\n
Guideline
\n\n
1. Personal Data the Company Collects from You
\n Your personal data collected by the Company can be classified as followings
\n\n
\n \n \n | \n Type of Personal Data \n | \n \n Details\n | \n
\n \n | 1. Personal data | \n Such as name, surname, ID card number, face image, gender, date of birth, passport number or other identifiable numbers. | \n
\n \n | 2. Contact data | \n Such as address, telephone number, e-mail address. | \n
\n \n | 3. Financial data | \n Such as billing information, credit or debit information, receipt information, invoice information. | \n
\n \n | 4. Marketing data | \n Such as registration information used for subscribe and marketing participation. | \n
\n \n | 5. Statistical Data | \n Such as unidentified personal data, numbers of patient, and number of websites visiting. | \n
\n \n | 6. Technical data | \n Such as IP Address of computer, type of browser, Cookies information time zone setting, operating system, platform and technology of devices used for accessing website and Online Appointment System. | \n
\n \n | 7. Health data | \n Such as treatment information, reports about physical or mental health condition, health cares of service receivers, laboratory test results, diagnosis, diagnostic disease, information about drug use and drug allergy, history of food allergy, blood result, laboratory result, pathological result, radiological images and radiological report, list of prescribed medication, necessary information for medical services, information of feedback and treatments. | \n
\n \n
\n\n
\n\n
2. Sources of Personal Data
\n The Company collects and gathers your personal data from the following sources
\n\n
1. Personal data directly collected from you such as:
\n\n
1.1 In case, you receive investigation and treatment: The Company receives your personal data from you contacting the Company about services or your self-register with the Company for receiving medical services and other services from the Company, including registration via electronic media.
\n\n
1.2 In case, you are the Company’s vendor: The Company receives your personal data from you contacting the Company about services or from you, as a provider, who makes a contract with the Company.
\n\n
2. Personal data indirectly collected from you such as:
\n\n
2.1 Persons who are close to you such as relatives, spouse, etc.
\n\n
2.2 Persons you give authority to act on your behalf in contacting with hospital.
\n\n
2.3 Network Health Providers, in case you already give consent to the Network Health Provider for disclosure of your personal data. \n
\n\n
2.4 Person, juristic person, or agency of any government, private sector, or state enterprise who refers you for investigation services to the Company or is a payer for your service expenses.
\n\n
3. Disclosure or Share of Personal Data
\n The Company will not disclose your personal data to outsiders except when laws permit for needs in operation so the Company may disclose your personal data for the following cases.
\n\n
\n - Disclose personal data to government agencies, authority agencies or any person when laws define or authorize, including complying with court orders.
\n - Disclose personal data to individual or juristic persons that the Company needs to comply with the contract or for your benefits as an owner of personal data. The Company requires those individual or juristic persons must maintain confidentiality and protect your personal data according to standards as defined by the Personal Data Protection Act B.E. 2562, including but not limited to individual or juristic persons as listed below. \n
\n - Network Health Providers in Samitivej Group and BDMS as necessary as for providing investigation and medical services to you as the company will disclose personal data only as necessary and the company will maintain the confidentiality of your personal data as its duties complied with relevant laws such as Medical facilities Act B.E. 2541, National Health Act B.E. 2550 and Medical Profession Act B.E. 2525 \n
\n - Insurance company or its provider managing compensation. \n
\n - Health provider service receiving patient's refer.
\n - The one referring you for investigation or services at a health provider or paying service expenses for you. \n
\n - Personal data processor as necessary for the company’s operation such as employee, or laboratory service provider, database management, telecommunication, computer system, payment or provider of Technology Outsource. (Technology Outsource)
\n
\n \n - The Company may maintain personal data in Cloud Computing by using such services from the third party located in Thailand or overseas, the Company makes a contract with mentioned persons very thoroughly and considers safety system in maintaining personal data that Cloud Computing service provider functions in regarding personal data protection.
