Data Protection Policy
Health Link Medic Co., Ltd. (“we” or “us”) highly values the protection of personal data of our customers/data subjects (“you”). This Data Protection Policy (“Policy”) outlines how we collect, use, disclose, and safeguard your personal data during your visit to our website https://healthlinkwellness.com or when you receive our services. This Policy covers any information that can directly or indirectly identify you, whether obtained from you directly or from third parties (“personal data”). In addition to adhering to this Policy, we comply with the Personal Data Protection Act B.E. 2562 and other relevant regulations, announcements, orders, or guidelines issued by regulatory authorities, including any amendments made in the future.
As a data controller, we have established this Policy, which forms part of the terms and conditions for using our website and applications, as well as for accessing our services. By using our services, you are deemed to have read and accepted this Policy, which includes the following details
Collection of Personal Data
We collect personal data from you only as necessary for the purposes specified in this Policy and other lawful purposes. This data may be obtained through our website, mobile applications, or other channels. Additionally, we may receive your personal data from third parties, such as government agencies or private entities, if you have consented to the disclosure or as required by law.
Types of Personal Data We Collect
The types of personal data or other information we collect directly from you or from third parties include
- Identity Information: such as name, surname, national ID/passport number, date of birth, and age.
- Contact Information: such as address, phone number, and email address.
- Payment Information: such as bank account details, credit/debit card information, or online banking details.
- Service Information: such as medical procedure information, appointment details, CCTV footage, and pre- and post-service images.
- Service Information: such as medical procedure information, appointment details, CCTV footage, and pre- and post-service images.
- Medical Information: such as treatment history.
- Statistical Information: such as website or application visit numbers.
- Website Usage Information: such as IP address and cookies.
- Health Information: such as biometric data (e.g., facial images), genetic data, health reports, medication use, allergies, and diagnoses.
- Feedback/Review Information: such as comments, reviews, and treatment outcomes.
If we need to collect any personal data or other information beyond what is specified above, we will inform you and may request your consent as required by law.
Purposes for Using Personal Data
We need to use the collected personal data and other information for the following purposes
- Medical Services
• Creating your profile, processing, and verifying identity for accessing our services (both online and offline), performing online transactions, offline transactions (e.g., clinic registration), or requesting special services/assistance.
• Analyzing health issues and your ability to receive services.
• Providing suitable services or delivering our services.
• Finding and scheduling doctor appointments.
• Verifying and confirming your identity, coordinating, and transferring information to network clinics to facilitate and expedite your services.
• Supporting and assisting with service usage, responding to your inquiries and requests, and resolving any issues arising from accessing our services.
• Following up on treatment outcomes and addressing any health issues you may encounter.- Payment and Accounting
• Verifying credit card/online banking payments.
• Billing and verifying accuracy.
• Processing refunds.
• Ensuring safety within the clinic.
• Complying with lawful clinic regulations.
• Adhering to legal requirements, regulations, orders, or requests from government agencies, such as subpoenas or court orders, or other lawful requests.- Marketing and Advertising (subject to your explicit consent)
• Facilitating the search for products/services and presenting benefits to you.
• Sending information about promotions, product and service recommendations, clinic promotional campaigns, and partner business offers.
• Conducting satisfaction surveys, market research, and statistical analysis to improve products and services or create new products and services.
• Using your still or motion images in online and offline media for promotional purposes.
• Other purposes that support the aforementioned objectives or for which we have obtained your consent periodically.
Disclosure of Personal Data
We may disclose or transfer your personal data to third parties, whether located within or outside Thailand, which have sufficient personal data protection standards in accordance with legal requirements. We will take necessary and appropriate measures or comply with legal regulations to achieve the objectives stated above, including
- Affiliates, business partners, and partner businesses.
- Agents, service providers, or contractors who provide services to us or act on our behalf, such as IT service providers or personal data processors.
- Banks and payment service providers, such as credit or debit card companies.
- Security and safety officers or agencies.
- Immigration and customs agencies.
- Government agencies, regulatory authorities, and other entities as permitted or required by law.
Links to Third-Party Websites/Applications
Our website and applications may link to third-party websites or applications. Please note that this Policy does not cover those third-party websites or applications. We are not responsible for and have no control over the collection, use, or disclosure of your personal data by third parties. Therefore, you should review the data protection policies of those websites or applications before accessing or using their services.
Data Retention and Security Measures
Your personal data will be retained for the necessary period to achieve the purposes described in this Policy or as required by law, or for legal claims establishment, compliance, or exercise of legal claims, or defense against legal claims. After the retention period, we will delete, destroy, or anonymize your personal data in accordance with our procedures without delay. We will implement appropriate technical and administrative measures to protect your personal data from unlawful destruction, loss, alteration, unauthorized disclosure, or access. For example, we use Secure Sockets Layer (SSL) protocol for data encryption over the internet, and we limit access to your personal data stored in internet systems, computer systems, or in document form to personnel who need to collect, use, or disclose the personal data and store it in secured locations with access control.
We will retain your personal data for the period necessary to fulfill our legal obligations, resolve disputes, and enforce our contracts and terms and conditions unless a longer retention period is required or permitted by law. We may use aggregated data derived from your personal data, but we will not use it in a manner that can identify you. After the retention period, personal data will be deleted, and therefore, the rights to access, delete, correct, or transfer data will not be enforceable.
Your Rights Regarding Personal Data
You have the following rights under the personal data protection law
- The right to access your personal data held by us, including obtaining a copy and requesting the transfer of your personal data to another data controller or yourself.
- The right to object or request the suspension of the collection, use, or disclosure of your personal data.
- The right to request correction, update, completeness, and accuracy of your personal data, as well as deletion, destruction, or anonymization of your personal data or disclosure of its source if obtained without your consent.
- The right to lodge a complaint with the Personal Data Protection Committee if you find that we or our personnel use or disclose your personal data contrary to your consent or the law.
- The right to withdraw your consent for the collection, use, or disclosure of your personal data at any time while your personal data is with us, except where consent withdrawal is restricted by law or contract for your benefit. However, withdrawing consent may result in insufficient information to fulfill the stated purposes and inconvenience in accessing our services.
To protect your privacy and security, we will verify your personal data before responding to any requests and will respond within a reasonable time and in accordance with legal timelines. We may not grant access to certain personal data if it involves the personal data of others or is prohibited by law. Additionally, we may reject requests to delete or correct personal data due to legal requirements, especially those impacting our accounting, legal claim processes, fraud prevention, or necessary data retention.
Contact Us
If you wish to exercise any rights under this Policy or have any questions, suggestions, or concerns about this Policy, you can contact us at HealthLink Clinic or our head office at the following details
HealthLink Medic Co., Ltd. (Data Protection Officer Team)
Office located at 15/9 The Bright Rama 2, Building B, 2nd Floor, Room B221, Tha Kham Subdistrict, Bang Khun Thian District, Bangkok. Telephone: 064-469-4629
When contacting us, please provide the following personal data
Data Breach Notification
If a personal data breach occurs that poses a high risk to your rights and freedoms, we will notify you without delay along with remedial measures via various channels, such as our website/application, SMS, email, phone, or letter.