The term "Bumrungrad Online Services" covers www.bumrungrad.com, Keyoniq.com, www.vitallifeintegratedhealth.com (each a "website") and use of the Keyoniq application downloadable from the Apple Store and the Google Play store (collectively, the "Bumrungrad Online Services").
• any individual who uses the Bumrungrad Online Services;
• any individual who interacts with us via our website, email or phone calls ; and
• any individual who receives promotional communications from us, (collectively, the "users", "individuals" or "you").
Notice Prior to Use
Information Voluntarily Provided by Users
You can visit a portion of the Bumrungrad Online Services without disclosing your personal information. Some areas of the Bumrungrad Online Services allow you to contact us to ask questions or provide comments. When you communicate with us and request a response, we ask for your name and contact information. We use this information so that we can respond more efficiently and keep track of our correspondence. If you do provide information of third parties, please ensure that you do have their consent to do so. When you request an appointment we will ask for personal information which will be used to respond to your request in the most efficient manner. Information you provide to us when booking an appointment, submitting an enquiry or providing feedbacks or comments may include health data, genetic data or other categories of personal information which may be considered sensitive or special under the applicable law (e.g. EU law). Except as provided at "Transfers of Your Personal Information" below, Bumrungrad Online Services will not sell, rent or otherwise disclose your personally identifiable information.
Use and Disclosure of Non-Personally Identifiable Information
Bumrungrad Online Services will not treat as confidential any information that you provide that is not personally identifiable. You should be aware that Bumrungrad Online Services will be free to disclose through any means and use for any purpose such non-personally identifiable information in its sole discretion. By providing such information to Bumrungrad Online Services, you understand and agree that no relationship has been created between Bumrungrad Online Services and you, and Bumrungrad Online Services have no obligation to you whatsoever regarding that information, unless otherwise required by applicable law.
Web Server Logging and IP Addresses
Bumrungrad Online Services retain usage data, such as the source IP address that a page request is coming from, your IP address, domain name, date and time of the request, the referring Bumrungrad Online Services, and other parameters passed on the URL. We use this data to better understand Bumrungrad Online Services usage. This information is stored in log files and is used by Bumrungrad Online Services for statistical reporting, IT security and to improve our website functionalities and your user experience.
Purposes and legal bases for using personal information
|WE MAY USE YOUR PERSONAL INFORMATION TO:
||WHAT IS THE LEGAL BASIS TO USE YOUR DATA FOR THIS PURPOSE UNDER EU DATA PROTECTION LAW (WHERE EU DATA PROTECTION LAW APPLIES TO YOUR DATA)?
|Provide you with customer reserved access to Bumrungrad Online Services. In particular, we need to authorise and verify your identity (assignment and management of access credentials).
||It is necessary for our legitimate interest to provide you with reserved access to our website. We believe that this is also in your interest (to preserve your confidentiality and the integrity and authenticity of the information you provide to us).
|Provide you with technical assistance to access and use our online services (e.g. if you have lost or forgotten your password).
||It is necessary for our legitimate interest as well as in your interest to enable your usage of our online services.
|Ensure the security of the information we hold about you and our website (e.g. implementation of safeguards against illegal or fraudulent activity such as cyber-attacks).
||It is necessary for our legitimate interests to monitor how our website is used to detect and prevent fraud, other crimes and the misuse of our website. This helps us to ensure that you can safely use our website. It is also our legal obligation to protect your personal information with adequate technical measures.
|Respond to your enquiries (via email, phone call, or online submission).
||It is necessary for our legitimate interest to provide you with the information you have requested to us or respond to enquiries. It is also in your interest to receive a response and being contacted for enquiries you have voluntarily submitted. Where we collect health data about you (or other sensitive data such as genetic data) in the context of enquiries you submit to us, we do so on the basis of your consent.
|Managing your bookings of medical appointments with us.
||It is necessary for our legitimate interest to process the personal information which is necessary to receive and manage your booking requests. It is also in your interest that we do so for the purpose of providing you with our services. Where we collect health data about you for the purpose of handling and managing your bookings with us, we do so on the basis of your consent.
