Search
Popular Keywords
Diabeat THB Health Check
Recommended Services
Find Doctors
Find Doctors
Appointments
Appointments
Packages
Packages
Contact Us
Contact Us
Hotline Call
02-220-3899

Terms of Service

Privacy Policy

Thonburi Bamrungmuang Hospital Co., Ltd. and its affiliated companies (hereinafter referred to as the “Hospital”) are internationally accredited hospitals, offering a wide range of specialized medical services. The Hospital provides the platform, website services to facilitate website visitors and patients. This privacy policy covers the website “www.thonburibamrungmuang.com” (hereinafter referred to as the “Website”).

The Hospital places great importance on protecting personal data and respecting the privacy rights of website users (hereinafter referred to as “Users” or “you”). As the personal data controller under the Personal Data Protection Act B.E. 2562 (“PDPA”), the Hospital has issued this privacy policy (“Policy”) to inform you about the collection, use, disclosure, and/or transfer (collectively referred to as “Processing”) of your personal data to relevant third parties. Any processing of your personal data by the Hospital will ensure security and prevent unauthorized use beyond the purposes specified in this Policy.

1. Definitions

“Personal Data” means information about you that identifies or can identify you, which the Hospital collects as described in this Policy.

“Sensitive Personal Data” means personal data defined as sensitive under the PDPA, which the Hospital may collect, use, disclose, and/or transfer only with your explicit consent. Examples include race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disabilities, labor union information, genetic data, biometric data, or any other information affecting the data subject similarly.

2. Personal Data Collected by the Hospital

The Hospital collects, uses, discloses, and/or transfers your personal data, including but not limited to the following categories:

2.1 General Personal Data

1) Identification data such as title, first name, middle name, last name, date of birth, gender, nationality, photograph, country of residence, hospital number, ID card number, and passport number.

2) Contact information such as address, mobile phone number, home phone number, and email address.

3) Financial information such as bank account, credit card, or debit card details.

4) Account login information, including username and personal data from social media accounts that you choose to share with the Hospital, such as email or phone number.

5) Automatically collected data when using services, including access time, device ID, unique identifier, IP address, MAC address, usage history, preferences, language settings, device name and model, location, timezone, network provider, operating system, and duration of system access.

2.2 Sensitive Personal Data

Information related to patient treatment and health services, which may include sensitive personal data such as health information, medical conditions, disabilities, medication use or allergies, medical reports, laboratory test results, diagnostic information, photographs, and videos used for service purposes.

3. Sources of Personal Data

The Hospital collects personal data primarily from the following sources:

3.1 Account registration via the Hospital’s website or application

1) Data you provide directly to access services, including forms submitted via the Hospital’s website, social media, or telephone, such as appointment forms, inquiry forms, purchase forms, or subscription forms.

2) Data obtained when you register and log in using third-party platforms such as Google, email, or phone. These platforms verify your identity and may share certain personal data with the Hospital upon your consent, including name, email, and social media account information.

Additionally, the Hospital may receive your personal data from family members, authorized representatives, or third parties assigned by you, as well as referrals from affiliated companies, agents, or partners.

4. Purpose of Collecting and Using Personal Data

The Hospital processes your personal data for the following purposes:

4.1 To fulfill contractual obligations or pre-contractual requests, including:

1) Considering registration for creating an account on the website.

2) Verifying your identity for account registration.

3) Registering new patients in the Hospital’s information system.

4) Managing service registration and contacting you via online platforms, including booking appointments, registration, telemedicine, etc.

5) Allowing you to purchase products and services online, such as vouchers for health programs or medical services.

6) Processing payments for products and services.

7) Estimating medical service fees, including consultation fees.

4.2 To comply with legal obligations, including:

1) Compliance with laws regarding medical diagnosis, healthcare services, medical treatment, professional ethics, health management, insurance, and legal entitlements.

2) Submitting data to government agencies as required by law.

3) Compliance with court orders or regulatory authorities.

4) Paying legal fees as required.

4.3 For legitimate interests of the Hospital, including:

1) Facilitating your access to the website.

2) Providing access to services reserved for registered members.

3) Managing bookings and appointments with doctors.

4) Sending appointment reminders or assistance notifications.

5) Responding to inquiries, complaints, or service requests.

6) Addressing complaints or feedback for service improvement.

7) Monitoring service usage for quality enhancement.

8) Improving service efficiency and user convenience across systems.

9) Disclosing personal data for investigations or legal compliance.

10) Using personal data for internal audits.

4.4 For legal claims, such as billing, issuing invoices, collecting payments, and receipts.

4.5 Based on consent, including:

1) Sending news, updates, promotions, or invitations to activities via provided contact channels.

5. Disclosure of Personal Data

The Hospital will not disclose your personal data to external parties for purposes not stated in this Policy unless you provide consent. However, data may be transferred internationally to agents or partners for service purposes. The Hospital ensures privacy protection through appropriate security measures.

Personal data may be shared with affiliated companies, partners, insurers, financial institutions, attending physicians, specialists, clinics, pharmaceutical companies, embassies, travel service providers, customer service providers, marketing and communication providers, IT and cloud service providers, hotels, transport providers, document storage providers, debt collection, legal and accounting providers, auditors, internal inspectors, family, relatives, and other necessary parties to achieve the purposes stated in this Policy.

Disclosure may also be required to comply with laws, court orders, regulatory authorities, embassies, or immigration, including sharing data for fraud prevention without requiring consent.

6. Personal Data of Minors or Incapacitated Persons

For minors or incapacitated persons, consent must be provided by parents, guardians, or authorized representatives unless the law permits otherwise. Legal representatives can exercise rights on behalf of the data subject.

7. Cookies

The Hospital may use cookies to automatically collect personal data, including language preference, favorites, usage data, and settings. You can disable cookies via your browser settings, but this may affect website usability.

8. Data Retention and Security Measures

8.1 Personal data is retained only as necessary to achieve the stated purposes and comply with contracts, accounting standards, legal statutes, and regulatory obligations.

8.2 Systems are in place to delete or destroy personal data once retention periods expire or data becomes unnecessary.

8.3 Security measures are implemented to protect data stored in documents, electronic systems, or computer tools according to international standards.

8.4 Access is limited, and technologies are used to prevent unauthorized attacks or access, including third-party processing under Hospital supervision.

9. Rights of Users as Data Subjects

9.1 Under PDPA, you have rights to:

1) Access or receive a copy of your personal data.

2) Data portability to another party.

3) Object to processing.

4) Request deletion or anonymization.

5) Suspend use of personal data.

6) Withdraw consent at any time.

7) File complaints with regulatory authorities.

9.2 The Hospital ensures accurate and up-to-date personal data and allows correction requests.

9.3 Rights are subject to legal limitations, and refusals will be recorded with reasons.

9.5 Requests can be made via the Hospital’s contact channels, with responses provided within 30 days.

10. Notification and Location Settings

The Hospital may send notifications to your device, which you can disable anytime via device settings.

11. External Links

Some services may link to third-party apps or websites, which are governed by their own privacy policies. The Hospital is not responsible for third-party compliance.

12. Policy Updates

The Hospital may review and update this Policy to comply with practices, laws, regulations, and will notify Users of changes. Continued use constitutes acceptance of updates.