Privacy Policy

Synphaet Hospital Privacy Policy

Synphaet Group (comprising Synphaet Co., Ltd., Seriruk Hospital Co., Ltd., Synphaet Thepharak Co., Ltd., Synphaet Lamlukka Co., Ltd., Synphaet Bangna Co., Ltd., and Synphaet Kanchanaburi Co., Ltd., collectively referred to as “Synphaet”), the operator of Synphaet Hospital (the “Hospital”) providing various medical services (“Service”), is committed to good corporate governance, including recognizing the importance of data security and privacy. Synphaet intends to process your personal data with transparency.

The purpose of this privacy policy (“Privacy Policy”) is to maintain your trust and ensure that Synphaet will properly manage and process your personal data, including maintaining the security measures as specified by law and meeting international standards.

If you are a patient or visitor of the Hospital, you can find further details about the processing of your personal data in relation to the provision of the Service, as well as your rights and how to exercise them, in the Privacy Notice for patients or visitors of the Hospital at www.synphaet.co.th.

This Privacy Policy applies when Synphaet acts as the data controller of the personal data only. For any activities where Synphaet is the data processor for other public or private organizations acting as data controllers, please refer to the privacy policy or notice of processing of those organizations directly.

1. Collection of Personal Data

Synphaet may collect your personal data, directly or indirectly, from the following sources:

• Information you provided directly to Synphaet, including through patient registration, registration for activities, use of applications or platforms, user account registration, conversations via live chat, or making transactions via Synphaet's Service.
• Personal data received from your family, representative, or any person authorized by you to contact Synphaet.
• Personal data received from Synphaet’s affiliates.
• Personal data received from the organization you work for.
• Other hospitals that you instructed to share your information with Synphaet.
• Social media and/or other public relation media you use to access the Service.
• Personal data from third parties, such as business partners of Synphaet.
• Any public sources, such as government data and other professional institutions.

2. Types of Personal Data Collected

Depending on the purposes of use and the requirements of the officers processing personal data, Synphaet may collect various types of your personal data, including:

• General Personal Data:
  • Identification information: name-surname, date of birth, identification number, telephone number, e-mail, address, copies of official cards, identification cards, passports, birth certificates, hospital number, photo, voice, picture, and video.
  • Personal characteristics: age, sex, weight, and height.
  • Financial information: credit and debit card details, bank account information, transaction information including hospital expenses, payment method, and other payment details.
  • Insurance information: health insurance and other life insurance details, including social security and any medical benefits information.
  • Service usage history: data automatically collected via the website, including website usage behavior, log files, your interests, device information, IP address, settings, website adjustments, date, and your location.
  • Other information: personal data you provide when receiving treatment or services from Synphaet by filling in relevant forms, communicating with Synphaet through any application or other channel, Hospital membership information, workplace, and family members.
• Sensitive Personal Data:
  • Personal characteristics: blood type, race, religion.
  • Health information: body mass index, heart rate, blood pressure, oxygen saturation, body temperature, fasting blood sugar, hearing, mobility, nutrition, sleep, and cycle tracking.
  • Medical information and medical history: congenital diseases, food or medicine allergies, vaccination history, lifestyle behavior, sexual orientation, symptoms, medical records, medical history, clinical records, diagnosis results, special medical requests, medical usage, or record of treatment methods.

Regarding the processing of sensitive data, Synphaet will obtain consent from the data subject before or at the time of data processing, unless the processing falls under the exceptions prescribed by the Personal Data Protection law.

3. Retention Period

Synphaet will retain your personal data as long as it is necessary for the purpose of data processing. After that, Synphaet will erase and destroy your personal data, except as may be required by applicable laws or for the protection of Synphaet’s interests. In general, personal data will be kept for a maximum period of 10 years or longer if specifically provided by law or for the protection of Synphaet’s interests. Upon completion of this period, Synphaet will follow deletion and destruction procedures to ensure that your personal data is safely deleted from Synphaet's servers or retained in an anonymized form.

