Privacy Notice
Privacy Policy of Bangkok Chain Hospital Public Company Limited and Its Affiliates
Bangkok Chain Hospital Public Company Limited and its affiliates, which operate the following hospital groups:
- World Medical Hospital Group,
- Kasemrad International Hospital Group,
- Kasemrad Hospital Group, and
- Karunvej Hospital Group,
as well as multi-clinic and other business services (hereinafter referred to as the “Company Group”), recognize the importance of personal data provided by you. Therefore, the Company Group has established this Privacy Policy to inform you of the methods, rights, and purposes of collecting, using, and disclosing your personal data, ensuring that your personal data is processed in accordance with the purposes and in compliance with the Personal Data Protection Act B.E. 2562 (“PDPA”).
1. Types of Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person, whether directly or indirectly, excluding deceased persons or any personal data specified by the PDPA. The Company Group may collect and use your personal data as follows:
- Identifiable Information: Name, surname, nickname, gender, age, date of birth, nationality, photograph, video records, ID card or passport number, marital status, position, company/organization name, vehicle registration, and information of related persons (e.g., family members), or similar identifiable information.
- Sensitive Personal Data: Facial structure records, fingerprint records, health examination results, race, health information, genetic information, biometric data, and criminal records.
- Contact Information: Address, phone number, email, Line ID/Facebook Account, or similar contact details.
- Membership Information: Membership number, type, and membership start/end dates.
- Employee Information: Position, salary or other compensation, employment benefits, expense claims, attendance records, performance evaluations, complaints, investigations, and disciplinary actions.
- Financial Information: Investment data in the Company Group, bank account number and type, compensation, tax-related information, deductions or expenses, and transactional details with the Company Group.
- Preferences and Interests: Satisfaction/opinions on the Company Group’s products and/or services.
- Qualifications: Educational history, work experience, skills, expertise, professional licenses, medical licenses, and other similar qualification information.
- Security Information: CCTV footage or other data used for the security of the Company Group.
- Information Technology Data: IP address, cookies, and other similar IT-related data.
For personal data collected before June 1, 2022, the Company Group will process such data in accordance with the PDPA. If you do not wish the Company Group to continue collecting and using your personal data, you may withdraw your consent at any time by contacting the Company Group or the Data Protection Officer (DPO) as described in Section 11.
2. Collection of Personal Data
The Company Group may collect personal data from you directly or via other channels, including:
- Website Usage: Personal data may be collected when you use the Company Group’s websites or applications through cookies or similar technologies, or when you access the Company Group’s internet services.
- Related Persons: Personal data may be collected from your coordinators, secretaries, contacts, representatives, family members, referees, or colleagues.
- Companies/Organizations: Personal data may be collected from companies/organizations related to you, such as your employer, business partners, or service providers affiliated with the Company Group.
- Public Sources: Personal data may be collected from public sources, including government agencies, state enterprises, regulatory authorities, public websites, or social media.
3. Retention of Personal Data
The Company Group will retain your personal data only as long as necessary to achieve the purposes stated in this Privacy Policy. Data retention periods shall follow the Company Group’s internal policies and applicable laws.
The Company Group may retain personal data as long as:
- permitted by the PDPA and/or other applicable laws;
- a legal relationship exists between you and the Company Group;
- legally obligated to retain the data;
- consent has been given by you; and/or
- necessary under the law to achieve the processing purposes.
4. Purposes of Personal Data Processing
Your personal data will be collected, used, and disclosed for purposes stated in Section 5, other purposes outlined in the PDPA, or as you have consented to, or as required by law.
5. Use and Disclosure of Personal Data
In accordance with the purposes stated in this Privacy Policy, the PDPA, your consent, or other applicable laws, your personal data may be disclosed or transferred to third parties and/or government authorities.
The Company Group may transfer your personal data outside Thailand only as necessary for the purposes described in this Privacy Policy and with adequate security measures. If the destination country does not meet sufficient data protection standards, the Company Group will ensure compliance with exceptions provided under the PDPA or other applicable laws.
6. Cookies
Cookies are small pieces of data sent from the Company Group’s website to your device. The Company Group may also collect log files, such as language preference, user information, or other settings, when you interact with the Company Group’s websites or perform transactions.
7. Security Measures and Policies
The Company Group recognizes the importance of compliance with the PDPA and other relevant laws. To protect your personal data, the Company Group has implemented the following measures:
- Personal data security measures.
- Response policies for government access requests.
- Internal data sharing policies within the Company Group.
8. Data Subject Rights
You have rights under the PDPA, subject to conditions specified therein. The Company Group provides forms for exercising these rights on its website at www.bangkokchainhospital.com, allowing you to submit requests to exercise your rights as a data subject.
9. Privacy Policies of Other Websites
This Privacy Policy applies only to the Company Group’s activities and website usage. Other websites or applications may have links that lead you elsewhere. Please review their privacy policies separately, as the Company Group is not responsible for personal data or cookie use on external sites.
10. Review and Updates
The Company Group will regularly review this Privacy Policy to ensure compliance with the PDPA and other laws. Any updates will be published promptly on the Company Group’s website.
11. Contact Information
For inquiries regarding this Privacy Policy or to exercise your rights, please contact the Data Protection Officer (DPO):
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
For more details on the Privacy Notice and other related documents, please find below.
Privacy Policy
Bangkok Chain Hospital Public Company Limited (“BCH”), together with its affiliated companies as listed in Annex 1, and any other affiliated companies that may be established in the future (which will be notified accordingly) (collectively referred to as the “Affiliates”), which provide healthcare services under the following groups: (a) World Medical Hospital Group, (b) Kasemrad International Hospital Group, (c) Kasemrad Hospital Group, and (d) Karunvej Hospital Group, including polyclinics and other related businesses (collectively referred to as the “Group”), recognize the importance of your privacy and are committed to maintaining high standards in operational practices and personal data protection.
Accordingly, the Group has established this Privacy Policy (“Privacy Policy”) to ensure that the collection, use, and disclosure of personal data are conducted in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”).
You are encouraged to read this Privacy Policy in conjunction with the specific Personal Data Protection Policies that have been prepared and provided by the Group for particular categories of data subjects, namely: (a) service recipients, (b) business partners, (c) personnel, and (d) shareholders, investors, and directors, as well as individuals related to the foregoing persons (collectively referred to as the “Personal Data Protection Policies”).
This Privacy Policy shall be deemed supplementary to the Personal Data Protection Policies and shall not serve to revoke, replace, or amend any provisions contained therein. In the event of any conflict or inconsistency between this Privacy Policy and the Personal Data Protection Policies, the provisions of the applicable Personal Data Protection Policies shall prevail, as the Group has provided them for your specific consideration and for the purpose of obtaining your explicit consent.
1. Types of Personal Data
“Personal Data” refers to any information relating to an individual that enables the identification of such individual, whether directly or indirectly. This excludes information of deceased persons and other types of personal data as may be specified under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
The Group may collect and use your personal data as follows:
1.1 Identifiable Information
Such as first name, last name, nickname, gender, age, date of birth, nationality, photographs, video recordings, national ID number or passport number, marital status, position, company name, organization of employment, vehicle registration details, information about individuals related to you such as family members, or other information of a similar nature that may identify an individual.
1.2 Sensitive Personal Data
Such as facial scans, fingerprint scans, medical examination results, religion, ethnicity, sexual orientation, health data, disability status, mental health data, genetic data, biometric data, criminal records, or any other data of a similar nature as prescribed by the Personal Data Protection Committee of Thailand.
1.3 Contact Information
Such as residential address (as stated on ID card), personal phone number, personal email address, social applications (e.g., Line ID, Facebook account), or other similar contact details.
1.4 Membership Information
Such as membership number, type of membership, and membership start and end dates.
1.5 Employment Information
Such as position, salary or other compensation, benefits and entitlements under the employment contract, expense reimbursement history, records of attendance, performance evaluation results, complaints, grievances, investigations, and disciplinary actions.
1.6 Financial Information
Such as investment details in BCH and its Affiliates, bank account numbers, types of bank accounts, salary, compensation, tax-related information, deductions or expenses, and transaction details with the Group.
1.7 Preferences and Interests
Such as satisfaction levels or opinions regarding the Group's products and/or services.
1.8 Qualifications Information
Such as educational background, training history, work experience, skills, expertise, professional licenses, medical practitioner licenses, and other related qualification data.
1.9 Security Information
Such as CCTV footage or other data used for the purpose of safeguarding the Group’s security.
1.10 IT and Technical Information
Such as IP address, cookies, and other similar information and digital identifiers.
In the event that you wish to use or purchase products and/or services, collaborate, become a member, participate in activities, enter into a contractual relationship, or otherwise engage with the Group, the Group may be required to collect your personal data. If you choose not to provide such personal data, the Group may not be able to enter into a contract with you, proceed with your requests, fulfill its obligations under any contract, agreement, or legal relationship, or comply with legal obligations applicable to the Group.
If you provide the Group with personal data of other individuals, you confirm that such individuals have reviewed this Privacy Policy and have provided their consent for the processing of their personal data in accordance with this Privacy Policy or the applicable Personal Data Protection Policy. You are responsible for providing the Group with a copy of the relevant consent form(s) upon request.
For personal data collected prior to 1 June 2022, the Group will process such data in accordance with the PDPA. If you do not wish for the Group to continue collecting or using such data, you may withdraw your consent at any time by contacting the Group or the Data Protection Officer as specified in Section 15.
2. Collection of Personal Data
The Group may collect your personal data directly from you or through other channels, including but not limited to the following:
2.1 Website Usage
The Group may collect your personal data when you use its websites and applications through cookies or similar technologies, including when you use services or access the Group’s internet network.
2.2 Related Persons
The Group may collect your personal data from coordinators, secretaries, your contacts, or other individuals related to you, such as authorized representatives, legal representatives, family members, relatives, beneficiaries, close contacts, emergency contacts, referees, witnesses in various documents, or colleagues.
2.3 Associated Companies/Organizations
The Group may collect your personal data from companies or organizations associated with you, such as your employer, affiliated companies, or service providers who are business partners of the Group.
2.4 Public Sources
The Group may collect your personal data from public sources, including government agencies, state enterprises, regulatory authorities, public websites, or social media platforms.
3. Retention Period of Personal Data
The Group will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. The specific retention period will be as specified in the applicable Personal Data Protection Policies.
However, the Group may continue to retain your personal data for as long as:
- permitted by the PDPA and/or any other applicable laws;
- there remains an ongoing legal relationship between you and the Group;
- the Group is legally obligated to retain the personal data;
- you have given consent to the Group; and/or
- it is necessary for the purposes of lawful processing under this Privacy Policy.
4. Purposes of Personal Data Processing
Your personal data will be collected, used, and disclosed for the purposes set forth below, as well as for any other purposes specified in the applicable Personal Data Protection Policies, those to which you have given consent, or as permitted or required under the PDPA and/or other applicable laws.
4.1 Compliance with Legal Obligations
- To carry out activities relating to BCH and its Affiliates' unitholder/shareholder meetings, including sending meeting invitations, identity verification, registration, conducting the meetings, and vote casting, as well as preparing relevant documents such as unit distribution reports, reviews of transactions deemed related-party transactions, and tax-related matters.
- To undertake corporate governance and management activities relating to BCH and its Affiliates, including dividend payments, capital increases, issuance and offering of debentures, and other related actions.
