Valor Clinic
Valor Clinic (referred to as the “clinic”), safeguarding your personal information as a visitor seeking examination, treatment, and medical services is our paramount commitment. This encompasses all the services provided by the clinic. We assure you that your personal information will be meticulously protected in accordance with the provisions of the Personal Data Protection Act B.E. 2562. We hereby inform you about the reasons and methods of collecting, using, or disclosing personal data through this document. Additionally, we clarify your rights concerning the ownership of personal data.
1. Definitions
In this policy, certain words or phrases are defined as follows:
1.1 Personal Data: Refers to information about an individual that can lead to their direct or indirect identification, excluding information pertaining to deceased individuals.
1.2 Sensitive Personal Data: Encompasses personal information regarding race, ethnicity, political opinions, philosophical or religious beliefs, sexual behavior, criminal record, health status, disabilities, union membership, genetic and biological data (such as facial model data, iris simulation data, fingerprint simulated data), or any other data influencing the subject’s personal data, akin to the Personal Data Protection Committee Announcement.
1.3 Data Owner: Denotes an individual directly or indirectly identifiable through personal data.
1.4 Processing: Encompasses the collection, use, and/or disclosure of the personal data owned by the individual.
1.5 Website: Refers to the website owned or provided by Valor Clinic.
1.6 Controller of Personal Data: Signifies an individual or legal entity authorized to make decisions regarding the collection, use, or disclosure of personal data.
1.7 Personal Data Processors: Designates individuals or legal entities operating in compliance with the instructions of or on behalf of the data controller, related to the collection, use, or disclosure of personal data.
2. Collection of Personal Information
The personal data collected by the clinic falls into the following categories:
2.1 Identity Information: This includes details such as name, surname, facial photograph, gender, date of birth, age, religion, nationality, passport and ID card numbers, or any other identifying number.
2.2 Contact Information: Comprises address, phone number, email, etc.
2.3 Financial Information: Involves billing information, credit or debit card details, receipt information, and clinic account particulars.
2.4 Service Access Information: This pertains to medical appointment information, personal information about relatives, preferences for rooms, meals, and additional services.
2.5 Data from Website Visits: Encompasses computer traffic data (logs), IP addresses, geographic location data through location technology, the type of browsing software used (browser), log information for website access and exit, website statistics, access times, information searched or visited, social media usage, various website functions usage, as well as information collected by the clinic through cookies or similar technologies.
2.6 Health Information: This covers medical information, reports on physical and mental health, clients’ health care, laboratory test results, diagnoses, diagnosed disease names, drug usage and allergies, food allergy history, blood and laboratory results, pathological biopsy outcomes, radiographic photographs, radiographic examination reports, prescribed medication lists, and other essential medical service-related data.
3. Sources of Personal Data
3.1 Direct Submission: The clinic receives personal information directly from you, when you use services, provide information via the clinic’s website, make inquiries, or register for medical services and clinic services in person, including electronic registration.
3.2 Third-Party Sources: The clinic may obtain personal data from third parties, including close acquaintances like relatives, spouses, authorized individuals acting on your behalf, as well as other clinics with your consent to disclose personal data. Additionally, personal data may come from individuals, legal entities, government bodies, private sectors, and state enterprises referring you for treatment and clinic services or paying service fees on your behalf.
4. Objectives of Collection, Use, and Disclosure of Personal Data
The clinic’s collection, use, and/or disclosure of your personal data are governed by the following legal criteria or bases:
4.1 Medical Examination and Services: The clinic records and employs your personal data for medical examinations and services. Doctors, nurses, and clinic personnel utilize your personal information to consult with healthcare professionals, including capturing both still and moving images. This aids in assessing your readiness for special diagnostic tests, monitoring treatment progress, and adhering to relevant professional principles throughout your service period. The clinic ensures that comprehensive information is provided before proceeding, and encourages you to ask questions until you are satisfied.
4.2 Quality Improvement and Analytical Studies: Personal information, including sensitive data like health check results, laboratory outcomes, or radiological findings, may be utilized in analytical studies aimed at enhancing the quality of medical care. This assists in developing and refining service protocols, creating a comprehensive clinic database for treatment history review, and retrospective treatment history requests. The clinic and its staff are dedicated to maintaining the utmost confidentiality of your information.
