Privacy Policy for Patient Data

Medinthailand.com ("we", "us") helps patients to set up their medical care int Thailand, which in many cases requires handling personal data.

We are aware of the importance of protecting the personal data of patients, contacts, emergency contacts, and others who involved ("you"). This Privacy Notice ("Notice") informs you of the protection of your personal data ("Personal Data") that is collected, used, disclosed and/or transferred ("processed") to any other relevant persons by our team.

We ensure that the processing of your personal data will be secured by security protection measures of our standard. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.

1. Definitions

"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by us as specified in this Notice.

"Sensitive Data" refers to personal data classified as sensitive data under the PDPA that we are permitted to collect, use, disclose, and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, bio-metric data, and other data that affect you in the same manner.

2. Personal Data Collected by Us

2.1 General Personal Data

We will collect, use, disclose and/or transfer your Personal Data which includes, but is not limited to, the following:

  • Personal information, e.g., title, rank, position, first name, middle name, last name, age, date of birth, gender, photograph, nationality, country of residence, national ID card number, passport number, signature, and marital status.

  • Contact information, e.g., address, mobile phone number, home phone number, and email address.

  • Service information, e.g., record of doctor’s appointments, room requirements and other additional services.

  • Information appearing on legal documents, e.g., national ID card, passport, house registration, driver's license, government official identification card, certificate of name/surname change, marriage certificate, divorce certificate, and birth certificate.

  • Contact information and emergency contact information, e.g., first name, middle name, last name, relationship with patients, and mobile phone number.

  • Information about the person who has the authority to act on your behalf (legal representative, guardian, and curator), e.g., name, surname, and national ID card.

  • Information from our websites such as IP address, cookies, online doctor appointment, and online doctor consultation.

2.2 Sensitive Data

The Sensitive Data that we will collect, use, disclose and/or transfer, e.g., information concerning religion, health, disabilities, genetic or bio-metric data, health history, record of medication/food allergy, treatment result, physical examination result, laboratory result, diagnosis result, medical record, medical certificate, surgical record, radio graph imaging, blood type, picture/audio/animation from medical/surgery/operation procedures.
 
We will inform you to conceal Sensitive Data that appears on an identification card such as religion and blood type (if any). If you did not conceal such data, we will conceal those data on your behalf. In case that the data cannot be concealed due to technical limitation, we will keep such data as a part of your identification documents only.

3. Source of Your Personal Data

We may collect Personal Data you voluntarily release to us, whether through our service request forms, social media accounts, phone calls, or other forms filled out through our websites and applications such as appointment forms, inquiry forms, or news subscription forms.
 
We may receive your Personal Data from other sources, e.g., your family members or intimate persons, any other third party assigned by you to disclose your Personal Data, and hospitals, affiliated companies, representatives, or alliances.

4. Purposes and Legal Bases

We will process your personal data based on legal bases as provided below:

4.1 Contractual Basis

We rely on contractual basis to process your Personal Data in order to, for instance,

  • review your various application requests before entering into a contract;

  • communicate for the purchase of products and/or services;

  • perform contractual obligations;

  • deliver products or services.

4.2 Legitimate Interest  

We rely on legitimate interest to process your personal data in order to, for instance,

  • verify your identity;

  • send medical appointment reminders;

  • collect contact information for future inquiries in case an emergency arises and the patient is unable to provide their own information;

  • provide or deliver services as requested;

  • monitor and review the performance of a contractual obligation;

  • provide post-sales services;

  • manage customer relationship;

  • send and follow up a questionnaire to assess customers’ service satisfaction;

  • verify and confirm your identity before entering into transactions or contracts;

  • investigate or verify facts;

Your Personal Data may be disclosed to lawyers, legal and tax consultants, external auditors, internal auditors, financial auditors, and any other consultants involved in the process of completing the purposes specified above.

4.3 Legal Obligations

We rely on legal obligations to process your Personal Data in order to comply with the laws related to medical service providers, for instance, new patient registration, doctor’s appointment, medical services, diagnosis, medical treatment, patient examination, preliminary physical examination, collection and use of contact person’s information to approve of or deny the request for medical treatment, medical benefit claim, and ethical and professional compliance.

4.4 Other Legal Obligations

We rely on other legal obligations to process your personal data in order to, for instance, collect Personal Data as required by law, disclose or submit Personal Data to government agencies as required by law, and comply with applicable laws, regulations, orders of competent authorities, and court orders.