-
To comply with applicable laws, including but not limited to:
- Civil and Commercial Code B.E. 2535 (1992)
- Medical Facility Act B.E. 2541 (1998)
- Revenue Code
- Emergency Medical Act B.E. 2551 (2008)
- Public Limited Companies Act B.E. 2535 (1992)
- Communicable Diseases Act B.E. 2558 (2015)
- Securities and Exchange Act B.E. 2535 (1992)
- Persons with Disabilities Empowerment Act B.E. 2550 (2007)
- Anti-Money Laundering Act B.E. 2542 (1999)
- Skill Development Promotion Act B.E. 2545 (2002)
- Royal Decree on Electronic Meetings B.E. 2563 (2020)
- Occupational and Environmental Disease Control Act B.E. 2562 (2019)
- Accounting Act B.E. 2543 (2000)
- Employment and Job Seeker Protection Act B.E. 2528 (1985)
- Labour Protection Act B.E. 2541 (1998)
- Civil Registration Act B.E. 2534 (1991)
- Labour Relations Act B.E. 2518 (1975)
- Computer-Related Crime Act B.E. 2550 (2007)
- Social Security Act B.E. 2533 (1990)
- National Health Security Act B.E. 2545 (2002)
- Workmen’s Compensation Act B.E. 2537 (1994)
- Protection for Motor Vehicle Accident Victims Act B.E. 2535 (1992)
- Occupational Safety, Health, and Work Environment Act B.E. 2554 (2011)
- Medical Profession Act B.E. 2542 (1999)
- National Vaccine Security Act B.E. 2561 (2018)
- Medical Practice Act B.E. 2525 (1982)
- National Health Act B.E. 2550 (2007)
- Mental Health Act B.E. 2551 (2008)
This may include reporting your personal data to relevant government authorities as required by law, administering and maintaining the health and safety of personnel in accordance with legal requirements, and reporting patient data to government agencies as legally required.
-
To comply with public health laws, including:
The reporting of service recipients’ information to relevant government authorities as required by law; the registration and reporting of patient data, including individuals diagnosed with HIV; the screening of individuals entering the healthcare facility; the submission of reports to communicable disease control officers; the provision of standardized patient transfer and transportation services; and the implementation of standards related to Alternative Hospital Quarantine (AHQ) and Alternative State Quarantine (ASQ), as well as compliance with state-mandated criteria for quarantine facility designation and any other reporting obligations as required by applicable laws.
-
To comply with public health laws, including:
The reporting of service recipients’ information to relevant government authorities as required by law; the registration and reporting of patient data, including individuals diagnosed with HIV; the screening of individuals entering the healthcare facility; the submission of reports to communicable disease control officers; the provision of standardized patient transfer and transportation services; and the implementation of standards related to Alternative Hospital Quarantine (AHQ) and Alternative State Quarantine (ASQ), as well as compliance with state-mandated criteria for quarantine facility designation and any other reporting obligations as required by applicable laws.
- To provide emergency assistance or coordinate with the Emergency Patient Rights Protection Coordination Center and the National Institute for Emergency Medicine, including cases involving the transfer of emergency patients or any actions taken under the Emergency Medical Act to prevent or mitigate harm to life, body, or health.
- To comply with court orders and/or orders issued by competent authorities such as the Legal Execution Department or the Student Loan Fund.
- To use family members’ health data for screening or diagnosis of the service recipient.
- To use your data for processing medical reimbursement claims for service recipients eligible for statutory benefits, and to manage treatment costs and related expenses.
- To prepare patient records, including treatment documentation and other legally required medical records.
- To assess, screen, diagnose, treat, and care for you, including treatment planning, discharge planning, referral planning, scheduling appointments, communicating test results, and conducting follow-ups.
- To use your data in the issuance of birth certificates and death certificates in accordance with the law.
- To comply with laws applicable to shareholders, investors, and directors, including registration, disclosure and reporting to competent authorities, legal qualification checks, related-party transactions, and tax compliance.
- To process matters relating to inheritance law and comply with court orders in the event of a shareholder’s or investor’s death.
4.2 Contractual Basis
- For recruitment, hiring, selection, evaluation, and consideration of individuals and/or business partners to work with the Group, entering into employment contracts, and performing obligations under such employment contracts or scholarship agreements between you and the Group.
- For entering into contracts or any transactions with you, as well as performing obligations under contracts between you and the Group or according to your lawful instructions regarding such contracts, such as payment of remuneration or reimbursement in case you have incurred expenses in advance.
- For managing and monitoring work attendance, including clock-in/out times, absenteeism, tardiness, overtime work, and work on holidays.
- For managing employee benefits, welfare, performance evaluation, and ensuring that employees meet contractual qualifications, including holding professional licenses, medical practice certificates, and meeting legal requirements.
- For organizing training sessions or sending employees to training courses related to contractual duties, or sending personnel to provide lectures or knowledge-sharing to external organizations, including booking flights or hotels in case of work at different locations.
- For creating and maintaining an intranet database to verify the identity of medical personnel involved in patient diagnosis.
- For verifying diagnosis, treatment, or any medical services provided by medical personnel, including disclosing such information to external medical service providers for the purpose of carrying out such activities.
- For workforce planning, organizational charting, and posting notices in all departments.
- For entering into employment insurance contracts for certain employee positions.
- For providing medical services and maintaining records related to service recipients and other medical documents, including disclosing your personal data to medical personnel or other medical service providers for activities related to medical services.
- For coordinating and disclosing your information to affiliated healthcare facilities within the Group, such as beauty centers, anti-aging centers, dental centers, and dialysis centers, in order to provide medical services to you and coordinate related payment matters.
- In case you use the infirmary service at your employer’s workplace, the Group will process your data to provide medical services and disclose your information to the employer, as well as prepare and maintain medical records, reports, and statistics according to the contract between the Group and your employer.
- In case you use clinics within the Group’s network, the Group will process your data to provide medical services and maintain medical records.
- For organizing board meetings, shareholder meetings, and other necessary meetings for the Group’s operations, including sending invitations, identity verification, registration, conducting meetings, and voting.
- For entering into legal acts or transactions on behalf of the Group, such as managing financial transactions with banks, signing contracts, contacting government agencies or any relevant authorities, and authorizing individuals appointed by the board to carry out legal acts or necessary transactions for the Group’s operations.
- For distributing dividends or paying interest to shareholders or bondholders of the Group or other benefits related to share or bond ownership.
4.3 Legitimate Interests of the Group
- To verify your identity and/or authority to act on behalf of others.
- To prevent, respond to, and manage risks, as well as to conduct audits and internal management within the Group, including consultation with legal, accounting, and tax advisors on relevant matters.
- To retain data of job applicants for future employment opportunities.
- To assess the qualifications and suitability of contractors under labor service contracts and to maintain a database during the period of contract performance.
- To evaluate, analyze, and develop human resource management and hospital service quality, and to ensure that the Group’s business operations meet established standards.
- To respond to complaints and undertake disciplinary actions.
- To disclose information for inspection and certification by relevant organizations, such as Joint Commission International (JCI) and the Institute of Hospital Quality Improvement and Accreditation (Public Organization).
- To record images and videos of meetings for public relations purposes without disclosing your identity.
- To disclose information related to mergers and acquisitions, business restructuring, bankruptcy or rehabilitation processes, capital increases, or similar processes.
- To verify your information with references, such as previous employers or educational institutions, prior to employment.
- To disclose information to external agencies for compliance with standards, such as the Thailand Labor Standard and Good Labor Practice standards by the Department of Labor Protection and Welfare.
- To establish claims, prepare and maintain related data and documents as evidence in case of complaints, including legal proceedings or defense.
- To provide you with benefits as an entitled recipient.
- To use for emergency contact purposes.
- To serve as evidence of contractual agreements.
- To contact you as a reference person for verifying information about personnel before employment.
- To manage expenses related to service recipients.
- To disclose necessary information to payment service providers and/or financial institutions to verify the accuracy of transactions between you and the Group.
- To establish, enforce, exercise, or defend legal claims, including responding to complaints, legal proceedings, and litigation, including court actions in the event of disputes.
- To analyze and research activities and marketing promotions for the development of products, services, and other activities of the Group.
- To record images or videos at events and disseminate for public relations purposes (excluding targeted advertising).
- To maintain a database for future employment and to use for price comparison and expense management within the Group.
- To verify qualifications of medical personnel at other healthcare providers when the Group utilizes external medical services.
- In case you are a representative of a legal entity, the Group will collect your data to verify identity and authority for contract execution, and to coordinate regarding the legal relationship between parties.
- To manage contractors under labor service agreements, assess qualifications, monitor and evaluate performance, and maintain a database during contract execution.
- To conduct security checks and ensure safety within hospital buildings or premises, including risk assessment, access control, issuing and exchanging access cards, recording entry and exit data, and CCTV surveillance inside buildings, offices, or surrounding areas.
- To maintain safety and security for employees, service users, and other persons entering the buildings and premises, as well as protecting company property from unauthorized access to restricted areas.
- To protect the health, safety, and property of you and others.
- To safeguard buildings, premises, and assets from damage, malfunctions, vandalism, and other crimes.
- To support law enforcement agencies in preventing, deterring, detecting crimes, and pursuing legal actions when crimes occur.
- To comply with laws and requests from authorized government agencies, or to serve as evidence in cases of crimes or accidents occurring within or around buildings and premises.
- To assist in the efficient resolution of disputes that arise.
- To support investigations or legal proceedings related to whistleblowing.
- To support establishing or defending legal rights in legal proceedings, including but not limited to civil and labor cases.
4.4 Consent Basis
- To verify your information from social media prior to employment.
- To confirm your status as personnel to external parties.
- To use your medical treatment information and feedback regarding the Group’s services for public relations and disclosure through various channels of the Group.
- In the case you are medical personnel, the Group may disclose your information to the Group’s insurance partner companies for professional insurance purposes.
- In the case you are medical personnel, the Group may disclose your information to service recipients for qualification verification.
- In the case you have a loan with a bank affiliated with the Group, the Group may deduct your salary to repay the loan.
- To verify sensitive personal information regarding health data, criminal records, and religion to assess and verify your qualifications, health information, and conduct before joining or during any employment with the Group.
- To collect job applicant data and forward it to affiliated companies within the Group for future employment opportunities.
- To assist, prevent, and protect personnel who may be subject to discrimination.
- To manage sick leave, healthcare benefits, and health checkups.
- To provide medical treatment and prepare meals according to your religious beliefs and health needs.
- To provide facilities for religious ceremonies.
- To disclose information to government agencies for the purpose of registering health screening facilities for workers seeking employment abroad.
- To collect, use, and disclose your identification documents, such as national ID cards (which include religious information).
- To verify sensitive personal information related to your fingerprints and/or facial scans for attendance monitoring, access control to restricted areas, as well as for surveillance and security purposes.
- To disclose service recipient information to other healthcare facilities or government agencies for medical service provision by other healthcare providers.
- To coordinate with insurance companies related to your rights and claims for medical expense reimbursements (including embassies if you are a foreign national entitled by law).
- To follow up and inquire about your condition in cases where you refuse inpatient treatment, and to encourage you to undergo inpatient care.
- To follow up and inquire about your condition if you refuse medical procedures, and to encourage you to undergo such procedures.
- To monitor your satisfaction with the received services.
- To monitor your satisfaction with hospital referrals.
- To organize training and provide guidance for health behavior modification.
- To coordinate with hotel operators where you undergo legally mandated quarantine, including disclosing necessary service recipient information to such hotel operators.
- To facilitate your civil registration processes, such as birth and death notifications.
- In the case you use health screening and medical treatment services as an employee, the Group may report health screening results to your employer as per the contract and manage related expenses.
- To promote products and/or services, including promotions and events that may be of interest to you.
- To conduct interviews regarding your service experience and to disclose such information for publicity purposes.
- To handle referrals from companies, insurance agents, or agencies, including coordination with such persons.
- To manage relationships between the Group, service recipients, and insurance companies or agents, such as conducting visits and presenting gifts to service recipients on behalf of such companies or agents.
- To maintain health records in accordance with the Ministry of Public Health regulations on the protection and management of personal health information B.E. 2561 (2018).
- In case you contact the Group by phone, the Group may record conversations for service quality improvement purposes.
5. Individuals or Juristic Persons to Whom the Group Discloses or Transfers Personal Data
In accordance with the purposes specified in this Privacy Policy, the Personal Data Protection Policy, your consent letter, and other purposes as permitted or required by the Personal Data Protection Act and/or other applicable laws, your personal data may be disclosed or transferred to third parties and/or government agencies as follows:
5.1 Speakers and participants in training sessions, lectures, seminars, or other activities organized by the Group.
5.2 Affiliate companies of the Group, other healthcare facilities, affiliated healthcare providers, medical personnel, external medical service providers, certification bodies, and other external service providers related to business operations.
5.3 Medical service recipients of the Group.
5.4 The general public or visitors to the Group’s websites, social media platforms, and social applications.
5.5 Government agencies and state enterprises, such as TOT Public Company Limited, The Stock Exchange of Thailand, The Securities and Exchange Commission Office, Revenue Department, Department of Business Development, The Thai Institute of Directors Association, including courts, police officers, and claimants.
