Bangkok Phuket Hospital Company Limited or Bangkok Hospital Phuket will protect your personal information in accordance with all relevant laws and process regarding your personal information accordingly this privacy policy.

We strictly collect your personal information once you access our website platform or any services available on our authorized applications. Any voluntarily participated personal information are automatically considered you agree to all terms and conditions associated with this Privacy Policy, covering the following details:

Purpose of Data Processing

The Company processes your personal data within the scope prescribed by the Personal Data Protection Act B.E. 2562 (PDPA) and only to the extent necessary for carrying out such operations. The Company has outlined the purposes for which your personal data is processed, along with the corresponding lawful basis for processing, as follows:

Purposes	Categories of Personal Data
1. Purposes of Personal Data Processing 1.1 For the purpose of medical diagnosis and treatment, and the provision of medical services, including the necessity of sharing personal data between affiliated healthcare facilities within the network. To ensure the efficiency of medical services, the medical team—including physicians, nurses, and/or other related personnel—may disclose your personal data to other healthcare facilities within the same network, only when such data exchange is necessary for delivering specific healthcare services. The Company has implemented personal data protection measures and entered into a data sharing agreement with the network healthcare facilities to prevent unlawful or unauthorized processing of your personal data.	– Personally identifiable information – Contact information – Health data – Financial data
1.2 For the purpose of research and analysis to improve the quality of medical care, using de-identified data. The Company may process your personal data for research and analysis purposes aimed at enhancing medical care quality. This will be conducted using aggregated reports that do not reveal any personally identifiable information. The Company is committed to maintaining the confidentiality of your data under strict standards.	– Statistical data
1.3 For the purpose of integrating electronic medical records across the hospital network through an information technology system. Upon obtaining your consent, the Company will input your personal data into a computer system in a networked format to facilitate medical consultations through applications and enable you to manage your health information via digital platforms. To maximize benefits, your medical records may be accessed across affiliated healthcare facilities, allowing you to retrieve personal health data via various electronic devices. For cross-institutional medical record integration through IT networks, under the same data protection standards as per the Personal Data Protection Act B.E. 2562.	– Personally identifiable information – Contact information – Health data
1.4 For the Company’s marketing purposes. The Company may collect, use, and process your personal data to assess your health status and to communicate medical news, send promotional offers, and introduce healthcare products and services, in accordance with the consent you have provided.	– Personally identifiable information – Contact information – Subscription and event participation data
2. Disclosure of Personal Data 2.1 Disclosure of personal data to insurance companies with which you or the Company have a contractual relationship, for the purpose of exercising the right to claim insurance compensation or to reimburse medical expenses. The Company may be required to disclose your personal data to the relevant insurance company in order to fulfill contractual obligations that you or the Company have entered into with said insurer. This is done to facilitate the processing of insurance claims or medical expense reimbursements. The Company shall not disclose your personal data to any unrelated third party.	– Personally identifiable information – Contact information – Health data
2.2 Disclosure of Personal Data to Referring Entities or Payers upon Your Consent In cases where a government agency, private entity, or state enterprise refers you to the Company for medical treatment or acts as the payer for your medical services, the Company may disclose your medical treatment information—classified as sensitive personal data—to such entities only if you have explicitly consented to the disclosure of your personal data to them. If you do not provide such consent, the Company will deliver your medical results directly to you.	– Personally identifiable information – Contact information – Health data

Personal Information Collection

Bangkok Hospital Phuket will collect your personal information we consider necessary for us that you have voluntarily provided by interacting with us through our services, including, but not limited to, enrollments, questionings, medical appointments, telemedicine, online consulting service, and online transactions.

You may choose not to submit your personal information to us, but this can result in us not being able to provide certain information, and/or services to you.

Purposes of Personal Information Processing

Bangkok Hospital Phuket may use or process your personal information as necessary to contact or provide services to you, including to inform you of details regarding subscription services, to achieve the research or statistics, and to further develop and improve our services.