\n
\n\n
4. Duration of Personal Data Retention
\n\n
\n - The Company uses standards of duration for retention of medical records in accordance with Medical Facilities Act B.E. 2541 and the latest version, the Company will maintain medical records in its system for a minimum of 5 years but not exceed 10 years from your latest medical visit. Once completion of that 10 year duration, all original medical records, copies, and electronic medical records will be disposed.
\n - In case, the company must comply with laws, regulations of other professional councils, court orders or establish rights for legal claims to enter dispute resolution processes, the Company may maintain such personal data for the duration according to the legal statute or until the dispute is final whichever the case may be.
\n
\n\n
5. Measures of Personal Data Retention and Analysis
\n\n
\n - The Company will manage the retention of personal data with standards not less than a level required by law and with appropriate system to protect and safeguard such personal data such as the use of Secure Sockets Layer: SSL, protect with firewall, password and other technology measures for encryption of information via the internet, and store in a facility with access protection system that limits the person’s access to personal data kept in a document format. \n
\n - The Company limits access to personal data that may be accessed by staffs, agent, partner, or third party. Access to personal data by the third party can be done according to setting or order. Also, the third party is responsible for maintaining confidentiality and personal data protection.
\n - The Company establishes technology methods to protect unauthorized access to the computer system. \n
\n - The Company has an inspection system to manage the destruction of unnecessary personal data for the Company. \n
\n - In case of sensitive personal data, the Company applies measures to maintain the security of documentation and electronic data for access and control of the use as well as having an operating system and backup including an emergency plan and conducting regularly risk assessment of the system.
\n
\n\n
6. Overseas Transfer of Personal Data
\n\n
\n - Some cases, the Company may need to transfer your personal data to overseas. The Company may perform the transfer after notifying you of the objectives of the transfer and receiving your consent. Then, the Company may inform you about insufficient standards of personal data protection of the destination country. \n
\n - The Company can transfer your personal data without your consent if the transfer of personal data to overseas is in accordance with a contract you are as the contract’s partner or to protect or suppress any threatening to the life, body, or health of personal data owner, or for the use according to your request prior to making that contract or according to requirements in Personal Data Protection Act B.E. 2562.
\n
\n\n
7. Cookie Policy
\n When you visit our website, the Company uses cookie to ensure that you will receive good experience from using the company’s website. Cookie is a small file that stores information and records it on to computer devices or communication tools when you access via web browser you choose while visiting the website.\n
\n\n
The Company uses cookie to collect the identity of your website visiting. With such identity, the Company can be easier to remember the nature of your website using and such data will be used for developing the Company’s website to match your needs more. For convenience and speed of your using the website, sometimes The Company may authorize the third party for this operation which may need IP address and cookie for analysis, data link, and processing according to marketing purposes. You can set cookie when you enter the Company’s website as you can choose to allow or not allow cookie to perform analysis, data link and processing according to marketing purposes.
\n\n
8. Rights of Personal Data Owner
\n As a personal data owner, you have the rights to request the Company to process your personal data according to the scope allowed by laws as below:
\n\n
\n - Right to withdraw consent: you have the rights to withdraw your consent for personal data processing as consents to the Company anytime throughout the period your personal data is stored at the Company.
\n - Right of access: you have rights to access your personal data and request the Company for a copy of the aforementioned personal data, including requesting the company to disclose the acquisition of your personal data you did not give your consent.
\n - Right to rectification: you have rights to request the Company to correct incorrect data or add to incomplete data.\n
\n - Right to erasure: you have right to request the Company to erase your data by some reasons.
\n - Right to restriction of processing: you have rights to request the Company to suppress the use of your personal data by some reasons.
\n - Right to data portability: you have rights to transfer your personal data maintained by the Company to other data controllers or yourself by some reasons.
\n - Right to object: you have rights to object your personal data processing by some reasons.