4.3 Communication and Service Delivery: The clinic may communicate its services via various channels, such as telephone, text messages, email, or postal services. This includes reminders for medical appointments, sharing news, and recommending clinic services.
4.4 Financial and Accounting Purposes: Personal data is collected for accounting and financial purposes, encompassing the compilation of payment documentation from service recipients. These records serve as financial evidence and accounting documentation, aiding in tasks like credit card payment verification.
4.5 Insurance and Third-Party Claims: For insurance claims or compensation requests from third parties, the clinic may need to disclose your personal information to relevant insurance companies or authorized entities. This disclosure is essential for contract performance, reimbursement, and the fulfillment of compensation rights.
4.6 Security Measures: The clinic may employ CCTV surveillance in its premises to prevent improper or illegal acts, ensuring the safety of building users and protecting clinic facilities.
4.7 Legal Compliance: The clinic may disclose personal data to comply with applicable laws, regulations, or governmental requests. This could involve being a documentary witness, responding to legal orders, or fulfilling legitimate requests.
Apart from the aforementioned objectives, the clinic will not utilize your personal information for purposes other than those permitted by the Personal Data Protection Act B.E. 2562. These include instances where:
1. You provide consent (Section 24), including explicit consent for sensitive personal data (Section 26).
2. Research or statistical purposes are pursued with adequate protection measures for personal data subjects (Section 24 (1)).
3. Protection of life, body, or health necessitates data usage (Section 24 (2)).
4. Contractual obligations between the clinic and you are fulfilled (Section 24 (3)).
5. Public interest missions are carried out (Section 24 (4)).
6. Legitimate interests are upheld within reasonable bounds (Section 24 (5)).
7. Legal compliance is required (Section 24 (6)).
8. Sensitive personal data is used to prevent harm to life, body, or health when consent is unavailable (Section 26 (1)).
9. Legal claims are established (Section 26 (4)).
10. Public health benefits or social protection are pursued, with due measures for personal data rights (Section 26 (5) (b)).
11. Compliance with labor protection, medical welfare, or social security laws is necessary (Section 26 (5) (c)).
5. Disclosure of Personal Information
The clinic discloses your personal information to relevant parties for the above-stated purposes:
5.1 Government Agencies and Regulators: Authorized entities as per the law, including government agencies, regulatory bodies, and officials exercising legal authority, such as the Revenue Department, Personal Data Protection Commission, National Police Agency, and forensic institutes.
5.2 Insurance Companies and Claim Management Providers: Entities involved in insurance claims or managing such claims.
5.3 Referral Clinics: Clinics referred to by the clinic.
5.4 Treatment Sponsors: Individuals arranging your treatment, availing clinic services on your behalf, or making payments for your services.
5.5 Service Providers: Personal data processors assigned by the clinic to manage or process data, encompassing laboratory service providers, security service providers, IT services, and other relevant service providers beneficial to you.
5.6 Consent-based Disclosure: Any other party or entity to which you have granted consent for disclosing your personal data.
6. Period of Retention of Personal Data
6.1 The clinic adheres to the medical record retention standards stipulated by the Sanatorium Act B.E. 2541, as well as any subsequent amendments. Medical records, both in their original and electronic forms, will be retained for a specified period. The original medical records will be kept for a maximum of 5 years, while electronic medical records will be retained for up to 15 years from the date of the last medical treatment. Following the conclusion of these periods, the original medical records, copies, and electronic formats will be securely discarded.
6.2 In situations where the clinic is legally obliged to comply with court orders, engage in legal claims, or be involved in dispute resolution processes, personal data may be retained for the duration of the relevant statutory limitation period.
Upon the expiration of the retention period for personal data, the clinic will undertake necessary actions to either delete, destroy, or anonymize the personal information, rendering it non-personally identifiable.
7. Measures for Retention and Processing of Personal Data
The clinic places paramount importance on upholding the security of your personal information. To this end, the clinic employs comprehensive security measures to safeguard personal data from loss, unauthorized access, unlawful usage, destruction, alteration, or disclosure. These measures align with the clinic’s information technology security policy and guidelines.