Personal Information Disclosure

Bangkok Hospital Phuket may disclose your personal information gathered by us to third parties in the following circumstances:

1. We reserve the right to disclose or transfer your personal information to certain third parties involved in providing services to you, including insurance companies, online payment service providers, and other companies associated with the services of Bangkok Hospital Phuket.
2. We may also use third-party partners for internal analysis to manipulate data, improve to either user experiences on any of our authorized platforms and/or capabilities of marketing. In this connection, therefore, the third-party organization may have access to the necessary information in line with related-regulations concerning the protection of personal information.
3. We may transfer or share your personal information to other person’s legitimate interest or for the purposed of the public interests, including to prevent fraud/data breaches/cyber-attacks and judicial proceeding.

Links to Third-Party Sites

Our websites may contain links that are connected with other websites if you visit such websites. This privacy policy does not cover and we will not be responsible for any loss or damages to your personal information arising from the actions performed that break the privacy practices of such websites.

Period of Information Retention

1. The Company complies with the medical record retention period as stipulated by the Private Hospital Act B.E. 2541 (1998) and its latest amendments. Accordingly, the Company will retain medical records for a minimum of 5 years and no longer than 10 years from the date of the patient’s last medical service. Upon the expiration of the 10-year period, the Company will permanently destroy the original records, copies, and any electronic medical records.
2. In the event that the Company is required to comply with legal obligations, court orders, or establish legal claims in connection with dispute resolution processes, the Company may retain personal data for the duration of the statutory limitation period applicable under relevant laws, or until the legal matter is fully resolved, whichever period is longer.

Security Measures for the Retention and Processing of Personal Data

1. The Company shall retain and manage personal data using security measures that comply with, or exceed, the minimum standards prescribed by law. These measures include the use of appropriate systems to prevent unauthorized access and ensure data security, such as Secure Sockets Layer (SSL) protocols, firewalls, password protection, and other technical safeguards for encrypting data transmitted over the Internet. Physical records are stored in secure locations with restricted access to authorized personnel only.
2. Access to personal data is restricted to authorized employees, agents, business partners, or external parties. Third-party access to personal data shall be limited to what is necessary, as defined by contractual obligations or legal instructions. All such parties are required to maintain the confidentiality and protection of the personal data they access.
3. The Company employs technological methods to prevent unauthorized access to its computer systems.
4. The Company has monitoring systems in place to securely delete or destroy personal data that is no longer necessary for its operations.
5. For sensitive personal data, the Company adopts enhanced security measures for both physical and electronic data, including strict access controls, usage control systems, data backup protocols, emergency response plans, and routine risk assessments to maintain system integrity and security.

Cross-Border Transfer of Personal Data

1. In certain circumstances, the Company may need to transfer your personal data to a foreign country. Such a transfer will be carried out only after informing you of the purpose of the transfer and obtaining your explicit consent. The Company will also notify you in cases where the destination country may not have adequate personal data protection standards.
2. The Company may transfer your personal data without obtaining your consent if the transfer is necessary:
   • for the performance of a contract to which you are a party;
   • to take steps at your request prior to entering into a contract; or
   • in accordance with the provisions of the Personal Data Protection Act B.E. 2562 (2019).

Individual Rights Under Our Privacy Policy

You reserve the right to request for verifying copies of original documents, and correcting or completing your inaccurate/incomplete personal information. Also, you have all other rights enforced by the data privacy law, if you desire to deploy these rights, the request for access must be submitted and be sent via the following channels:

To Contact Us

The request for access to your rights enforced by the data privacy law must be done in writing and be submitted with a copy of your identification. The attached document can be sent or mailed to the following address:

Bangkok Hospital Phuket
2/1 Hongyok Uthit Road Talat Yai Subdistrict, Mueang District, Phuket Province 83000, Thailand
If you have any questions or suggestions regarding our Privacy Policy. Please contact us at
E-mail: [email protected]
Phone Number 076 254 425 or 076 361 000

Changes in Privacy Policy

We may revise and update this Privacy Policy from time to time without prior notice in order to act relating to changes in current circumstances, suggestions, and law. This shall be deemed that any user who continues to access our platform hereby agree implicitly to abide by such change. Therefore, we suggest you read our latest terms and conditions every time you visit our website platform or any services available on our authorized applications.

This Privacy Policy is effective on 17 December 2024