\n
\n\n
You can contact our Data Protection Officer: DPO / Data Protection Department Officer to request to exercise your rights as aforementioned at:
\n\n
Samitivej Sukhumvit Hospital
\n 133 Sukhumvit 49, Khlong Tan Nuea, Watthana, Bangkok, 10110
\n Tel: 02-022-2222
\n E-mail: svh.dpo@samitivej.co.th
\n\n
Samitivej Srinakarin Hospital
\n 488 Srinakarin Rd, Suan Luang, Bangkok, 10250
\n Tel: 02-022-2222
\n E-mail: svh.dpo@samitivej.co.th
\n\n
Samativej Chinatown Hospital
\n 624 Yaowarat Rd., Samphanthawong, Bangkok, 10100
\n Tel: 02-118-7893\n
\n E-mail: DPOoffice.sct@samitivej.co.th
\n\n
Samitivej Thonburi Hospital
\n 337, Somdet Phra Chao Tak Sin Rd., Khwaeng Samre, Khet Thon Buri, Bangkok, 10600
\n Tel: 02-438-9000
\n E-mail: STH-DPO-Group@samitivej.co.th
\n\n
Samitivej Chonburi Hospital
\n 888/88 Moo 3, Sukhumvit Rd., Ban Suan, Mueang Chonburi, Chonburi, 20000
\n Tel: 033-038-888
\n E-mail: SCH.DPO@samitivej.co.th
\n\n
Samitivej Sriracha Hospital
\n 8 Soi Laemket, Jermompol Rd., Sriracha, Chonburi, 20110
\n Tel: 038-320-300, 033-030-100
\n E-mail: ssh.dpo@samitivej.co.th
\n\n
9. Changes of Personal Data Protection Policy
\n The Company may review and change the personal data protection policy in the future for developing better personal data protection, the Company will notify you every time when the aforementioned policy changed.
\n\n
10. Contact Channels
\n You can contact our data protection officer, inquiry or use any right related to personal data at:
\n\n
Samitivej Sukhumvit Hospital
\n 133 Sukhumvit 49, Khlong Tan Nuea, Watthana, Bangkok, 10110
\n Tel: 02-022-2222
\n E-mail: svh.dpo@samitivej.co.th
\n\n
Samitivej Srinakarin Hospital
\n 488 Srinakarin Rd, Suan Luang, Bangkok, 10250
\n Tel: 02-022-2222
\n E-mail: svh.dpo@samitivej.co.th
\n\n
Samitivej Chinatown Hospital
\n 624 Yaowarat Rd., Samphanthawong, Bangkok, 10100
\n Tel: 02-118-7893
\n E-mail: DPOoffice.sct@samitivej.co.th
\n\n
Samitivej Thonburi Hospital
\n 337, Somdet Phra Chao Tak Sin Rd., Khwaeng Samre, Khet Thon Buri, Bangkok, 10600
\n Tel: 02-438-9000
\n E-mail: STH-DPO-Group@samitivej.co.th
\n\n
Samitivej Chonburi Hospital
\n 888/88 Moo 3, Sukhumvit Rd., Ban Suan, Mueang Chonburi, Chonburi, 20000
\n Tel: 033-038-888
\n E-mail: SCH.DPO@samitivej.co.th
\n\n
Samitivej Sriracha Hospital
\n 8 Soi Laemket, Jermompol Rd., Sriracha, Chonburi, 20110
\n Tel : 038-320-300, 033-030-100
\n E-mail: ssh.dpo@samitivej.co.th
\n\n
Workflow
\n N/A\n
\n
Communication Channel & Training
\n N/A\n
\n
Follow up and Measurement of Procedure and Service
\n N/A\n
\n
Relevant Quality Documents
\n N/A\n
\n
Reference Documents
\n N/A\n
\n\n
\n
*Samitivej Sukhumvit Hospital which is operated by Samitivej Public Company Limited.
\n Samitivej Srinakarin Hospital which is operated by Samitivej Public Company Limited.
\n Samitivej Sriracha Hospital which is operated by Samitivej Sriracha Company Limited.
\n Samitivej Thonburi Hospital which is operated by Krungdhon Hospital Public Company Limited.
\n Samitivej Chonburi Hospital which is operated by Samitivej Chonburi Company Limited.
\n Samitivej Chinatown Hospital which is operated by Bangkok Dusit Medical Sevice Public Company Limited.
\n
![\"\"](\"@/assets/image/side-image.png\")
\n