The security measures for personal data encompass administrative, technical, and physical safeguards to control access to, manage, and process personal data. These actions include, but are not limited to:
1. Access Control: Stringently managing access to personal data and the devices used for storing and processing it. This involves ensuring that access is granted only to authorized personnel and is upheld in a secure manner.
2. Permission Determination: Establishing clear permissions and access rights to personal data, thus ensuring that only authorized individuals can access specific data.
3. User Access Management: Implementing robust user access management practices to restrict personal data access solely to those with proper authorization.
4. Duty and Responsibility Definition: Clearly outlining the duties and responsibilities of users to prevent unauthorized access, disclosure, duplication, or theft of personal information, as well as unauthorized handling of equipment used for data storage or processing.
5. Data Management Methods: Providing mechanisms for retrospective access, modification, deletion, or transfer of personal data, in accordance with the methods and mediums utilized for data collection, use, and disclosure.
These measures collectively contribute to maintaining the confidentiality, integrity, and availability of personal data in alignment with the clinic’s commitment to data security.
8. Links to Third Party Websites
The clinic’s website might include links to third-party websites where these third parties may gather information about your usage of their services. The clinic, however, cannot be held accountable for the security or privacy of any information collected by such third-party websites. It’s advised that you exercise caution and review the privacy policies of these third-party websites, products, and services.
9. Sending or Transferring Personal Data Abroad
The clinic might send or transfer the collected, used, and/or disclosed personal information abroad for various reasons, such as contractual compliance, normal business operations, or the designated purpose of processing personal data. In such cases, the receiving country or international organization must maintain data protection standards that adequately safeguard personal information, as specified by legal requirements.
10. Rights of Data Subjects
As a data subject, you hold certain rights that the clinic respects within the boundaries allowed by law:
10.1 You possess the right to be informed about your personal data under the clinic’s responsibility, and you can request a copy of it. You can also seek disclosure regarding how the data was acquired, even without your consent.
10.2 You are entitled to request the clinic to rectify any inaccuracies, outdated information, incompleteness, or misleading aspects in your personal data.
10.3 You retain the right to withdraw your consent for the clinic to collect, use, and/or disclose your personal data at any time. However, this withdrawal might be limited by legal or contractual obligations that persist.
10.4 You have the right to receive your personal data in a readable format, which can be used with automated tools or devices. Additionally, you can request the clinic to send this data in such a format to another data controller if technically feasible.
10.5 You can object to the processing of your personal data in line with your legal rights.
10.6 You can request the clinic to delete, destroy, or anonymize your personal data under specific circumstances.
10.7 You possess the right to ask the clinic to suspend the use of your personal data in alignment with your granted legal rights.
10.8 You have the right to file a complaint with the expert committee designated by the Personal Data Protection Law in the event that the clinic, its employees, contractors, or any related parties violate or fail to comply with the Personal Data Protection Act B.E. 2562 or its associated announcements.
However, the clinic retains the right to assess and address requests to exercise these rights within the framework of the Personal Data Protection Law. To proceed with exercising these rights, you can contact the clinic directly at:
Valor Clinic
No. 2/22 Iyara Tower, 10th Floor, Chan Road, Thung Wat Don,
Sathorn, Bangkok 10120
Call: 02-287-4924
11. Changes to Privacy Policy
The clinic maintains the prerogative to modify the privacy policy. You will be duly notified of any such changes. Additionally, the clinic might apprise you of further privacy-related details, such as new collection purposes that fall outside this policy, etc. The clinic could also undertake periodic reviews and updates of the privacy policy to better safeguard personal information. You will be informed whenever such changes occur.
12. Contact Channels
If you intend to get in touch, have inquiries, or seek information regarding the processing of personal data and your rights as the data owner in accordance with this policy, or if you suspect any unlawful usage of your personal information, you can contact the clinic using the following contact details:
Valor Clinic
No. 2/22 Iyara Tower, 10th Floor, Chan Road, Thung Wat Don,
Sathorn, Bangkok 10120
Call: 02-287-4924
Announced on January 28, 2023
Valor Clinic Executive Director