4.5 Vital Interests

We rely on vital interests to process your personal data in order to prevent and suppress danger to life, body, or health, for instance, emergency contact.

4.6 Data Analysis

In the event that you have given your explicit consent, we will process your Personal Data to perform data analysis regarding purchased products and/or services for sending news, advertisements, notifications, promotions, campaigns or invitations to other activities that might benefit you or match your interest via channels you have given.

4.7 Legal Obligations (Sensitive Data)

We rely on legal obligations to process your Sensitive Data in order to achieve the objectives relating to preventive or occupational medicine, medical diagnosis, health or social services, medical treatments, and health management, for instance:

  • Diagnosis and medical treatment;

  • Compliance with ethics and professional ethics.

4.8 Public Health Purposes (Sensitive Data)

We rely on public health purposes such as processing of your health data for purposes of healthcare service quality improvement, contagion control and prevention.

4.9 Vital Interest (Sensitive Data)

We rely on vital interests to process your Sensitive Data in order to prevent and suppress dangers to life, body, or health such as emergency contact.

4.10 Organizational Purpose (Sensitive Data)

In the event that you have given your explicit consent, we will process your Sensitive Data for the purposes set forth in each of the following consent:

  • Use of a copy of your national ID card that contains Sensitive Data such as religion and blood type to verify your identity;

  • Disclosure of your health data to hospitals or medical facilities for the purpose of patient referral that is not emergency case;

  • Disclosure of your health data and medical certificate to insurance company to claim your health insurance benefit;

  • Disclosure of your health data to insurance company as requested by you or the insurer for the purpose of entering into an insurance agreement;

  • Disclosure of your health data to third parties such as your family members, relatives, dependents, or intimate persons upon their request;

  • Disclosure of your health data, medical certificate and health record to the airline for Fit for Air Travel;

  • Disclosure of your health data to our business partners for purposes of developing medical products and services;

  • Perform data analysis regarding purchased products and/or services including your health data for sending news, advertisements, notifications, promotions, campaigns or invitations to our activities that might benefit you or match your interest via channels you have given.

5. Disclosure of Your Personal Data

We will not disclose your Personal Data for purpose other than purposes specified herein, unless having been consented to do so.
 
Personal Data that you have provided to us may be transferred outside Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
 
We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g.,  hospitals, insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of drugs and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are alliance with us, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers, and internal organizations such as Bureau Veritas, Joint Commission International (JCI), and Healthcare Accreditation Institute (Public Organization)(HAI). We may proceed any other actions to complete the purposes specified in this Notice in order to benefit our services.
 
We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
 
Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as embassy, the Immigration Office, or to relevant agencies in order to verify your Personal data to prevent fraud or corruption, we reserve the right to do so without your prior consent.

6. Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons

Where we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them.
 
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
 
If you become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, you can exercise your rights as the legal representative under the PDPA.

7. Retention Periods & Security Protection Measures

7.1 We will retain your Personal Data for as long as it is necessary to fulfill the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law. 

7.2 We have an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for the purpose of collecting specified by this Notice. 

7.3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means to ensure that your Personal Data is protected with secured and trustworthy security protection measures of international standard against loss, and unauthorized or unlawful access, use, change, modification, and disclosure. 

7.4 We have limited access of your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your personal data by data processors or other third parties will take place under appropriate monitoring. 

8. Data Subject’s Right

8.1 Your Rights

Under the PDPA, you, as the Data Subject, are entitled to: 

  1. ) Request access to, or copies of, your Personal Data collected, used and disclosed by us.

  2. ) Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (we reserve the right to charge you a fee, the amount of which is at our discretion).

  3. ) Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.

  4. ) Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.

  5. ) Sequester your Personal Data from further use by any method unless the law provides otherwise.  

  6. ) Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.

  7. ) File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA. 

  8. ) We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.

8.2 Legal Limitations

The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the personal data processing record as required by law. 

8.3 Contact Information

To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason, accordingly.

Amendment

We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. If such changes occur, we will inform you of the amended, adjusted, or modified content in the designated channel as soon as it becomes effective. New Notice will only apply to you upon your use of service after the revision.

Contact Us

Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our Notice, you can contact us via the following channels:
 
Email: info@medinthailand.com
Website: https://medinthailand.com

1
Prices and currency conversions are estimated and might not be up-to-date. Please contact us for a quote to receive an updated price.

Stay up to date!

Sign up to our newsletter and receive news and updates about great medical treatments in Thailand.

Please check your inbox for the confirmation message.