5.6 Registrars, such as Thailand Securities Depository Company Limited.
5.7 Financial institutions, including banks providing financial services to you or managing financial transactions for the Group.
5.8 Provident funds, including registrars of provident funds.
5.9 Asset managers or trustees, or any persons who act as trustees for the Group’s legal relations. Insurance companies, including insurance brokers and other similar service providers, as well as any insurance agents.
5.10 Service providers, suppliers, contractors, and subcontractors working with the Group to provide goods or services, such as media agencies, IT service providers, website and software service providers, airlines, hotels, travel agents, parcel delivery services, marketing service providers, market data analysis or research providers, payroll services, event organizers, venue and catering providers, and other contractors and organizations the Group interacts with.
5.11 Professional advisors such as accountants, lawyers and legal consultants, auditors, internal auditors, and actuaries.
5.12 Individuals related to you, such as contacts, secretaries, coordinators, family members, and references such as previous employers, educational institutions, training centers, professional councils, former colleagues, emergency contacts, and disciplinary complainants.
6. Transfer of Data Abroad
The Group may disclose or transfer your personal data to individuals or organizations outside the Kingdom of Thailand (if any), such as supporting organizations of the Group, organizations co-hosting events with the Group, or certification bodies such as Joint Commission International (JCI). Such disclosure or transfer will be conducted only to the extent necessary for the purposes specified in this Privacy Policy and the Personal Data Protection Policy.
The Group will implement necessary and appropriate security measures for transferring personal data outside the Kingdom of Thailand, such as verifying the credibility and personal data protection standards of the data recipients, or entering into confidentiality agreements with the recipients in the respective countries.
In cases where the destination country has insufficient standards, the Group will ensure that the transfer of personal data complies with the exceptions prescribed under the Personal Data Protection Act or other applicable laws.
7. Cookies
Cookies are small pieces of data sent from the Group’s website to your computer when you visit the Group’s website to store details of your computer’s traffic logs, such as your preferred language, system user, or other settings. The Group may collect cookies and similar technologies when you interact or transact with the Group via the internet, including visiting the Group’s websites or platforms controlled by the Group.
Cookies and similar technologies do not cause harmful side effects to your computer. The Group may use cookies and similar technologies for various purposes, including:
7.1 To allow you to use services and/or access various functions on the Group’s websites or applications.
7.2 To improve the performance of the Group’s websites or applications in delivering online services.
7.3 To help the Group remember and respond to you more efficiently, such as remembering your username, password, or settings from previous visits to the website or application.
7.4 To analyze, improve, and develop the website’s operations.
You may delete cookies or refuse to allow cookies to operate by visiting www.bangkokchainhospital.com. However, deleting or refusing cookies may cause some or all functions of the services to not operate smoothly.
8. Minors, Persons Lacking Legal Capacity, and Persons of Quasi-Incompetence
For obtaining consent to collect, use, and disclose personal data of minors for any purposes that the minors are unable to perform by themselves under the Civil and Commercial Code, the Group must obtain consent from their legal guardians. However, if the minor is under 10 years old, the Group must obtain consent from all legal guardians without exception.
For obtaining consent to collect, use, and disclose personal data of persons lacking legal capacity, the Group must obtain consent only from their legal representatives authorized to act on their behalf.
For obtaining consent to collect, use, and disclose personal data of persons of quasi-incompetence, the Group must obtain consent only from their guardians authorized to act on their behalf.
The Group cannot verify whether visitors to the Group’s website are minors, persons lacking legal capacity, or persons of quasi-incompetence, and does not intend to collect data of such persons. If the Group becomes aware that you are a minor, person lacking legal capacity, or person of quasi-incompetence, the Group will promptly seek consent from your legal guardian, legal representative, or guardian, as applicable.
9. Closed-Circuit Television (CCTV)
The Group has installed CCTV cameras to record the activities of individuals entering and exiting the Group’s premises for the purposes of security, prevention of danger and accidents, and investigation in case of criminal incidents. Access to the CCTV recordings is restricted to authorized personnel only.
10. Measures and Policies Related to Personal Data
The Group recognizes the importance of compliance with relevant laws, including the Personal Data Protection Act. To protect and ensure the security of your personal data, the Group implements the following measures and policies to safeguard your data:
10.1 Policy on implementing security measures for personal data protection.
10.2 Policy on responding to requests or orders to access personal data from government agencies.
10.3 Policy on disclosure of information within companies of the Group.
11. Data Subject Rights
You have rights as specified under the Personal Data Protection Act (PDPA), subject to the criteria and conditions set forth by the PDPA and other relevant laws. The Group has prepared request forms for exercising these rights and published them on the Group’s website at www.bangkokchainhospital.com, allowing you to access and submit requests to exercise your rights in accordance with the PDPA and related laws protecting your rights as a data subject.
You may exercise your rights by contacting the Group or the Data Protection Officer (DPO) as detailed in Section 15.
11.1 Right to Access and Obtain Copies: You have the right to access or request a copy of your personal data collected, used, or disclosed by the Group, and to request disclosure of any personal data obtained without your consent.
11.2 Right to Data Portability: You have the right to receive your personal data in a commonly readable and usable electronic format and to request the Group to transfer your data to a third party, or to receive personal data transferred by the Group to a third party, unless technically infeasible. This applies only to personal data collected, used, or disclosed based on your consent, contractual basis, or other lawful grounds.
11.3 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when the Group processes it based on public interest, legitimate interests, direct marketing, or for scientific, historical, or statistical research purposes.
11.4 Right to Erasure: You have the right to request the Group to delete or destroy your personal data or anonymize it when applicable.
11.5 Right to Restrict Processing: You have the right to request the Group to suspend the use of your personal data during the investigation of correction requests, objections to processing, or when you request suspension instead of erasure, especially when the data is no longer necessary but is retained for legal claims or defenses.
11.6 Right to Rectification: You have the right to request correction of your personal data to ensure it is accurate, current, and not misleading.
11.7 Right to Lodge a Complaint: You have the right to file a complaint with the Personal Data Protection Committee of Thailand if the Group or its employees or contractors violate the PDPA.
11.8 Right to Withdraw Consent: You have the right to withdraw your consent given to the Group at any time, either partially or fully, according to procedures set by the Group. Withdrawal of consent will not affect the legality of data processing done before the withdrawal.
You may exercise these rights by contacting the Group or the Data Protection Officer as specified in Section 15.
Withdrawal of consent may affect the Group’s ability to fulfill certain requests or provide services smoothly. Any withdrawal does not affect data processed lawfully before the withdrawal.
To protect data subjects, the Group may refuse requests if (a) the requester cannot prove ownership or authority, or insufficient information is provided for processing; (b) the request is unreasonable or not legally entitled; (c) the request is excessive or repetitive without reasonable cause; or (d) the Group has the right to refuse under the PDPA or other applicable laws.
12. Privacy Policy of Other Websites
This privacy policy applies only to the activities of the Group and the use of its websites. The Group’s websites or applications may contain links to other websites or applications. If you access other websites or applications via these links, you should review their privacy policies separately before providing any personal data. The Group is not responsible for the processing of personal data or use of cookies on such external websites.
13. Review and Amendment
The Group regularly reviews this privacy policy to ensure compliance with amendments to the PDPA and other relevant laws and updates it as necessary or when technology changes, to maintain appropriate security measures. Any changes or amendments will be published promptly on the Group’s website.
14. General Provisions
This privacy policy is governed by and interpreted in accordance with the PDPA and laws of Thailand.
15. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- The Group’s Data Protection Officer using the contact details below, and
- The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Personal Data Protection Policy for Service Recipients
Bangkok Chain Hospital Public Company Limited ("BCH") and its affiliated companies as listed in Attachment 1, as well as any other companies that may be added in the future (which will be notified accordingly) ("Affiliates"), are healthcare service providers within the following hospital groups:
- (a) World Medical Hospital Group,
- (b) Kasemrad International Hospital Group,
- (c) Kasemrad Hospital Group, and
- (d) Karunvej Hospital Group, including providers of multi-specialty clinics and other businesses (hereinafter collectively referred to as the "Group").
Considering your privacy and committed to maintaining high standards in operation and protection of your personal data, the Group has established this Personal Data Protection Policy for Service Recipients ("Personal Data Protection Policy") to ensure that the collection, use, or disclosure of personal data complies with the Personal Data Protection Act B.E. 2562 (2019) ("PDPA").
This Personal Data Protection Policy applies to the protection of your personal data in the capacity as:
- (1) Patient, service recipient, participant in activities, or contact person of the Group, including the general public ("Service Recipient")
- (2) Relatives, family members, or close persons of the Service Recipient, including witnesses in various documents ("Relatives")
1. Types of Personal Data
"Personal Data" means any data relating to an identified or identifiable individual, whether directly or indirectly, excluding data of deceased persons specifically or other types of personal data as prescribed by the PDPA.
1.1 If you are a Service Recipient, the personal data that the Group may collect from you includes:
| No. | Type of Personal Data | Details |
|---|---|---|
| 1. | "Identification Data" |
|
| 2. | "Sensitive Personal Data" |
|
| 3. | Contact Information |
|
| 4. | “Service/Visit Information” |
|
| 5. | Payment Information |
|
| 6. | Information Data | Computer Traffic Data (Log files) including IP address and MAC address, browser type, cookies data, time zone settings, operating system, platform, and device technology used to access the website and the Online Appointment System. |
| 7. | Membership Information | Examples include membership number, membership type, and the start and end dates of membership. |
1.2 If you are a relative of the service recipient, the personal data that the Group may collect from you includes:
| No. | Type of Personal Data | Details |
|---|---|---|
| 1. | "Identification Data" |
|
| 2. | "Sensitive Personal Data" |
|
| 3. | “Contact Information” |
|
If you wish to receive services, enter into a contract, or establish any legal relationship with the Group of Companies, the Group must collect your personal data. If you do not provide your personal data to the Group, the Group may not be able to enter into a contract with you, process any requests you make, or perform duties under the contract, agreement, or legal relationship, including complying with any legal obligations that the Group is required to follow.
If you provide personal data of another person to the Group, you confirm that the said person has reviewed this Personal Data Protection Policy and has given consent to the processing of their personal data according to this policy (in cases where there is no legal basis for processing). You must provide a consent letter from that person to the Group upon request.
2. Data collected before the Personal Data Protection Act takes effect
For personal data collected before June 1, 2022, the Group will handle such data in compliance with the Personal Data Protection Act. If you do not wish the Group to continue collecting and using such personal data, you may withdraw your consent at any time by contacting the Group or the Data Protection Officer as detailed in section 9.
3. Collection of personal data
The Group may collect your personal data directly from you or from other sources as follows:
- 3.1 Group affiliated companies
- 3.2 Other medical facilities, partner hospitals, medical personnel
- 3.3 Relatives or service recipients
- 3.4 External service providers
- 3.5 Employers of service recipients
- 3.6 Insurance companies, agents, or insurance business agencies
- 3.7 Embassies
- 3.8 Agencies
- 3.9 Hotel operators
- 3.10 Government agencies
4. Retention period of personal data
The Group will retain your personal data only as long as necessary to achieve the purposes stated in this Personal Data Protection Policy, but not exceeding 10 years from the last time the service was used. However, the Group may retain your personal data for a longer period if:
- (a) permitted by the Personal Data Protection Act and/or other applicable laws;
- (b) you and the Group still have a legal relationship;
- (c) the Group has a legal duty to retain the data;
- (d) you have given consent to the Group; and/or
- (e) it is necessary under the law to achieve the processing purposes according to this policy.
5. Purpose of processing personal data
Your personal data will be collected, used, and disclosed for the purposes specified below, or as you have consented, or as required by the Personal Data Protection Act and/or other related laws.
