Personal Data Protection Policy
(Data Protection Policy)

Bangkok Christian Hospital, Nakhon Pathom respects the privacy rights of users who request services, visit the website, use social media, or use applications or other channels (collectively, “processing activities”) to inform you of the details related to the collection, use, and disclosure (collectively, “processing”) of personal data that Bangkok Christian Hospital, Nakhon Pathom (referred to as the “Hospital”) processes in its capacity as a personal data controller and/or personal data processor, including the exercise of legal rights through online channels and other channels as stipulated by the Personal Data Protection Act, as follows:

1. Processing of personal data

1.1 The hospital collects your personal data under the following legal bases:
1) The necessity to comply with a medical service contract, a medical treatment contract, and/or a contract with a similar name.
2) The need to prevent or suppress dangers to life, body or health.
3) The necessity to carry out public duties or exercise state powers that the hospital receives under the Hospital Act.
4) Necessity for the legitimate interests of the hospital or other persons, where such interests are no less important than the data owner’s fundamental rights in personal data, such as for maintaining the security of areas within the hospital.

1.2 The Hospital collects special types of personal data which do not require explicit consent for purposes such as:
1) The hospital is required to collect information from the family of unconscious patients for first aid.
2) Hospitals are required to collect information on symptoms of patients with infectious diseases in order to comply with the Communicable Disease Act in carrying out public duties regarding prevention of dangers from epidemics.

2. Purpose of processing personal data

2.1 To be used in processing your request before entering into a contract with the hospital.

2.2 For the legitimate benefit of the hospital or of another person, such as:
1) For the purpose of carrying out the contract between you and the hospital, and the hospital processes your personal data for providing services under the contract, receiving payment for services, including managing the relationship with you.
2) For internal management of the hospital, management, development and any actions to enable the operation of the health care facility, including management and development of processing activities, research such as conducting questionnaires, investigating and preventing fraud or other crimes, and maintaining the information system.
3) For security benefits, such as providing security measures, including information systems such as entering areas within the hospital, logging in, and processing activities.
4) To inform news and benefits via books, email, SMS, applications, social media and telephone.
5) For the exercise of legal claims

2.3 To prevent and suppress dangers to the life, body or health of you or other persons, such as contacting in an emergency, controlling and preventing infectious diseases.

2.4 To be able to comply with the law, such as complying with the provisions of the law, regulations and orders of those with legal authority.

2.5 To perform duties in carrying out missions for the public benefit of the hospital or to perform duties in exercising the state powers that have been granted.

2.6 To achieve the objectives according to the consent you have given on each occasion.

2.7 In order for the hospital to be able to carry out activities other than those mentioned above, the hospital may collect additional personal information from you, which the hospital will notify you of and request your consent from time to time.

3. Personal information collected and used

3.1 Personal identification information such as full name, photograph, gender, date of birth, passport, national ID card number, and various forms of information used for identification.

3.2 Contact information such as address, telephone number, Facebook ID, Line ID, email, and other social media information.

3.3 Information about work, occupation and contacts, such as work location information, employment information or other information related to occupation.

3.4 When you enter the hospital premises, the hospital may record your image using closed-circuit television (CCTV) cameras. The hospital does not record audio data through closed-circuit television (CCTV) cameras, and the hospital will post a sign informing you that closed-circuit television (CCTV) cameras are in use in the hospital premises.

3.5 Personal property identification information, such as vehicle registration

3.6 Payment information such as billing information, credit or debit card information, PromptPay information, and bank account details.

3.7 Service access information, such as medical appointment information, personal information of relatives, needs regarding rooms, food, and other additional services.

3.8 Information on participation in marketing activities, such as information on registration to participate in activities with the hospital or the hospital’s contract partners.

3.9 Statistical information such as number of patients and website visits

3.10 Information from website access and other hospital information such as IP Address, MAC Address, Location, Cookies, Appointment System, Data Analytic, Log File.

3.11 The Hospital may be required to process special types of personal data as required by personal data protection laws for the purposes stated in this Policy, such as:
1) Such information is required for the benefit of hospital security.
2) It is necessary to use your national ID card which contains your religious information to verify your identity.
3) It is necessary to process health information such as weight, height, chronic diseases, color blindness, physical examination results, food allergy information, drug allergy information, blood type, medical certificates, medical treatment history, reports on physical and mental health, your health care, laboratory test results, laboratory and diagnostic tests, information related to your medication use and drug allergies, treatment results you provide, medication dispensing history, and medical treatment receipts.
4) The Hospital will process your Special Category Personal Data only with your explicit consent or for other purposes as required by law. The Hospital will use its best efforts to provide adequate security measures to protect your Special Category Personal Data.

3.12 Your suggestions or comments

4. Request for consent and possible consequences of withdrawing consent

4.1 In the event that the Hospital processes personal data based on your consent, you have the right to withdraw your consent at any time, unless such right is restricted by law, and such withdrawal of consent will not affect the processing of personal data to which you have already consented.

4.2 If you withdraw your consent to the Hospital or refuse to provide certain information, it may result in the Hospital being unable to carry out some or all of the purposes set out in this Policy.

5. Disclosure of your personal information

The Hospital may disclose or transfer your personal data to third parties, which may be located within or outside the Kingdom, whereby the Hospital will take necessary and appropriate measures or in accordance with regulations and laws, for the purposes specified above, to:
  1. Business partners such as information system developers, insurance companies, partners participating in loyalty and privilege programs, and medical centers and/or other companies involved in providing services.
  2. Banks and payment service providers, such as credit or debit card companies.
  3. Security and safety officers
  4. Immigration and Customs Enforcement
  5. Government agencies, regulatory agencies and other entities as permitted or required by law.

