall inform you of the consequences so you can make the decision whether to withdraw the consents.

  1. The right to lodge a complaint with the regulatory authorities relating to Personal Data protection (such as the Personal Data Protection Committee/Office) if you think that any of your rights have been infringed by the Company.

The Company hereby emphasizes that your rights are limited under the applicable laws and there may be certain scenarios that the Company must deny your requests, or unable to comply with your request, such as due to court’s order, or for public’s interests, or the exercise of your rights may infringe or breach other persons’ rights, etc. The Company shall inform you of the reason to deny your request in such scenario.

Any request relating to the abovementioned rights must be made in writing as required by the Company. The Company shall use its best effort to comply with your request or respond to you within 30 days, or any timeframe as required by the applicable laws.

9. Cookie Policies

Upon using products and all services, the Company may activate various cookies in your browser.  Cookies mean small digital files which comprise of letters and numbers collected on browser or hard drive of your computer.  After you provide consent, cookies comprise of information sent to your hard disk.  

Purposes of using cookies are as follows: (1) to activate functions (2) to analyze (3) to collect your information pursuant to favor (4) to provide you with the advertisement based on your behavior. Certain cookies may be activated upon specific use or personal choice. However, some cookies must be activated upon using product and all services as per this Privacy Policy

Reasons to use cookies

  1. Some functions of products and services rely on cookies; for instance, upon activation of cookies, you can access restricted areas on company platform, use basket function, and use electronic payment function.  
  2. Cookies facilitate the Company to recognize visitors’ information and show information pertaining behavior of the visitors upon using Company products and services.  Such information allows the company to develop products and service functions. For instance, it ensures users that they will easily find what they are looking for.       
  3. Cookies facilitate visitors when re visiting platforms of the Company. Such information facilitates the Company to provide appropriate contents specifically for you, greet you with your name, recognize your favorable choice such as Language, and the region that you have chosen).
  4. Cookies recognize your visiting history and pages and links. Such information will create consistency among your interest, Company platform and advertisement. In this regard, the Company may share such information to third party in order to comply with this purpose.           

The Company would like to notify you that the third parties which include advertisement network, service provider who analyze visiting history and etc.)  may use cookies as such. And the Company has no authority to control such usage. Such cookies usually create more consistency among your interest, Company platform and advertisement which lead to development of Company platform.

You can deactivate cookies by using function on your mobile application or on web browser. This allows you to deactivate some or all cookies. However, you may not be able to access some or all company platforms.

10. Marketing Media 

The Company or its partners may send marketing information, advertisement and sell promotion through notification on application, post, phone, SMS, email or other applications (“Marketing Media”) to you, your parent, guardian or its representative. In the event that you apply for membership and/or accept to receive marketing media and other medias for sale promotion of the Company. It is your personal choice to not receive marketing media at any time through channels provided by the Company.  The Company would like to notify you that if you revoke choose not to receive such media, the Company still be able to deliver other messages not related to sale promotion such as receipt and your account information. 

11. Change in Privacy Policy

In the event that the Company revises or changes any provision relating to this Privacy Policy, the Company will publicize onto this webpage. Please, periodically, visit this webpage for your information. And if the Company revise or change the essential part of this Privacy Policy, the company notify such changes immediately.

12. Contact Us

Should you have any inquiry regarding this Privacy Policy, desire to exercise your rights or file any complaints in relation to processing your personal data. Please contact us at:

MISKAWAAN HEALTH GROUP COMPANY LIMITED

Suites D, E & K, 11th Floor Gaysorn Tower, 127 Ratchadamri Road, Lumphini, Pathum Wan, Bangkok 10330

Consent and Signature

By signing the Policy in person at the clinics or the online form by clicking accept to the Policy, you confirm that you have read all the contents, terms and conditions, and the rights of the Customer as specified under this Policy and further confirm your understanding, agreement and provide your consent to the Company to collect, us and disclose your Personal Data and Sensitive Personal Data in accordance with all terms and conditions of this Policy.

Appendix 1

Group

Purposes 

Types of personal data 

Lawful basis

  1.  
  • To proceed as per your request prior to entering into contact with the company.
  • To check your payment history.
  • To verify identity and check right to access. 
  • To evaluate and provide you with information, contents, advice and recommendation to the appropriate products and services. 
  • To conduct quality control over products and services. 
  • To provide you with useful information of products and services such as description of products and services, fees, payment method and others.   
  • To manage and secure company business and products and services which include inspection on violation of terms and conditions. 
  • To perform obligation and create claims under the laws (if any). 
  • To ensure that any transactions relating to merger & acquisition or changes of company structure are in accordance with the laws.  
  • To facilitate you in filling payment application. 

• Identification data of parent (In minor case)

• Any data provided voluntary 

• Financial data and credit card/ debit card data

• Communication recording or any comments 

• Data pertaining products and services usage

• Personal Data which may include the followings (“Identification data”):

  • Name, Last name
  • Date of birth
  • Address
  • Born gender
  • Preferred gender
  • Marital status
  • Citizenship
  • Language
  • Place of residence
  • Profession
  • Phone number
  • Email
  • Line, social medias
  • Preferred contact Chanel
  • Blood type
  • Insurance information
  • Referral
  • Emergency contact
  • Phone 
  • Relation Address
  • Appointment number
  • Comments
  • Evaluations
  • Prescription
  • Treatment
  • Lab test
  • Lab results
  • Promotion
  • Discharge summary
  • Credit card
  • Bank Account Number
  • 2c2p for credit card
  • Appointment / Pro-forma / Invoice/ Receipts
  • Medical records, Physician note, Nurse note
  • 3rd parties information, contract with 3rd parties
  • Consent form for the patients visit and medical consent form
  • Company registration with the name of share holder

•  Legitimate Interest

•  Contract 

•  Legal Obligation

• Consent

 2. 

  • To send notification relating to products and services such as new products and services, news and discount for your benefit.   
  • To inquire your or/and your parent satisfaction on using products and services which includes receive feedback and suggestion.  
  • To conduct research and assessment, develop and improve products and services and the website to be more efficient and correspond with clients’ needs (such as to improve the quality of the products and services).   

• Identification data

• Identification data of parent (In minor case)

• Communication recording or any comments

• Data pertaining products and services usage 

• Social media data

• Technical data

•  Legitimate Interest

• Contract

• Consent

3. 

  • To analyze and conduct survey, inquiry and statistics for products and services development as per clients’ needs and strategize appropriate business plans.  

•  Identification data

•  Any data provided voluntary

•  Communication recording or any comments 

•  Data pertaining products and services usage

•  Social media data

•  Technical data

• Legitimate Interest

• Consent

4. 

  • To notify any changes in relation to terms and condition for products and services and/or this privacy policy 
  • To manage relationship between you and the company (such as tracking registration of membership, provide customer service, satisfaction assessment and manage complaint and disputes and  others).    

•  Identification data

•  Identification data of parent (In minor case)

•  Any data provided voluntary 

•  Social media data

• Legitimate Interest

• Contract

• Consent

5. 

  • To connect your account of company online platform with social media as per your request.
  • To comply with commitment between you and third party such as data transfer to company affiliate for issuing activity certification. In this regard, the third party will collect, use, and disclose your personal data under scope permitted by the company.           

•  Identification data

•  Any data provided voluntary

•  Data pertaining products and services usage

•  Legitimate Interest

• Consent