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
|---|---|---|---|---|
| 5.1 | Service Recipient | |||
| 5.1.1 | Collection and Use by the Group of Companies | |||
| 5.1.1.1 | For the purpose of providing medical diagnostic services, and the preparation and storage of evidence related to the service recipients and other documents related to medical treatment in accordance with applicable laws:
|
|
|
Law |
| 5.1.1.2 | For the prevention or mitigation of danger to life, body, and health, including compliance with laws related to emergency patients, which includes but is not limited to:
|
|
|
|
| 5.1.1.3 | For the establishment and exercise of legal claims, including but not limited to exercising legal rights, litigation, defense in legal proceedings, and enforcement of judgments. |
|
Legitimate Interests | Establishment of Legal Claims |
| 5.1.1.4 | For providing services related to payment of medical expenses, as well as the purchase of goods and/or services both online and offline, including any related procedures concerning medical fees and other expenses. |
|
Contract
|
Law |
| 5.1.1.5 | For the purposes of contacting individuals to gather feedback and assess satisfaction regarding services received or products used, as well as for analyzing data to support the development and enhancement of products and services. This also includes marketing planning and the execution of marketing activities related thereto. |
|
Legitimate interests | Consent |
| 5.1.1.6 |
|
|
Consent | Consent |
| 5.1.1.7 | For the purpose of conducting marketing and related public relations activities, including but not limited to:
|
|
Consent | Consent |
| 5.2.1 | Disclosure of Personal Data by the Group of Companies to Third Parties | |||
| 5.2.1.1 | Disclosure of personal data to healthcare professionals, other personnel within the Group of Companies, and external medical service providers located within Thailand, for the purposes of medical examination and diagnosis, screening of critical emergency patients, and medical treatment of the service recipients. |
|
Contract |
|
| 5.2.1.2 | Disclosure of Personal Data to Professionals and Other Personnel of the Company Group, as well as to External Medical Service Providers Located in Other Countries (e.g., the Lao People's Democratic Republic), for the Purpose of Medical Examination and Diagnosis. |
|
Contract | Consent |
| 5.2.1.3 | Disclosure of Personal Data to Regulatory Authorities or Entities with Legal Authority, such as the Ministry of Public Health, the Subcommittee for Certification of Dialysis Treatment Standards, the Department of Health Service Support (HSS), the Social Security Office, the National Health Security Office (NHSO), other healthcare facilities, the Court, the Police, the Revenue Department, etc., for the purpose of complying with laws related to public health and medical treatment, as well as for exercising various legal rights. |
|
|
Law |
| 5.2.1.4 | Disclosure of Personal Data to Insurance Companies, Banks and Financial Institutions, and/or Other Relevant Organizations (e.g., embassies in the case of foreign nationals) for the purpose of identity verification, billing, and management of medical expenses. |
|
Legitimate interest | Consent |
| 5.2.1.5 | Disclosure of personal data to relevant government agencies or organizations (e.g., Social Security Office) for the purpose of processing medical expense reimbursements from government agencies in cases where the service recipient is a beneficiary under the law. |
|
Law | Law |
| 5.2.1.6 |
|
Identifiable Information
|
Legitimate interest | Consent |
| 5.2.1.7 | Disclosure of personal data to insurance companies or personal data processors of the group of companies, such as companies providing public relations or marketing services, for the purposes of marketing and organizing promotional activities or giveaways for service recipients. |
|
Legitimate interest | Consent |
| 5.2.1.8 | Disclosure of personal data to various partner companies and affiliated companies within the group for providing medical services to you, including coordination of related payment processes such as accommodation hotels, partner medical facilities (e.g., beauty centers, anti-aging centers, dental centers, dialysis centers, etc.), affiliated clinics and medical facilities. |
|
|
Law |
| 5.2.1.9 | Disclosure of personal data to data processors who are advisors of the group of companies, such as legal consultants, accountants, auditors, tax advisors, and internal auditors, for the purposes of compliance with the law and seeking consultation for the group of companies’ business operations. |
|
Legitimate interest | Establishment of Legal Claims |
| 5.2.1.10 | Disclosure of service recipient's information to various partner companies within the group for the purpose of communication and presenting promotional products and services. |
|
Law | Law |
| 5.2 | Relative of the service recipient | |||
| 5.2.1 | For the purpose of complying with laws related to medical treatment and issuing legally required certificates, which includes but is not limited to:
|
|
Law | Law |
| 5.2.2 | For the purpose of contacting in emergencies related to the medical treatment of the service recipient and related rights:
|
|
Legitimate interest | Establishment of Legal Claims |
6. Disclosure of Personal Data to External Parties
The Group of Companies may disclose your personal data to external parties and/or government agencies as follows:
6.1 Other medical facilities, affiliated service providers, medical personnel, and external medical service providers (e.g., laboratory service providers, pharmaceutical and medical supplies providers, medical equipment providers, prosthetics providers, X-Ray service providers, occupational health service providers).
6.2 External service providers (e.g., IT service providers, marketing service providers, billing service providers).
6.3 Professional service providers (e.g., legal advisors, accountants or tax consultants, auditors, internal auditors).
6.4 Accreditation organizations (e.g., Joint Commission International (JCI), Public Organization for Hospital Accreditation, Thai Society of Cardiovascular Pathologists, Thai Heart Association, Medical Technology Council).
6.5 Government agencies (e.g., Ministry of Public Health, Social Security Office, National Health Security Office, Emergency Medical Institute, Provincial Public Health Office, Health Information Office, Medical Practice Control Office, Department of Health Service Support, Department of Medical Sciences, Office of Atomic Energy for Peace, Department of Disease Control, Thai Heart Association, Subcommittee for Dialysis Standards, Department of Health Service Support, Embassies, Ministry of Foreign Affairs, Immigration Office, officials under the Computer Crime Act B.E. 2550, District Offices, Revenue Department, courts, police officers, and victims).
6.6 Banks and payment service providers (e.g., credit/debit card companies, insurance companies or agents).
6.7 Affiliate companies within the Group
6.8 Others (e.g., relatives of the service recipient, employers, hotel operators, other company agents (agency), embassies, other persons related to the service recipient, victims).
7. Your Rights
You have the rights as specified in the Personal Data Protection Act (PDPA) as follows:
7.1 Right to Access and Obtain Copies: You have the right to access or request a copy of your personal data that the Group has collected, used, or disclosed. You can also request disclosure of personal data obtained without your consent.
7.2 Right to Receive and Transfer Personal Data: You have the right to request your personal data in a format that is readable or usable by common tools or automated devices, and that can be used or disclosed automatically. You may also request the Group to send or transfer your personal data to a third party or to receive personal data that the Group has transferred to a third party, unless technically not feasible. This applies to personal data collected, used, or disclosed under your consent, contract basis, or other legal criteria.
7.3 Right to Object: You have the right to object to the collection, use, and disclosure of your personal data when the Group processes data based on public interest, legitimate interest, or for purposes of direct marketing, scientific, historical, or statistical research.
7.4 Right to Request Deletion: You have the right to request the Group to delete or destroy your personal data or make it anonymous so that you cannot be identified.
7.5 Right to Request Suspension of Use: You have the right to request the Group to suspend the use of your personal data while your request to correct or object to the collection, use, or disclosure is being reviewed. You may also request suspension instead of deletion if the data is no longer necessary but needs to be retained for legal claims, compliance, or defense.
7.6 Right to Correction: You have the right to request correction of your personal data to be accurate, current, and not misleading.
7.7 Right to File Complaints: You have the right to file complaints with the Personal Data Protection Committee of Thailand if the Group, its employees, or contractors violate or fail to comply with the PDPA.
7.8 Right to Withdraw Consent: You have the right to withdraw any consent you have given to the Group at any time, either partially for some purposes or entirely, according to the procedures and methods specified by the Group. However, withdrawing your consent will not affect the lawful collection, use, or disclosure of your personal data that occurred prior to your withdrawal.
You may exercise these rights by contacting the Group or the data protection officer as detailed in section 9. Please note that withdrawing your consent may affect the Group’s ability to fulfill certain requests or may reduce the convenience of the services provided to you. Nevertheless, withdrawing consent will not affect the personal data processing lawfully done before the withdrawal.
For the benefit and protection of your personal data, the Group may refuse your requests in the following cases:
- (a) The requester cannot provide evidence confirming they are the data subject or authorized to make the request, or the Group does not receive sufficient information to proceed, to strictly protect the personal data of the data subject.
- (b) The request is unreasonable, for example, the requester has no legal right or the personal data requested does not exist with the Group.
- (c) The request is excessive, such as repeated or identical requests without reasonable cause.
- (d) The Group has the right to refuse your request under the Personal Data Protection Act and/or other relevant laws.
8. Privacy Policy
The Group has published a Privacy Policy which outlines general information regarding the collection, use, or disclosure of all types of personal data of data subjects, as well as other details such as cross-border data transfers, cookies, and personal data security measures. The provisions in the Privacy Policy shall apply in addition to the Personal Data Protection Policy and shall not cancel, replace, or modify any terms in the Personal Data Protection Policy.
In the event of any conflicting or inconsistent provisions, the terms of the Personal Data Protection Policy shall prevail, as the Group has provided it for your consideration and consent specifically. Please review the Privacy Policy at www.bangkokchainhospital.com
9. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- (a) The Group’s Data Protection Officer using the contact details below, and
- (b) The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Siburind Medical Co., Ltd.
Kasemrad Sriburind Hospital
- Address:111/5 Moo 13, San Sai Subdistrict, Mueang Chiang Rai District, Chiang Rai Province 57000
- Phone: 053-910-999
Kasemrad Maesai Hospital
- Address:952 Moo 1, Wiang Pang Kha Subdistrict, Mae Sai District, Chiang Rai Province 57130
- Phone: 053-731-391
Kasemrad Sriburind Clinic, Chiang Saen Branch
- Address:339 Moo 6, Wiang Subdistrict, Chiang Saen District, Chiang Rai Province 57150
- Phone: 053-777-213
Saraburi Medical Co., Ltd.
Kasemrad Saraburi Hospital
- Address:2/22 Mittraphap Road, Pak Priao Subdistrict, Mueang Saraburi District, Saraburi Province 18000
- Phone: 036-315-555
Navanakorn Medical Co., Ltd.
Karunvej Pathumthani Hospital
- Address:98 Moo 13, Phahonyothin Road, Khlong Nueng Subdistrict, Khlong Luang District, Pathum Thani Province 12120
- Phone: 02-529-4533
Karunvej Ayutthaya Hospital
- Address:61/9 Moo 4, Khlong Chik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya Province 13160
- Phone: 035-315-100
Sothornvejkit Co., Ltd.
Kasemrad Chachoengsao Hospital
- Address:29 Moo 3, Suwinthawong Road, Na Mueang Subdistrict, Mueang Chachoengsao District, Chachoengsao Province 24000
- Phone: 038-812-702
Kasemrad Prachinburi Hospital
- Address:766 Moo 10, Tha Tum Subdistrict, Si Maha Phot District, Prachinburi Province 25140
- Phone: 037-627-000
Bangkok Chain Management Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Branch (1)
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Bangkok Chain Laboratory and Pathology Clinic
- Address:141 Moo 12, Bang Rak Pattana Subdistrict, Bang Bua Thong, Nonthaburi 11120
- Phone: 02-080-9445
Bangkok Chain International (Lao) Co., Ltd.
Kasemrad International Vientiane Hospital
- Address:999 450th Anniversary Road, Ban Don Nok Koom, Xaysetha District, Vientiane Capital, Lao PDR
- Phone: +85621 833333
Kasemrad Aree Radiation Oncology Center Co., Ltd.
Kasemrad Aree Specialized Radiation Oncology Clinic
Head Office
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9983
Health Chain Innotech Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9912
Bangkok Chain Dental Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9985
Personal Data Protection Policy for Employee
Bangkok Chain Hospital Public Company Limited (“BCH”) and its affiliated companies listed in Appendix 1, as well as any future affiliated companies (which will be notified accordingly) (“Affiliates”), which operate hospital services in the following groups:
- (a) World Medical Hospital Group
- (b) Kasemrad International Hospital Group
- (c) Kasemrad Hospital Group
- (d) Karunvej Hospital Group
including multi-clinic services and other businesses (collectively referred to as the “Group”), respect your privacy and are committed to maintaining high standards in operations and personal data protection. Therefore, the Group has established this Personal Data Protection Policy for Personnel (“Personal Data Protection Policy”) to ensure that the collection, use, or disclosure of personal data is conducted in compliance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
This policy applies to the protection of your personal data in the capacity as:
- (1) Employee, staff, executives, doctors, nurses, and other medical personnel (“Personnel”)
- (2) Persons related to Personnel such as family members, parents, spouses, children, relatives, beneficiaries, emergency contacts, references, former employers, former educational institutions, training centers, professional councils, former colleagues, insurance agents, and contract witnesses (“Related Persons”)
1. Types of Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person, either directly or indirectly, excluding data of deceased persons or any other personal data specified under the PDPA.