4. Purposes of Use and Disclosure

Synphaet will process your personal data to:

• (i) Perform contractual obligations.
• (ii) Comply with legal obligations.
• (iii) Pursue legitimate interests.
• (iv) Protect vital interests.
• (v) Prepare historical documents or archives for public interest, or for research or statistical purposes.

Synphaet will use and disclose Personal Data for the abovementioned purposes and scope, including the following specific purposes:

• Purposes of Providing Medical Services:
  • Patient registration and verification, including maintaining patient records.
  • Notification of doctor appointments or medical treatment arrangements.
  • Providing medical analysis, diagnosis, consultation, and other services related to medical treatment.
  • Analyzing and experimenting with responses to various treatment methods.
  • Ensuring your security and comfort while receiving Synphaet’s medical services or staying in the Hospital.
  • Coordinating with internal and external organizations, including business partners, regarding your medical treatment.
  • Specifying your location for receiving or providing Service or for the delivery of medicine, medical supplies, or other devices.
  • Processing payments and purchase orders for medicines, medical supplies, and the Service.
  • Ensuring the efficient display of content on Synphaet’s website on your electronic devices.
  • Communication (chat) between you and medical practitioners through online systems or for expressing opinions, making queries, and general communication.
  • Hosting or participating in activities, training, or seminars held by Synphaet.
• Purpose of Analyzing, Developing, and Improving Service including Preparing Statistical Information:
  • Conducting research or strategy analysis to develop, improve, and maintain the quality of the Service.
  • Preparing statistical information related to the Service for education and internal analysis by Synphaet only.
  • Supporting the stability and security of Synphaet’s premises and website.
  • Conducting satisfaction surveys, collecting opinions and suggestions, and addressing complaints.
• Marketing Purpose:
  • Where applicable law permits and/or Synphaet has obtained your consent, Synphaet may collect, use, and disclose your personal data for marketing purposes, including:
    • Offering information and newsletters related to the Service. You can opt-out of marketing communications through designated channels.
    • Processing purchase orders for medicine, vaccines, medical supplies, and Services to improve service quality and send information about these products and services that may interest you, including advice.
    • Setting patterns and improving general marketing activities of Synphaet.
    • Using website visitor information to generate usage patterns or interests.
• Other Purposes:
  • Fulfilling contractual obligations, directly or indirectly.
  • Legitimate interests related to carrying out Synphaet’s business, while considering your fundamental rights.
  • Supporting the stability and security of Synphaet.
  • Assessment and management of your requests.
  • Prevention and investigation of forgery.
  • Inspection, analysis, and preparation of documents upon request of governmental organizations and regulatory bodies.
  • Compliance with applicable laws.

5. Personal Data of Minors, Quasi-Incompetent Persons, and Incompetent Persons (“Incapacitated Person”)

Synphaet will process the personal data of Incapacitated Persons only where permitted by data protection law. Synphaet will arrange to obtain consent from the parent, curator, or guardian who is the legal representative of the Incapacitated Person (as applicable). This does not apply in the case of obtaining consent for processing the personal data of a minor over 10 years old which is strictly personal, suitable to their condition in life, and actually required for reasonable needs, where such minor can provide consent to Synphaet directly.

6. Disclosure

Synphaet will not disclose your personal data without a legal basis. If Synphaet is required to transfer your personal data to other third parties, Synphaet will proceed according to appropriate procedures to ensure that these third parties will protect your personal data from loss, unauthorized access, usage, modification, or disclosure. Your data may be disclosed to the following third parties:

• Group companies or affiliates related to Synphaet.
• Other third-party service providers, such as cloud service providers or data analysis service providers.
• Governmental and regulatory bodies.
• Auditors, legal advisors, and other advisors.
• Any person or companies where required in connection with potential or actual corporate restructuring, merger, acquisition, or takeover, including initial public offerings, and any transfer or potential transfer of Synphaet’s rights or duties under agreements with data subjects.
• Other data controllers to whom you have instructed Synphaet to disclose or transfer data, including other hospitals and clinics.
• Other third parties who intend to invest in or purchase the business of Synphaet or its affiliates for corporate restructuring.