|Record your interactions with our website to (i) enable certain functionalities of the website; and (ii) improve our website (accessibility, usability, user-friendliness, interaction with external links and plug-ins, etc.). We may not directly identify you by name but we may record your IP address and details about your website usage (e.g. web-pages you have visited on our website, date and time of the visit) through cookies or similar technologies.
|Contact you to update you about us, our services and promotions (provided you have consented to this where required under applicable law).
||We will ask for your consent before processing your information for marketing purposes, where consent is required under applicable law. Where consent is not required by applicable law, we will rely on our legitimate interest to promote our materials in a way which does not override your privacy rights and enables you to object to this use of your personal information and opt-out from our marketing communications at any time.
|Record and manage your marketing choices (e.g. record your opt-in to marketing and keep an up to date suppression list where you have asked not to be contacted, so we do not inadvertently re-contact you).
||We need to process this information about you to address your rights and abide by our obligations under applicable law.
|Comply with legal requirements and assist government and law enforcement agencies or regulators/supervisors or resolve any disputes that you may have with us.
||This processing is necessary for the purposes of complying with legal requirements to which we are subject.
Where the legal basis for using your personal information is our legitimate interest (as identified above for specific purposes of use of information), we believe that our legitimate interest overrides your privacy rights (also considering the adequate security measures we implement to protect your personal information).
Transfers of your personal information
We may need to disclose your personal information to the following categories of third parties for the purposes described above (under "Purposes and legal bases for using personal information"):
Other group companies
As Bumrungrad Hospital is part of a wider group with headquarters in Thailand which all collaborate and partially share customer services and systems including website-related services and systems, we may need to transfer your personal information to, or otherwise allow access to such data by other companies within the our group for the purposes set out above including, for example, addressing your queries, providing you with our website services from any locations you request them, ensuring the security of our website and your personal information, informing you about our services and promotions.
Our service providers
We use other companies, agents or contractors ("Service Providers") to perform services on our behalf or to assist us with the provision of services to you. We may share personal information with the following categories of Service Provider:
- infrastructure and IT services providers;
- marketing, advertising and communications agencies;
- Bumrungrad Doctors
- Bumrungrad Referral Offices
- Insurance Companies
In the course of providing such services, these Service Providers may have access to your personal information. However, we will only provide our Service Providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purpose. We will always use our best efforts to ensure that all the Service Providers we work with will keep your personal information secure.
Third parties permitted by law
In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, or to judicial or administrative authorities).
We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contractual terms or protect your rights or those of the public.
Third parties connected with corporate transactions
International transfers of your personal information
The personal information that we collect from you may be transferred to, and stored by us in Thailand or other destination outside Thailand or outside the EEA, including within our group of companies or through the use of third parties as set out under the section "Transfers of your personal information" above. It may also be processed by staff operating outside the EEA who work for us or for one of our Service Providers.
We will take all necessary measures to ensure that your personal information is securely transferred, stored and used after transfer, as required by applicable law. This includes using appropriate safeguards such as, under EU data protection (where applicable), the EU Model Contract Clauses (or equivalent measures). Under EU data protection law (where applicable), you can ask for a copy of such appropriate safeguards by contacting us as set out below ("Questions").
Access, Update, Correction of Personally Identifiable Information and other rights of the individuals
You may contact us at firstname.lastname@example.org to access, update or correct your personally identifiable information that you provide to us through the Bumrungrad Online Services.
If your personal information is subject to EU data protection law, you have a number of rights with respect to such information. These can be summarised as follows:
- Access. You have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable administration fee.
- Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
- Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you (such as to administer your account).
- Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
To exercise any of your rights above, please contact us as stated under below ("Questions").
You also have the right to lodge a complaint with the local data protection authority in the EU if you believe that we have not complied with applicable data protection laws.
Period of retention of your personal information
Your personal information is stored by us and/or our Service Providers on our behalf, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the information is collected. When personal information is kept, that period will be determined based on the applicable local law. When we no longer need to use your information, we will remove it from our systems and records and/or take steps to properly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
Alternatively, if your personal information is subject to the EU data protection law (e.g. you are a citizen of an EU member state), you can contact us at email@example.com.