1.1 If you are Employee, the personal data that the Group may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1 | Identifiable Information |
|
| 2 | “Sensitive Personal Data” |
|
| 3 | “Contact Information” |
|
| 4 | “Employment Information” |
|
| 5 | “Financial Information” |
|
| 6 | “Educational Qualification Information” |
|
| 7 | “Information Data” |
|
1.2 “If you are an individual concerned, the personal data that the Group of Companies may collect from you includes:”
| No. | Types of Personal Data | Details |
|---|---|---|
| 1 | Identifiable Information |
|
| 2 | “Financial Information” |
|
| 3 | “Contact Information” |
|
1. Collection of Personal Data for Employment, Contracts, or Legal Relationships
If you wish to work with, enter into a contract with, or engage in any legal relationship with the Group of Companies, the Group of Companies may need to collect your personal data. If you do not provide your personal data, the Group of Companies may be unable to enter into a contract with you, carry out any requests you make, or perform any obligations under such contracts, agreements, or legal relationships. Additionally, the Group may be unable to comply with legal requirements applicable to it.
If you provide personal data of another individual to the Group of Companies, you confirm that the individual has reviewed this Personal Data Protection Policy and has given consent for the processing of their personal data in accordance with this policy (in cases where no other legal basis exists). You must provide a consent letter from that individual to the Group of Companies upon request.
2. Personal Data Collected Prior to the Personal Data Protection Act
For personal data collected prior to June 1, 2022, the Group of Companies will handle such personal data in accordance with the Personal Data Protection Act. If you do not wish the Group to continue collecting and using your personal data, you may withdraw your consent at any time by contacting the Group of Companies or the Data Protection Officer as indicated in Section 9.
3. Methods of Collecting Personal Data
The Group of Companies may collect personal data from you directly or from other sources as follows:
3.1 Affiliate Companies
3.2 Recruitment Service Providers or Job Portals
For example, www.jobsdb.com, www.jobbkk.com, www.jobthai.com, and similar platforms. Individuals related to you such as references, previous employers, previous educational institutions, training institutions, professional councils, former colleagues, family members, parents, spouse, children, relatives, beneficiaries, and any other individuals you have authorized to be contacted in case of emergency References, disciplinary complainants, commercial banks with which you have loan agreements, insurance agents, and contract witnesses.
3.3 Personal Data Obtained from Personnel
If you are an associated individual, the Group of Companies may receive your personal data from its employees.
3.4 Public Sources
Such as company websites, government agencies, regulatory authorities, or social media platforms.
4. Retention Period of Personal Data
The Group of Companies shall retain your personal data only for as long as necessary to achieve the purposes outlined in this Personal Data Protection Policy, and in no case longer than the periods specified below. However, the Group of Companies may continue to retain your personal data as long as:
- (a) The Personal Data Protection Act and/or other applicable laws permit;
- (b) You and the Group of Companies maintain a legal relationship;
- (c) The Group of Companies is legally required to retain the personal data;
- (d) You have provided consent to the Group of Companies; and/or
- (e) Retention is necessary under the law to achieve the purposes of processing in accordance with this Personal Data Protection Policy.
| No. | Data Subject | Retention Period |
|---|---|---|
| 4.1 | Personnel and Related Parties | No more than 10 years from the termination of employment status. |
Purpose of Personal Data Processing Your personal data will be collected, used, and disclosed for the purposes set forth below, for which you have provided consent, or as required by the Personal Data Protection Act and/or other applicable laws.
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
|---|---|---|---|---|
| 5.1 | Personnel | |||
| 5.1.1 | Collection and Use by the Group of Companies | |||
|
|
|
|
|
| 5.1.2 | Disclosure of Personal Data to Third Parties | |||
| Personal data may be disclosed to relevant government agencies for the Group of Companies to perform its duties in accordance with laws related to public health, labor protection, social security, and other laws applicable to the operation of healthcare facilities.” |
|
|
Compliance with Laws | |
| Personal data may be disclosed to banks, financial institutions, and data processors of the Group of Companies, such as accounting advisors, legal advisors, auditors, and internal auditors, for the purposes of providing benefits, paying compensation, performing duties as an employer under employment contracts, and conducting the business of the Group of Companies. Such disclosure may also be necessary for monitoring, auditing, and ensuring security on company premises, as well as exercising relevant legal rights, such as pursuing legal claims. |
|
|
|
|
| Personal data may be disclosed to government agencies and accreditation bodies related to the Group of Companies’ business operations for the purpose of developing and improving business standards. Examples include the Department of Labor Protection and Welfare, healthcare accreditation institutions, and the Joint Commission International (JCI). |
|
(a) Legitimate Interests | Consent | |
| Personal data may be disclosed to affiliate companies in the event of a transfer or reassignment of job positions, and for employment purposes under employment contracts or agreements between personnel and the Group of Companies. |
|
|
Consent | |
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
| 5.2 | Relevant Parties | |||
| 5.2.1 | Collection and Use by the Group of Companies | |||
| For entering into employment-related insurance contracts for certain positions. |
|
Contract | ||
|
Legitimate Interests | |||
| 5.2.2 | Disclosure of Personal Data to Third Parties | |||
| Personal data may be disclosed to banks, financial institutions, and data processors of the Group of Companies, such as accounting advisors, legal advisors, auditors, and internal auditors, for the purposes of providing benefits, paying compensation, performing duties as an employer under employment contracts, and conducting the business of the Group of Companies. Such disclosure may also be necessary for monitoring, auditing, and ensuring security on company premises, as well as exercising relevant legal rights, including pursuing legal claims. |
|
Legitimate Interests |
|
6. Disclosure of Personal Data to Third Parties
The Group of Companies may disclose your personal data to third parties and/or government agencies as follows:
6.1 Affiliate Companies
- 6.2 Commercial Banks, Provident Funds, Fund Registrars, Insurance Companies or Their Agents
- 6.3 Relevant Parties associated with personnel, such as references, former employers, previous educational institutions, training institutions, professional councils, former colleagues, emergency contacts, and disciplinary complainants.
- 6.4 Parties requesting verification of your employment status, such as commercial banks or new employers.
- 6.5 Auditors and internal auditors, including various advisors, such as legal, accounting, tax, and actuarial advisors.
- 6.6 Government Agencies, including healthcare and medical practice offices, professional councils, Revenue Department, Social Security Office, Department of Labor Protection and Welfare, Department of Skill Development, Department for the Empowerment and Development of Persons with Disabilities, Student Loan Fund, Employment Office, Immigration Bureau, Department of Legal Execution, Department of Medical Sciences, Provincial Public Health Offices, National Health Security Office, Emergency Medical Institute, District Offices, courts, police officers, and injured parties.
- 6.7 The general public and visitors to the Group of Companies’ websites, social media, or applications (limited to personal data of the Group’s personnel).
- 6.8 Service Providers, including IT service providers, training managers, dormitory rental providers, airlines, hotels, travel agents, visa and permit service providers, etc.
- 6.9 Other healthcare facilities or external medical service providers.
- 6.10 Accreditation Organizations, such as the Joint Commission International (JCI) and public healthcare accreditation institutions.
- 6.11 Organizations or agencies providing training or educational seminars.
- 6.12 Contracting parties and other individuals with whom the Group of Companies has contact.
7. Your Rights
You have the rights under the Personal Data Protection Act (PDPA) as follows:
7.1 Right of Access and Request for Copies:
You have the right to access or request copies of your personal data collected, used, or disclosed by the Group of Companies, and to request disclosure of personal data obtained without your consent.
7.2 Right to Receive and Transfer Personal Data:
You have the right to receive your personal data in a format that is commonly readable or usable by automated tools or devices. You may also request the Group of Companies to send or transfer your personal data to third parties, or to receive personal data that the Group has sent or transferred to third parties, unless technically infeasible. This right applies to personal data collected, used, or disclosed based on your consent, under a contract, or other legal basis.
7.3 Right to Object:
You have the right to object to the collection, use, or disclosure of your personal data where the Group of Companies processes your data based on public interest, legitimate interests, or for purposes of direct marketing or scientific, historical, or statistical research.
7.4 Right to Request Erasure:
You have the right to request the Group of Companies to delete or destroy your personal data, or to make it anonymous so that you cannot be identified for certain reasons.
7.5 Right to Request Suspension:
You have the right to request the Group of Companies to suspend the processing of your personal data if your request for correction, deletion, or objection is under review, or if the data is no longer necessary but you wish the Group to retain it for the establishment, exercise, or defense of legal claims.
7.6 Right to Rectification:
You have the right to request the Group of Companies to correct your personal data to ensure it is accurate, up-to-date, and not misleading.
7.7 Right to Lodge Complaints:
You have the right to lodge a complaint with the Personal Data Protection Committee if the Group of Companies, its employees, or contractors violate or fail to comply with the PDPA.
7.8 Right to Withdraw Consent:
You have the right to withdraw your consent previously given to the Group of Companies at any time, either partially or entirely, according to the procedures established by the Group. Withdrawal of consent will not affect the lawful collection, use, or disclosure of personal data prior to the withdrawal.
You may exercise these rights by contacting the Group of Companies or the Data Protection Officer as specified in Section 9. Withdrawal of consent may result in the Group being unable to fulfill certain requests or may limit your convenience. However, withdrawal will not affect the lawful processing of data given consent prior to such withdrawal.
The Group of Companies may refuse your request in cases where:
- (a) You cannot provide sufficient evidence to verify your identity or authority to submit the request, or the information provided is incomplete;
- (b) The request is unreasonable, e.g., you have no legal right or the data does not exist;
- (c) The request is manifestly excessive or repetitive without valid reason;
- (d) The Group of Companies is entitled to refuse your request under the PDPA or other applicable laws.
8. Privacy Policy
The Group of Companies has published a Privacy Policy outlining general information on the collection, use, and disclosure of all types of personal data, including details on cross-border data transfers, cookies, and security measures for personal data. The provisions in the Privacy Policy supplement, and do not replace, modify, or override the terms of this Personal Data Protection Policy. In the event of any conflict, the provisions of this Personal Data Protection Policy shall prevail, as you have been provided the opportunity to review and provide consent.
For further details, please review the Privacy Policy at: www.bangkokchainhospital.com
9. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- (a) The Group’s Data Protection Officer using the contact details below, and
- (b) The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Siburind Medical Co., Ltd.
Kasemrad Sriburind Hospital
- Address:111/5 Moo 13, San Sai Subdistrict, Mueang Chiang Rai District, Chiang Rai Province 57000
- Phone: 053-910-999
Kasemrad Maesai Hospital
- Address:952 Moo 1, Wiang Pang Kha Subdistrict, Mae Sai District, Chiang Rai Province 57130
- Phone: 053-731-391
Kasemrad Sriburind Clinic, Chiang Saen Branch
- Address:339 Moo 6, Wiang Subdistrict, Chiang Saen District, Chiang Rai Province 57150
- Phone: 053-777-213
Saraburi Medical Co., Ltd.
Kasemrad Saraburi Hospital
- Address:2/22 Mittraphap Road, Pak Priao Subdistrict, Mueang Saraburi District, Saraburi Province 18000
- Phone: 036-315-555
Navanakorn Medical Co., Ltd.
Karunvej Pathumthani Hospital
- Address:98 Moo 13, Phahonyothin Road, Khlong Nueng Subdistrict, Khlong Luang District, Pathum Thani Province 12120
- Phone: 02-529-4533
Karunvej Ayutthaya Hospital
- Address:61/9 Moo 4, Khlong Chik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya Province 13160
- Phone: 035-315-100
Sothornvejkit Co., Ltd.
Kasemrad Chachoengsao Hospital
- Address:29 Moo 3, Suwinthawong Road, Na Mueang Subdistrict, Mueang Chachoengsao District, Chachoengsao Province 24000
- Phone: 038-812-702
Kasemrad Prachinburi Hospital
- Address:766 Moo 10, Tha Tum Subdistrict, Si Maha Phot District, Prachinburi Province 25140
- Phone: 037-627-000
Bangkok Chain Management Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Branch (1)
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Bangkok Chain Laboratory and Pathology Clinic
- Address:141 Moo 12, Bang Rak Pattana Subdistrict, Bang Bua Thong, Nonthaburi 11120
- Phone: 02-080-9445
Bangkok Chain International (Lao) Co., Ltd.