6. Rights under the Personal Data Protection Act B.E. 2562

  1. Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data that you have given to the hospital for the duration that your personal data is with the hospital, unless there is a restriction on your right to withdraw consent by law or by a contract that benefits you.
  2. Right of Access: You have the right to access your personal data and request that the hospital provide you with a copy of such personal data, including requesting that the hospital disclose the source of personal data to which you have not given consent.
  3. Right to rectification: You have the right to request that the hospital correct inaccurate information or add incomplete information.
  4. Right to erasure: You have the right to request that the hospital erase your data for certain reasons.
  5. Right to restriction of processing: You have the right to restrict the processing of your personal data for certain reasons.
  6. Right to data portability: You have the right to have your personal data that you have provided to the hospital transferred to another data controller or to yourself for certain reasons.
  7. Right to object to the processing of personal data (right to object): You have the right to object to the processing of your personal data on certain grounds. You can request access to, or request updates and corrections to, your personal data, as well as any other rights mentioned above or rights under applicable personal data protection laws, such as requesting a copy of your personal data or requesting the suspension of the use or disclosure of your personal data if you believe that your personal data has been used beyond the scope of the purposes stated above or without your consent.

7. Sending or transferring your personal data abroad

  1. This is in compliance with the law that requires hospitals to send or transfer personal data abroad.
  2. The Hospital has informed you and obtained your consent in the event that the destination country has inadequate personal data protection standards, in accordance with the list of countries announced by the Personal Data Protection Committee.
  3. To prevent or suppress danger to your life, body or health or that of another person when you are unable to give consent at the time, or to carry out a mission for an important public interest where consent is available at the time, or to carry out a mission for an important public interest.

8. Sending or transferring personal information abroad

  1. The Hospital may send or transfer your personal data to other persons abroad where necessary for the performance of a contract to which you are a party, or for the performance of a contract between the Hospital and another person or juristic person for your benefit, or for use in taking action at your request prior to entering into a contract, or to prevent or suppress danger to your life, body or health or that of another person, to comply with the law, or where necessary to carry out a mission for an important public interest.
  2. The Hospital may store your information on computer servers or clouds provided by third parties and may use third party programs or applications in the form of ready-made software and ready-made platform services to process your personal information, but the Hospital will not allow unrelated parties to access your personal information and will require those parties to have appropriate security measures in place.
  3. In the event that your personal data is transferred overseas, the hospital will comply with personal data protection laws and take appropriate measures to ensure that your personal data is protected and that you can exercise your rights related to your personal data in accordance with the law. The hospital will also require the recipient to have appropriate measures to protect your data and process such personal data only to the extent necessary, and take steps to prevent others from using or disclosing your personal data without authorization.

9. Period of retention of personal data

  1. The Hospital will retain your personal data for the period necessary to fulfil the purposes for which each category of personal data is collected, unless the law permits a longer retention period. Where a retention period for personal data cannot be clearly specified, the Hospital will retain the data for the period that is reasonably expected based on the collection standards (e.g., the general statutory limitation period of up to 10 years).
  2. The hospital retains your personal data for the duration of your service to fulfill the contract and for the necessary period after your service has ended.
  3. The Hospital retains your emergency contacts’ personal data for the period necessary for the processing to achieve the purposes of this Policy.
  4. In cases where the hospital uses your personal data with your consent, the hospital will process such personal data until you request to withdraw your consent and the hospital has completed your request. However, the hospital will still retain your personal data only as necessary for the record of your withdrawal of consent, so that the hospital can respond to your requests in the future.
  5. The hospital has established a monitoring system to delete or destroy personal data after the retention period has expired or when it is no longer relevant or necessary for the purposes for which the personal data was collected, or to make your personal data unidentifiable for other purposes, such as statistical analysis, improving service efficiency, or for important public benefits.

10. Personal data security

The hospital has appropriate measures to maintain the security of your personal data, both technically and administratively, to prevent data loss or unauthorized access, destruction, use, change, modification, or disclosure of personal data, which is in accordance with the hospital’s Information Security Policy and guidelines, along with guidelines for ensuring security in the collection, use, and disclosure of personal data, while maintaining confidentiality and accuracy.

Completeness (Integrity) and availability (Availability) of personal data, the hospital has arranged for this policy to be reviewed at appropriate intervals.

11. Policy changes

In updating or changing this Policy, the Hospital may consider making changes as it deems appropriate and will notify you by posting the information on the Hospital’s website (https://www. bangkokchristianhospitalnakornpathom .th) with the date of the most recent version of the Policy at the end. However, the Hospital recommends that you check regularly to be aware of the new Policy, especially before disclosing personal information to the Hospital.

Your use of the products or services under this processing activity constitutes your acknowledgement of the terms of this policy. Please discontinue use if you do not agree to the terms of this policy. If you continue to use the service after this policy has been amended and posted on the above channels, you will be deemed to have acknowledged the changes.

12. Contact and inquiries

If you have any questions, suggestions, or complaints regarding this Privacy Policy, please contact us at bchnmedical@gmail.com. This Privacy Policy is effective from June 1, 2022.

Follow The News
Receive News Contact Us
Follow Us