Due to the Personal Data Protection Act of 2019, Vichaiyut Company Limited, as the operator of Vichaiyut Hospital and Vichaiyut Medical Center (“we” or “Vichaiyut Hospital and Medical Center”), is committed to conducting business with integrity and respecting your privacy rights. We are dedicated to protecting your privacy, including the collection, use, disclosure, processing, and safeguarding of personal data provided by you to us, whether directly or indirectly, during your visit to our website https://www.vichaiyut.com, use of our applications, or receipt of services from us. This Personal Data Protection Policy covers any information that directly or indirectly identifies you, whether received directly from you or indirectly from third parties. For your health-related personal data, beyond compliance with this policy, we will adhere to the regulations, laws, proclamations, orders, or rules of the relevant supervisory authority, including any amendments or additions. As the data controller for your personal data, we have established this Personal Data Protection Policy as part of the terms and conditions for using our website and applications, as well as receiving our services. By using these services each time, you are deemed to have read and agreed to accept this Personal Data Protection Policy. The details are as follows:

We collect your personal information only as necessary. In cases where you provide information directly to us, whether for requesting services through our website, applications, or other channels, such as appointment scheduling, online transactions, newsletter subscriptions, seeking special assistance, or engaging in offline transactions like hospital registration at the registration counter, we collect information accordingly. Additionally, we may receive your personal information from third parties, such as family members or close associates, our representatives or service providers, or government agencies, if you have given consent to disclose such information or as required by law.

he types of personal information we collect depend on the purposes of processing as outlined in this Personal Data Protection Policy. This includes personal information collected directly from you or from third parties, and may include the following:

• Identity information: Such as name, photograph, gender, date of birth, passport information, national identification number, or other identifying numbers.
• Contact information: Including address, telephone number, online social media contacts, and email.
• Payment information: Details related to payment transactions, credit or debit card information, and bank account details.
• Service usage information: Details about appointments for services, personal information of relatives, preferences for accommodation, food, hotels, and other supplementary services.
• Marketing and communication information: Information related to newsletter subscriptions, event registrations, and marketing activities.
• Statistical information: Such as the number of patients and website visits.
• Website Usage Information: This may include IP address, cookies, and data from our online appointment system.
• Health-related information: Reports regarding physical and mental health, healthcare information, laboratory test results, and diagnoses.
• Medication and allergy information: Details regarding medication use and allergies.
• Job application information: Information related to job applications.
• Feedback and treatment results: Information provided as feedback and results of treatments.
• Closed-Circuit Television (CCTV) recordings: Information captured by CCTV cameras.
• Telephone conversation recordings: Information recorded from telephone conversations.
• Other relevant information: As required by law or with your consent.

We may process your data based on your consent, contractual obligations, or any lawful benefit. The purposes of processing include but are not limited to:

• Providing or delivering our services and accessing your service, whether online or offline.
• Scheduling appointments and sending information or service recommendations from the hospital.
• Coordinating and forwarding information to network hospitals or other healthcare facilities in the case of patient referrals.
• Confirming the identity of service recipients.
• Sending appointment reminders or offering assistance from us.
• Accounting or financial purposes, such as verifying payment through credit cards, billing, and refund verification.
• Personal safety, both during hospital stays and in public spaces, and crime prevention.
• Staff recruitment purposes, including physicians and dentists.
• Compliance with hospital rules.
• Compliance with laws, terms, regulations, or requests from government agencies, such as testifying in court or court orders.
• Other purposes that support the above objectives or have received temporary consent from you.
• Marketing, sales promotion, and customer relationship purposes, such as sending information about promotions, products, and services, promotional campaigns, and partner business. This may involve occasional surveys to gauge your interest.
• Customer satisfaction surveys, market research, and statistical analysis to improve existing products and services or create new ones.
• Communication channels for responding to questions or complaints related to our services, such as service issues, liability claims, or any loss.

We may disclose or transfer your personal data to third parties, whether located within or outside of Thailand, where such countries have adequate data protection standards as required by law, and we will implement necessary and appropriate measures or comply with regulations and laws. This is done for the purposes mentioned above and will involve the following individuals or entities:

• Government agencies, regulatory bodies, and other entities as permitted or stipulated by law.
• Immigration and customs authorities.
• Insurance companies or legal offices in case of disputes, legal claims, or compensation.
• Security and safety authorities and agencies.
• Banks and payment service providers, such as credit card or debit card companies.
• Business partners, such as hotels, car rental companies, insurance companies, program partners for loyalty points and benefits, and other related entities that provide services or respond to the aforementioned purposes.
• Agents, service providers, or partners acting on our behalf, such as information technology service providers.
• Affiliated companies, business partners, and business associates.

Our website and applications may contain links to third-party websites. If you follow these links, this Privacy Policy will not cover the websites of third parties. Therefore, the processing of your personal data by third-party websites is beyond our control, and please be aware that we are not involved in or responsible for the actions of such third parties.

Your personal data will be stored for as long as necessary for the various purposes described in this Privacy Policy, or in accordance with legal requirements, or for legal proceedings. Once the specified period has elapsed, if you do not provide consent for us to continue processing your personal data, we will proceed to destroy that personal data according to our data destruction procedures and will do so promptly.

We will employ appropriate technical measures and management practices to prevent and maintain the security of your personal data that we collect. For internet data encryption, we will limit access to your information regardless of its stored format. Data in document format will only be accessible to personnel who are necessary for processing that personal data and will be stored in locations with access protection systems.

You may contact us/data protection officer/relevant personnel to exercise your rights as follows:

• You have the right to access your information that we store, including requesting copies of the data and requesting the transfer of your personal data that you have provided to us to another data controller or yourself.
• You have the right to object to or suspend the collection, use, or disclosure of your information.
• You have the right to request that we correct inaccurate information or supplement incomplete data, and you may ask us to delete or destroy, or disclose the origin of your information if you have not given consent.
• If you find that we or our personnel use or disclose your information not in accordance with your consent or not in compliance with the law, you have the right to complain to the Personal Data Protection Commission.
• You have the right to withdraw your consent for the processing of personal data as you have given consent to us throughout the period your personal data is with us, except where there are legal limitations on the right to withdraw consent by law or by a contract that is beneficial to you.
• However, withdrawing your consent for the processing of personal data may result in us having insufficient data to achieve the objectives as notified, and you may experience inconvenience in receiving our services.
• Nevertheless, the withdrawal of consent for the processing of any personal data may result in us having insufficient data to process in order to achieve the notified objectives, and you may experience inconvenience in receiving our services.
• We will consider processing your request to exercise your rights within 30 days.

If you wish to exercise any rights under this Personal Data Protection Policy, please do so in writing, along with a copy of supporting documents to verify your identity. If you have any questions, suggestions, or complaints regarding this Personal Data Protection Policy, you can contact the Data Protection Officer at the following address: Vichaiyut Hospital Co., Ltd., 53 Setthasiri Road, Phaya Thai, Bangkok 10400, Thailand. Telephone: 0-2265-7777, Email: medcenter@vichaiyut.com.
The information to be provided to us includes your name, surname, ID card number, or passport number, the subject you wish to inquire about, details of any errors that occurred, your phone number, contact address, and your email address for electronic mail communication.

We may review and temporarily change this privacy policy to align with changes in service and our operations, as well as suggestions and comments from you, including relevant legal requirements. The latest policy will be announced on our website at https://www.vichaiyut.com to inform you of the guidelines we follow in protecting your personal information. This privacy policy has been effective since June 1, 2022.
Vichaiyut Company Limited