Kasemrad International Vientiane Hospital
- Address:999 450th Anniversary Road, Ban Don Nok Koom, Xaysetha District, Vientiane Capital, Lao PDR
- Phone: +85621 833333
Kasemrad Aree Radiation Oncology Center Co., Ltd.
Kasemrad Aree Specialized Radiation Oncology Clinic
Head Office
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9983
Health Chain Innotech Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9912
Bangkok Chain Dental Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9985
Personal Data Protection Policy For Job Applicants and Medical Organization Membership Applicants
Bangkok Chain Hospital Public Company Limited (“BCH”), together with its affiliated companies as listed in Appendix 1 and any other companies that may be added in the future (which will be notified accordingly) (collectively referred to as the “Affiliates”), are healthcare providers operating the following hospital groups:
- (a) World Medical Hospital Group,
- (b) Kasemrad International Hospital Group,
- (c) Kasemrad Hospital Group, and
- (d) Karunvej Hospital Group. They also provide services through polyclinics and other related businesses.
Hereinafter, BCH and its Affiliates shall be collectively referred to as the “Company Group.”
Recognizing the importance of your privacy and being committed to upholding high standards of practice and personal data protection, the Company Group has issued this Personal Data Protection Policy for Job Applicants and Medical Organization Membership Applicants (“Personal Data Protection Policy”).
This policy aims to ensure that the collection, use, and disclosure of personal data are conducted in compliance with the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”).
This Personal Data Protection Policy applies to the protection of your personal data in the following capacities:
Job applicants and applicants for membership in the medical organization who are applying or are in the process of being considered for employment with the Company Group (“Applicants”); and
Related persons of the Applicants and medical organization membership applicants, such as family members, father, mother, spouse, children, relatives, emergency contacts, referees, insurance brokers, or former colleagues (“Related Persons”).
1. Types of Personal Data
“Personal Data” means any information relating to an identified or identifiable individual, whether directly or indirectly, but does not include information of deceased persons or other personal data specifically exempted under the PDPA.
For Applicants: The personal data that the Group of Companies may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | Sensitive Personal Data |
|
| 3. | Contact Information |
|
| 4. | Financial Information |
|
| 5. | Educational Qualification Information |
|
If you are a related person, the personal data that the Group of Companies may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | Contact Information | (a) Telephone number |
| 3. | Financial Information | (a) Salary and compensation |
If you wish to work, enter into a contract, or engage in any legal relationship with the Group of Companies, the Group of Companies is required to collect your personal data. In the event that you do not provide your personal data to the Group of Companies, the Group may be unable to enter into a contract with you, carry out any actions you request, or perform its obligations under such contract, agreement, or legal relationship. Additionally, the Group may be unable to comply with legal requirements applicable to its operations.
If you provide personal data of another individual to the Group of Companies, you confirm that such individual has reviewed this Personal Data Protection Policy and has given consent for the processing of their personal data in accordance with this policy (in cases where there is no lawful basis for processing). You are required to submit a consent letter from such individual to the Group of Companies upon request.
2. Personal Data Collected Prior to the Personal Data Protection Act (PDPA)
For personal data collected prior to 1 June 2022, the Group of Companies will handle such personal data in accordance with the provisions of the Personal Data Protection Act. If you do not wish the Group to continue collecting or using such personal data, you may withdraw your consent at any time by contacting the Group of Companies or the Data Protection Officer as specified in Section 9.
3. Collection of Personal Data
The Group of Companies may collect your personal data directly from you or from other sources as follows:
- 3.1 Affiliate companies
- 3.2 Employment service providers or job portal websites, such as www.jobsdb.com, www.jobbkk.com, www.jobthai.com, etc.
- 3.3 Individuals related to you, such as references, previous employers, previous educational institutions, training institutions, professional councils, former colleagues, family members, parents, spouse, children, relatives, emergency contacts, references, or insurance agents.
- 3.4 In cases where you are a related person, the Group of Companies may receive your data from the applicant.
- 3.5 Public sources, such as company websites, government agencies, regulatory authorities, or social media platforms.
4. Retention Period of Personal Data
The Group of Companies will retain your personal data only as long as necessary to achieve the purposes outlined in this Personal Data Protection Policy, and in any case, no longer than the period specified below. However, the Group may continue to retain your personal data for as long as:
- (a) permitted under the Personal Data Protection Act and/or other applicable laws;
- (b) you and the Group of Companies continue to have a legal relationship;
- (c) the Group of Companies has a legal obligation to retain the personal data;
- (d) you have provided consent to the Group of Companies; and/or
- (e) retention is necessary under the framework of applicable law to achieve the purposes of processing under this Personal Data Protection Policy.
| No. | Data Subject | Retention Period |
|---|---|---|
| 4.1 | Applicants and Related Parties (in cases where they do not join or work with the Group of Companies) | No longer than 2 years from the date the data is received |
5. Purpose of Personal Data Processing
Your personal data will be collected, used, and disclosed for the purposes specified below, or for purposes to which you have given your consent, or as required under the Personal Data Protection Act and/or other applicable laws.
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
|---|---|---|---|---|
| Applicants | ||||
| 5.1 | For recruitment, application, and selection purposes through the Group’s E-Recruitment website, directly with the Group, or via employment service providers or job portal websites, in order to contact, communicate, schedule, conduct interviews, assess competencies, verify qualifications, and evaluate suitability for the applied position, as well as to propose other suitable positions to applicants for consideration to join the Group of Companies. |
|
(a) Contract | Consent |
| 5.2 | For the purpose of disclosing and transferring the applicant’s information to the group’s affiliated companies involved in recruitment, for the consideration of potential employment. |
|
Consent | Consent |
| 5.3 | To record computer traffic data (Log Files) | (a) Username used to log in to the E-Recruitment system | Consent | Consent |
| Reference person | ||||
| 5.4 | For use as a reference and to verify the qualifications, background, and competency information of the applicant. |
|
Consent |
6. Disclosure of Personal Data to External Parties
The Group may disclose your personal data to external parties and/or government agencies as follows:
- 6.1 Affiliate Companies
- 6.2 Individuals related to the applicant, including references, previous employers, former educational institutions, training institutions, professional councils, and individuals who have previously worked with you.
7. Your Rights
You have the rights as prescribed under the Personal Data Protection Act (PDPA) as follows:
7.1 Right of Access and Request for Copy:
You have the right to access or request a copy of your personal data collected, used, or disclosed by the Group, including information obtained without your consent.
7.2 Right to Receive and Transfer Personal Data:
You have the right to receive your personal data in a commonly readable or usable format through automated means and may request the Group to transfer or send your personal data to an external party, or to receive personal data that the Group has transferred to an external party, unless technically impossible. This applies to personal data collected, used, or disclosed based on your consent, under a contract, or other legal basis.
7.3 Right to Object:
You have the right to object to the collection, use, or disclosure of your personal data when the Group processes it based on public interest, legitimate interests, or for purposes such as direct marketing, scientific, historical, or statistical research.
7.4 Right to Request Deletion:
You have the right to request the Group to delete or destroy your personal data or render it anonymous for certain reasons.
7.5 Right to Request Suspension:
You have the right to request the Group to suspend the use of your personal data when the Group is verifying your request to correct personal data, or when you object to the collection, use, or disclosure of your data. You may request suspension instead of deletion if the personal data is no longer necessary but you want the data retained for establishing, exercising, or defending legal claims.
7.6 Right to Rectification:
You have the right to request the Group to correct your personal data to ensure accuracy, currency, and prevent misleading information.
7.7 Right to Lodge a Complaint:
You have the right to lodge a complaint with the Personal Data Protection Committee of Thailand if the Group, its employees, or contractors violate or fail to comply with the PDPA.
7.8 Right to Withdraw Consent:
You have the right to withdraw consent given to the Group at any time, either partially or fully, following the procedures set by the Group. Withdrawal of consent will not affect the lawfully collected, used, or disclosed personal data before the withdrawal.
You may exercise these rights by contacting the Group or the Data Protection Officer as detailed in Section 9.
The withdrawal of consent may affect the Group’s ability to fulfill certain requests or may reduce convenience in certain services. However, it will not affect the collection, use, or disclosure of personal data that was lawfully consented to before the withdrawal.
To protect and safeguard personal data, the Group may refuse your request if:
(a) The requester cannot provide proof of being the data owner or authority to request, or the Group does not receive sufficient information to act on the request.
(b) The request is unreasonable, e.g., the requester has no legal rights or the Group does not possess such data.
(c) The request is excessive or repetitive without reasonable cause.
(d) The Group is entitled to refuse your request as provided by the PDPA or other applicable laws.
8. Privacy Policy
The Group has published a Privacy Policy that outlines general information regarding the collection, use, and disclosure of all types of personal data of data subjects, as well as other details such as cross-border data transfers, cookies, and personal data security measures.
The provisions in the Privacy Policy are supplementary to this Personal Data Protection Policy and do not cancel, replace, or modify any provisions herein. In the event of any conflict or inconsistency, the provisions in the Personal Data Protection Policy shall prevail, as the Group has provided this policy for your specific review and consent.
For more details, please review the Privacy Policy at: www.bangkokchainhospital.com
9. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- (a) The Group’s Data Protection Officer using the contact details below, and
- (b) The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Siburind Medical Co., Ltd.
Kasemrad Sriburind Hospital
- Address:111/5 Moo 13, San Sai Subdistrict, Mueang Chiang Rai District, Chiang Rai Province 57000
- Phone: 053-910-999
Kasemrad Maesai Hospital
- Address:952 Moo 1, Wiang Pang Kha Subdistrict, Mae Sai District, Chiang Rai Province 57130
- Phone: 053-731-391
Kasemrad Sriburind Clinic, Chiang Saen Branch
- Address:339 Moo 6, Wiang Subdistrict, Chiang Saen District, Chiang Rai Province 57150
- Phone: 053-777-213
Saraburi Medical Co., Ltd.
Kasemrad Saraburi Hospital
- Address:2/22 Mittraphap Road, Pak Priao Subdistrict, Mueang Saraburi District, Saraburi Province 18000
- Phone: 036-315-555
Navanakorn Medical Co., Ltd.
Karunvej Pathumthani Hospital
- Address:98 Moo 13, Phahonyothin Road, Khlong Nueng Subdistrict, Khlong Luang District, Pathum Thani Province 12120
- Phone: 02-529-4533
Karunvej Ayutthaya Hospital
- Address:61/9 Moo 4, Khlong Chik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya Province 13160
- Phone: 035-315-100
Sothornvejkit Co., Ltd.
Kasemrad Chachoengsao Hospital
- Address:29 Moo 3, Suwinthawong Road, Na Mueang Subdistrict, Mueang Chachoengsao District, Chachoengsao Province 24000
- Phone: 038-812-702
Kasemrad Prachinburi Hospital
- Address:766 Moo 10, Tha Tum Subdistrict, Si Maha Phot District, Prachinburi Province 25140
- Phone: 037-627-000
Bangkok Chain Management Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Branch (1)
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Bangkok Chain Laboratory and Pathology Clinic
- Address:141 Moo 12, Bang Rak Pattana Subdistrict, Bang Bua Thong, Nonthaburi 11120
- Phone: 02-080-9445
Bangkok Chain International (Lao) Co., Ltd.
Kasemrad International Vientiane Hospital
- Address:999 450th Anniversary Road, Ban Don Nok Koom, Xaysetha District, Vientiane Capital, Lao PDR
- Phone: +85621 833333
Kasemrad Aree Radiation Oncology Center Co., Ltd.
Kasemrad Aree Specialized Radiation Oncology Clinic
Head Office
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9983
Health Chain Innotech Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9912
Bangkok Chain Dental Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9985
Personal Data Protection Policy for Shareholders, Investors, and Directors
Bangkok Chain Hospital Public Company Limited (“BCH”) and its affiliated companies as listed in Annex 1, as well as any future affiliates (which will be notified accordingly) (“Affiliated Companies”), operating the following hospital groups:
- (a) World Medical Group,
- (b) Kasemrad International Hospital Group,
- (c) Kasemrad Hospital Group, and
- (d) Karunvej Hospital Group, including the provision of multispecialty clinics and other related businesses (collectively referred to as “the Group”), value your privacy and are committed to maintaining high standards in operational practices and personal data protection.
This Personal Data Protection Policy for Shareholders, Investors, and Directors (“Policy”) is established to ensure that the collection, use, and disclosure of personal data are in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”).
This Policy applies to the protection of your personal data in the capacity of:
Shareholders and Investors: Shareholders and debenture holders of the Group, including representatives of legal entities, authorized persons, and proxies of such individuals (“Shareholders and Investors”).
Directors and Executives: Directors and executives of the Group (“Directors and Executives”).
Related Persons: Individuals related to Shareholders, Investors, Directors, and Executives, such as family members, parents, spouses, children, heirs, estate managers, or witnesses to any contractual documents (“Related Persons”).
1. Types of Personal Data
“Personal Data” means any information relating to an identified or identifiable individual, whether directly or indirectly, and does not include the personal data of deceased persons or any other personal data specifically exempted under the PDPA.
1.1 For Shareholders and Investors
The personal data that the Group may collect from you includes the following:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | Financial, Investment, and Transaction Data |
|
| 3. | Contact Information | Address |
| 4. | Sensitive Personal Data | (a) Body temperature, travel history related to health information, and symptoms of communicable diseases. |
1.2 If you are a director or executive, the personal data that the Group may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | Contact Information |
|
| 3. | Educational Qualification Information |
|
| 4. | “Financial, investment, and transaction information” |
|
| 5. | Sensitive Personal Data |
|
1.3 If you are a related person, the personal data that the Group may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | "Investment and Transaction Information" |
|
| 3. | “Contact Information” | Address |
If you wish to work, enter into a contract, or engage in any legal relationship with the Group, the Group needs to collect your personal data. If you do not provide your personal data to the Group, the Group may not be able to enter into a contract with you, carry out any requests you make, or perform its obligations under the contract, agreement, or legal relationship. In addition, the Group may be unable to comply with any legal requirements it must follow.
If you provide personal data of another individual to the Group, you confirm that such individual has reviewed this Personal Data Protection Policy and has given consent for the processing of their personal data under this Policy (in cases where there is no other legal basis for processing). You must submit the written consent of such individual to the Group upon the Group’s request.
2. Personal Data Collected Prior to the Enforcement of the Personal Data Protection Act
For personal data collected prior to June 1, 2022, the Group will process such personal data in accordance with the Personal Data Protection Act (PDPA). If you do not wish the Group to continue collecting or using such personal data, you may withdraw your consent at any time by contacting the Group or the Data Protection Officer as detailed in Section 9.
3. Collection of Personal Data
The Group may collect your personal data directly from you or from other sources as follows:
- 3.1 Affiliate companies
- 3.2 Registrars, such as the Thailand Securities Depository Company Limited
- 3.3 Public sources, such as company websites, government agencies, and regulatory authorities, including the Office of the Securities and Exchange Commission and the Stock Exchange of Thailand
- 3.4 In the case that you are a related party of a director or executive, the Group may collect your information from the directors and executives.
4. Retention Period of Personal Data
The Group will retain your personal data for as long as necessary to achieve the purposes set out in this Personal Data Protection Policy, but not exceeding 10 years from the termination of your status as a director, executive, shareholder, or investor. However, the Group may retain your personal data beyond this period as long as:
- (a) permitted by the Personal Data Protection Act (PDPA) and/or other applicable laws;
- (b) you and the Group continue to have a legal relationship;
- (c) the Group has a legal duty to retain the personal data;
- (d) you have provided consent to the Group; and/or
- (e) it is necessary under the law to achieve the purposes of processing under this Personal Data Protection Policy.
5. Purpose of Personal Data Processing
Your personal data will be collected, used, and disclosed for the purposes outlined below, or for purposes for which you have provided consent, or as required by the Personal Data Protection Act (PDPA) and/or other applicable laws.
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
|---|---|---|---|---|
| Shareholders and Investors, including Related Parties | ||||
| 5.1 | Actions Taken Regarding You as a Shareholder and Investor
|
Shareholders and Investors
|
|
- |
| 5.2 | Legal compliance
|
Shareholders and Investors
|
Legal compliance | Legal compliance |
| 5.3 | Legitimate Interests
|
Shareholders and Investors
|
Legitimate Interests | - |
| 5.4 |
|
Related Persons
|
Law | - |
| Directors and Executives, including Related Persons | ||||
| 5.5 | Contracts
|
Directors and Executives
|
Contract | - |
| 5.6 | Compliance with the Law
|
Directors and Executives
|
Legal compliance | Legal compliance |
| 5.7 | Legitimate Interests
|
Directors and Executives
|
Legitimate Interests | - |
6. Disclosure of Personal Data to External Parties
The Group may disclose your personal data to external parties and/or government authorities as follows:
- 6.1 Affiliates
- 6.2 Commercial banks
- 6.3 Auditors and internal auditors, including various advisors such as legal, accounting, and tax consultants
- 6.4 Government or regulatory authorities, such as the Stock Exchange of Thailand, the Office of the Securities and Exchange Commission, the Revenue Department, the Department of Business Development, Thai Institute of Directors Association, and courts
- 6.5 Shareholders or investors
- 6.6 The general public, and visitors to the Group’s websites, social media, or applications
- 6.7 Service providers, such as document or printing service providers, newspapers, event management contractors (both physical and online), etc.
- 6.8 The Group’s contracting parties
- 6.9 Registrars, such as Thailand Securities Depository Co., Ltd.
7. Your Rights
You have the rights as prescribed under the Personal Data Protection Act (PDPA), subject to the conditions and limitations set forth by the PDPA and other applicable laws:
7.1 Right to Access and Receive a Copy: You have the right to access or request a copy of your personal data collected, used, or disclosed by the Group, and to request disclosure of how your personal data was obtained without your consent.
7.2 Right to Receive and Transfer Personal Data: You have the right to receive your personal data in a format that is generally readable or usable by automated means and can be used or disclosed automatically. You may also request the Group to send or transfer your personal data to an external party or to receive data that the Group has transferred to an external party, unless technically impossible. This applies only to personal data collected, used, or disclosed with your consent, under a contract, or based on other legal grounds.
7.3 Right to Object: You have the right to object to the collection, use, and disclosure of your personal data when the Group is processing data based on legitimate public interest, lawful interest, or for purposes related to direct marketing, scientific, historical, or statistical research.
7.4 Right to Request Deletion: You have the right to request that the Group delete, destroy, or anonymize your personal data.
7.5 Right to Request Suspension: You have the right to request that the Group suspend the use of your personal data if your request for correction, objection to collection/use/disclosure, or request for suspension in lieu of deletion is under review. You may also request suspension if the data is no longer necessary but should be retained for establishing, exercising, or defending legal claims.
7.6 Right to Rectification: You have the right to request that the Group correct your personal data to ensure it is accurate, current, and not misleading.
7.7 Right to File a Complaint: You have the right to file a complaint with the Personal Data Protection Committee of Thailand if the Group, its employees, or contractors violate or fail to comply with the PDPA.
7.8 Right to Withdraw Consent: You have the right to withdraw any consent previously given to the Group at any time, either partially or entirely, following the procedures prescribed by the Group. Withdrawal of consent will not affect the lawfulness of processing based on prior consent.
You may exercise these rights by contacting the Group or its Data Protection Officer as specified in Section 9.
Withdrawal of consent may affect the Group’s ability to process certain requests or may reduce convenience to you. However, withdrawing consent will not affect the lawful collection, use, or disclosure of your personal data based on consent already granted.
For the protection and security of your personal data, the Group may refuse your request if:
- (a) The requester cannot provide evidence of being the data subject or lacks authority to make the request, or the Group does not receive sufficient information to process the request;
- (b) The request is unreasonable, such as requesting data that the requester has no legal right to or that the Group does not possess;
- (c) The request is excessive or repetitive without justification; or
- (d) The Group has the legal right to refuse the request under the PDPA or other applicable laws.
8. Privacy Policy
The Group has published a Privacy Policy that outlines general information regarding the collection, use, and disclosure of all types of personal data of data subjects, as well as other details such as cross-border data transfers, cookies, and personal data security measures.
The provisions in the Privacy Policy are supplementary to this Personal Data Protection Policy and do not cancel, replace, or modify any provisions herein. In the event of any conflict or inconsistency, the provisions in the Personal Data Protection Policy shall prevail, as the Group has provided this policy for your specific review and consent.
For more details, please review the Privacy Policy at: www.bangkokchainhospital.com
9. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- (a) The Group’s Data Protection Officer using the contact details below, and
- (b) The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Siburind Medical Co., Ltd.
Kasemrad Sriburind Hospital
- Address:111/5 Moo 13, San Sai Subdistrict, Mueang Chiang Rai District, Chiang Rai Province 57000
- Phone: 053-910-999
Kasemrad Maesai Hospital
- Address:952 Moo 1, Wiang Pang Kha Subdistrict, Mae Sai District, Chiang Rai Province 57130
- Phone: 053-731-391
Kasemrad Sriburind Clinic, Chiang Saen Branch
- Address:339 Moo 6, Wiang Subdistrict, Chiang Saen District, Chiang Rai Province 57150
- Phone: 053-777-213
Saraburi Medical Co., Ltd.
Kasemrad Saraburi Hospital
- Address:2/22 Mittraphap Road, Pak Priao Subdistrict, Mueang Saraburi District, Saraburi Province 18000
- Phone: 036-315-555
Navanakorn Medical Co., Ltd.
Karunvej Pathumthani Hospital
- Address:98 Moo 13, Phahonyothin Road, Khlong Nueng Subdistrict, Khlong Luang District, Pathum Thani Province 12120
- Phone: 02-529-4533
Karunvej Ayutthaya Hospital
- Address:61/9 Moo 4, Khlong Chik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya Province 13160
- Phone: 035-315-100
Sothornvejkit Co., Ltd.
Kasemrad Chachoengsao Hospital
- Address:29 Moo 3, Suwinthawong Road, Na Mueang Subdistrict, Mueang Chachoengsao District, Chachoengsao Province 24000
- Phone: 038-812-702
Kasemrad Prachinburi Hospital
- Address:766 Moo 10, Tha Tum Subdistrict, Si Maha Phot District, Prachinburi Province 25140
- Phone: 037-627-000
Bangkok Chain Management Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Branch (1)
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Bangkok Chain Laboratory and Pathology Clinic
- Address:141 Moo 12, Bang Rak Pattana Subdistrict, Bang Bua Thong, Nonthaburi 11120
- Phone: 02-080-9445
Bangkok Chain International (Lao) Co., Ltd.
Kasemrad International Vientiane Hospital
- Address:999 450th Anniversary Road, Ban Don Nok Koom, Xaysetha District, Vientiane Capital, Lao PDR
- Phone: +85621 833333
Kasemrad Aree Radiation Oncology Center Co., Ltd.
Kasemrad Aree Specialized Radiation Oncology Clinic
Head Office
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9983
Health Chain Innotech Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9912
Bangkok Chain Dental Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9985
Personal Data Protection Policy for Business Partners
Bangkok Chain Hospital Public Company Limited (“BCH”) and its affiliated companies listed in Annex 1, as well as any other companies that may be included in the future (which will be notified accordingly) (“Affiliated Companies”), which operate hospital services in the following groups:
- (a) World Medical Hospital Group
- (b) Kasemrad International Hospital Group
- (c) Kasemrad Hospital Group
- (d) Karunvej Hospital Group and also provide services for multi-clinics and other businesses (collectively referred to as “the Group”), value your privacy and are committed to maintaining high standards of operations and personal data protection. Therefore, the Group has established this Personal Data Protection Policy for Business Partners (“Personal Data Protection Policy”) to ensure that the collection, use, or disclosure of personal data is conducted in compliance with the Personal Data Protection Act B.E. 2562 (“PDPA”).
This Personal Data Protection Policy applies to the protection of personal data of individuals in the following capacities:
Business partners, contractors, and/or commercial partners who are natural persons, including service providers, contractors, space lessees, parking lot lessees, insurance agents, agencies, and other service providers (“Business Partners”).
Directors, authorized representatives, agents, contacts, or personnel of business partners who are legal entities, including medical personnel of other healthcare facilities (“Corporate Partner Representatives”).
Personnel of business partners under labor outsourcing agreements, such as security personnel and cleaning staff (“Business Partner Personnel”).
Individuals related to business partners, such as witnesses in contracts (“Related Individuals”).
1. Types of Personal Data
“Personal Data” means any information relating to an identifiable individual, directly or indirectly, but does not include data of deceased persons or other personal data as specified under the PDPA.
The personal data that the Group may collect from you includes:
| No. | Types of Personal Data | Details |
|---|---|---|
| 1. | Identifiable Information |
|
| 2. | Sensitive Personal Data |
|
| 3. | Contact Information |
|
| 4. | Financial Information |
|
| 5. | Educational Qualification Information |
|
| 6. | Information System Data |
|
If you wish to cooperate, enter into a contract, or establish any legal relationship with the Group, it is necessary for the Group to collect your personal data. If you do not provide your personal data to the Group, the Group may be unable to enter into a contract with you, proceed with any requested actions, perform its obligations under such contract, agreement, or legal relationship, or comply with applicable legal requirements to which the Group is subject.
In the event that you provide the Group with personal data of another person, you confirm that such individual has reviewed this Personal Data Protection Policy and has consented to the processing of their personal data in accordance with this Policy (in cases where there is no other legal basis for processing). You are also required to submit the written consent of such individual to the Group upon request.
2. Personal Data Collected Before the PDPA Took Effect
For personal data collected before 1 June 2022, the Group will handle such personal data in accordance with the requirements set forth in the Personal Data Protection Act. Should you wish to withdraw your consent for the Group to continue collecting and using such personal data, you may do so at any time by contacting the Group or the Data Protection Officer as specified in Section 9.
3. Collection of Personal Data
The Group may collect your personal data directly from you or from other sources, including but not limited to:
- 3.1 Affiliated companies
- 3.2 Insurance companies
- 3.3 Other insurance agents
- 3.4 Labor outsourcing contractors of the Group, such as security and cleaning service companies
- 3.5 Corporate business partners or their representatives
- 3.6 External service providers, such as laboratory service providers
- 3.7 Public sources, such as company websites, government agencies, regulators, or social media
4. Retention Period of Personal Data
The Group will retain your personal data for as long as necessary to fulfill the purposes stated in this Personal Data Protection Policy, and not exceeding 10 years after the termination of the legal relationship between you and the Group.
However, the Group may continue to retain your personal data as long as:
- (a) it is permitted by the Personal Data Protection Act and/or other applicable laws;
- (b) the legal relationship between you and the Group remains in effect;
- (c) the Group has a legal obligation to retain the personal data;
- (d) you have given your consent to the Group; and/or
- (e) it is necessary under the legal framework to achieve the purposes stated in this Personal Data Protection Policy.
5. Purposes of Personal Data Processing
Your personal data may be collected, used, and disclosed for the purposes stated below, for which you have given consent, or as permitted under the Personal Data Protection Act and/or other applicable laws.
| No. | Objectives | Personal Data | Legal basis under Section 24 | Legal basis under Section 26 |
|---|---|---|---|---|
| 5.1 | Contract To recruit, select, and evaluate business partners for the purpose of entering into a contract with the Group, performing obligations under such contract, and ensuring the proper execution of contractual duties, including:
|
Business Partners
|
|
- |
| 5.2 | Legal Compliance
|
Business Partners / Corporate Partner Representatives / Business Partner Personnel / Related Individuals Types of Personal Data:
|
Legal Obligation | - |
| 5.3 | Legitimate Interests
|
|
Legitimate Interests | - |
| 5.4 | Management of business partner personnel
|
Business partner personnel
|
Legitimate Interests | Consent |
| 5.5 |
|
Business Partners
|
Legitimate Interests |
6. Disclosure of Personal Data to External Parties
The Group may disclose your personal data to external parties and/or government agencies as follows:
- 6.1 Affiliated companies of the Group
- 6.2 Auditors and internal auditors, including various advisors such as legal, accounting, and tax consultants
- 6.3 Government agencies, such as the Revenue Department
- 6.4 Courts, police officers, and claimants
- 6.5 Commercial banks
- 6.6 External service providers, such as IT service providers
- 6.7 Certification and accreditation organizations, such as Joint Commission International (JCI), Hospital Accreditation Institute (Public Organization), ISO Certification Institutes (MASCI), and professional standard accreditation institutes, etc.
- 6.8 Individuals related to you, such as your employer
7. Your Rights
You have the rights as provided under the Personal Data Protection Act (PDPA), subject to the conditions and criteria set forth in the PDPA and other relevant laws:
7.1 Right to Access and Obtain Copies:
You have the right to access or request a copy of your personal data collected, used, or disclosed by the Group, and to request disclosure of personal data obtained without your consent.
7.2 Right to Receive and Transfer Personal Data:
You have the right to receive your personal data in a format that is commonly readable or usable by automated tools or devices, and you may request the Group to transmit or transfer your personal data to an external party, or to receive personal data that the Group has sent or transferred to an external party, unless technically infeasible. This applies only to personal data that has been collected, used, or disclosed with your consent, under a contract, or based on other legal grounds.
7.3 Right to Object:
You have the right to object to the collection, use, and disclosure of your personal data where the Group processes your data based on public interest, legitimate interests, or for purposes of direct marketing, scientific, historical, or statistical research.
7.4 Right to Request Deletion:
You have the right to request that the Group delete or destroy your personal data, or render your personal data anonymous so that it can no longer identify you.
7.5 Right to Request Suspension:
You have the right to request that the Group suspend the use of your personal data while your request to correct, update, or object to the collection, use, or disclosure of your personal data is being verified; or if you request suspension instead of deletion; or if your personal data is no longer necessary but you request it to be retained for the establishment, exercise, or defense of legal claims.
7.6 Right to Rectification:
You have the right to request the Group to correct your personal data to ensure it is accurate, current, and not misleading.
7.7 Right to Lodge a Complaint:
You have the right to lodge a complaint with the Personal Data Protection Committee of Thailand if the Group or its employees or contractors violate or fail to comply with the PDPA.
7.8 Right to Withdraw Consent:
You have the right to withdraw any consent you have provided to the Group at any time, either partially or entirely, following the procedures set by the Group. Withdrawal of consent will not affect any collection, use, or disclosure of your personal data carried out lawfully prior to the withdrawal.
You may exercise these rights by contacting the Group or the Data Protection Officer as specified in Section 9.
Withdrawal of consent may result in the Group being unable to perform certain requests or may reduce the convenience of services provided to you. Withdrawal of consent will not affect any collection, use, or disclosure of personal data that was already lawfully processed.
For the benefit of personal data owners and to ensure strict protection of personal data, the Group may refuse to comply with your request if:
- (a) The requester cannot provide evidence confirming they are the data subject or authorized to make the request, or if the Group does not receive sufficient information to act on the request;
- (b) The request is unreasonable, such as if the requester has no legal right or the Group does not hold the personal data requested;
- (c) The request is excessive or repetitive without reasonable cause;
- (d) The Group is entitled to refuse the request under the PDPA and/or other applicable laws.
8. Privacy Policy
The Group has published a Privacy Policy that outlines general information regarding the collection, use, and disclosure of all types of personal data of data subjects, as well as other details such as cross-border data transfers, cookies, and personal data security measures.
The provisions in the Privacy Policy are supplementary to this Personal Data Protection Policy and do not cancel, replace, or modify any provisions herein. In the event of any conflict or inconsistency, the provisions in the Personal Data Protection Policy shall prevail, as the Group has provided this policy for your specific review and consent.
For more details, please review the Privacy Policy at: www.bangkokchainhospital.com
9. Contacting the Group
If you have any questions or wish to inquire further about this Personal Data Protection Policy or other activities of the Group, including exercising your rights as specified in Section 11, you may contact:
- (a) The Group’s Data Protection Officer using the contact details below, and
- (b) The Group, as detailed in Attachment 1.
Data Protection Officer
- To: Data Protection Officer
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi 11120
- Phone: 02-836-9999
- Email: dpo@bangkokchainhospital.com
This Privacy Policy was reviewed and came into effect on May 14, 2024.
Attachment 1
List of Bangkok Chain Hospital Group Companies and Contact Addresses
Bangkok Chain Hospital Public Company Limited
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
World Medical Hospital
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Kasemrad Bangkae Hospital
- Address:586, 588 Phetkasem Road, Bangkae Nuea Subdistrict, Bangkae District, Bangkok 10160
- Phone: 02-804-8959
Kasemrad Prachachuen Hospital
- Address:950 Prachachuen Road, Wongsawang Subdistrict, Bang Sue District, Bangkok 10800
- Phone: 02-910-1600
Kasemrad Rattanathibet Hospital
- Address:58 Moo 15, Bang Rak Pattana Subdistrict, Bang Bua Thong District, Nonthaburi Province 11110
- Phone: 02-921-3400
Kasemrad Ramkhamhaeng Hospital
- Address:99/9 Ramkhamhaeng Road, Saphan Sung Subdistrict, Saphan Sung District, Bangkok 10240
- Phone: 02-339-0000
Kasemrad International Aranyaprathet Hospital
- Address:885 Moo 5, Ban Mai Nong Sai Subdistrict, Aranyaprathet District, Sa Kaeo Province 27120
- Phone: 037-640-000
Rattanathibet Hospital Co., Ltd.
Kasemrad International Rattanathibet Hospital
- Address:60 Moo 6, Sao Thong Hin Subdistrict, Bang Yai District, Nonthaburi Province 11140
- Phone: 02-594-0020
Siburind Medical Co., Ltd.
Kasemrad Sriburind Hospital
- Address:111/5 Moo 13, San Sai Subdistrict, Mueang Chiang Rai District, Chiang Rai Province 57000
- Phone: 053-910-999
Kasemrad Maesai Hospital
- Address:952 Moo 1, Wiang Pang Kha Subdistrict, Mae Sai District, Chiang Rai Province 57130
- Phone: 053-731-391
Kasemrad Sriburind Clinic, Chiang Saen Branch
- Address:339 Moo 6, Wiang Subdistrict, Chiang Saen District, Chiang Rai Province 57150
- Phone: 053-777-213
Saraburi Medical Co., Ltd.
Kasemrad Saraburi Hospital
- Address:2/22 Mittraphap Road, Pak Priao Subdistrict, Mueang Saraburi District, Saraburi Province 18000
- Phone: 036-315-555
Navanakorn Medical Co., Ltd.
Karunvej Pathumthani Hospital
- Address:98 Moo 13, Phahonyothin Road, Khlong Nueng Subdistrict, Khlong Luang District, Pathum Thani Province 12120
- Phone: 02-529-4533
Karunvej Ayutthaya Hospital
- Address:61/9 Moo 4, Khlong Chik Subdistrict, Bang Pa-In District, Phra Nakhon Si Ayutthaya Province 13160
- Phone: 035-315-100
Sothornvejkit Co., Ltd.
Kasemrad Chachoengsao Hospital
- Address:29 Moo 3, Suwinthawong Road, Na Mueang Subdistrict, Mueang Chachoengsao District, Chachoengsao Province 24000
- Phone: 038-812-702
Kasemrad Prachinburi Hospital
- Address:766 Moo 10, Tha Tum Subdistrict, Si Maha Phot District, Prachinburi Province 25140
- Phone: 037-627-000
Bangkok Chain Management Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Branch (1)
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9999
Bangkok Chain Laboratory and Pathology Clinic
- Address:141 Moo 12, Bang Rak Pattana Subdistrict, Bang Bua Thong, Nonthaburi 11120
- Phone: 02-080-9445
Bangkok Chain International (Lao) Co., Ltd.
Kasemrad International Vientiane Hospital
- Address:999 450th Anniversary Road, Ban Don Nok Koom, Xaysetha District, Vientiane Capital, Lao PDR
- Phone: +85621 833333
Kasemrad Aree Radiation Oncology Center Co., Ltd.
Kasemrad Aree Specialized Radiation Oncology Clinic
Head Office
- Address:223/2 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9983
Health Chain Innotech Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9912
Bangkok Chain Dental Co., Ltd.
Head Office
- Address:44 Moo 4, Pak Kret Subdistrict, Pak Kret District, Nonthaburi Province 11120
- Phone: 02-836-9985