7. Cross-Border Transfer

Synphaet will disclose your personal data to recipients outside of Thailand only where permitted by data protection law and/or other applicable laws. In this regard, Synphaet may follow the rules for transferring data outside Thailand by entering into standard agreements or using other available tools under applicable laws. Synphaet may rely on data sharing agreements that require the data receiver to allow the data subject to exercise their rights in case of a breach, or other permitted tools for the transfer of personal data to other countries.

8. Data Security Measures

Synphaet has been accredited with a global standard from Joint Commission International (JCI), United States. JCI standards include privacy protection, confidentiality, and security of data, as well as data and information access control. Synphaet adopts internal policies related to information security systems, emergency plans, and data leakage prevention. Synphaet also employs high-standard security systems in both technology and procedures to prevent unauthorized or unlawful access, use, change, amendment, or disclosure of personal data, and possible data theft.

Synphaet makes substantial investments, effort, and human resources to ensure that high-standard measures are maintained and your personal data remains safe. Synphaet implements various measures to protect its computer systems, such as firewalls and Secure Socket Layers (SSL). Synphaet will periodically revisit these internal policies according to the laws.

Pursuant to the JCI standard, Synphaet has set retention periods for patient registers, data, and other information. Synphaet will delete and destroy your data immediately when it is no longer necessary for the purpose of data processing or when the retention period expires, using appropriate and safe methods without prior notice.

While Synphaet makes its best efforts to protect personal data with technical mechanisms and personnel management to control access and secure data against unauthorized access, Synphaet cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threats and unauthorized access. Data subjects should regularly stay updated with technology news, install personal firewall software to prevent threats or data theft, and monitor their own accounts regularly, such as checking balances and transaction dates, and keeping personal and financial information confidential.

9. Rights of Data Subject

In accordance with data protection law, you, as a data subject, have the following rights (which may be amended pursuant to any regulations of the data protection law) exercisable in compliance with applicable laws:

• To access personal data.
• To rectify personal data.
• To erasure or destruction of personal data.
• To restrict the use of personal data.
• To object to the collection, use, and disclosure of personal data.
• To data portability.
• To withdraw consent.

If Synphaet cannot comply with your request to exercise your rights or fails to comply with data protection law, you may lodge a complaint with the regulator, including the Personal Data Protection Committee, Ministry of Digital Economy and Society.

If you have given consent for the processing of your personal data to Synphaet (where consent is not required by other applicable laws), you have the right to withdraw your consent at any time. If the withdrawal of consent affects any transactions or provision of services, you will be informed at the time of the withdrawal request.

In responding to your request under this clause, Synphaet may only be able to consider your personal data that Synphaet processed as a data controller. For exercising your rights regarding personal data that Synphaet processed as a data processor for another data controller, Synphaet will inform that data controller to consider and proceed according to your request.

10. Contact Person

If you have any queries, suggestions, or concerns regarding this Privacy Policy, or any questions regarding the use of personal data by Synphaet, you may contact Synphaet at:

SEND TO: Data Protection Officer Synphaet Co., Ltd. Address: 9/99 Ramintra Road K.m. 8.5, Ramintra, Kanna Yao, Bangkok, 10230 E-mail: [email protected] Phone number: 02-793-5099

Note: When making any complaint or claim, please provide your contact details to enable Synphaet to respond as soon as possible. Synphaet does not charge any administrative fee related to your personal data. However, a fee for processing certain requests (other than rectification) under the data protection law may apply.

11. Amendment to Privacy Policy

In case of material changes to the practices related to personal data protection, Synphaet will amend and revise this Privacy Policy and disclose it on Synphaet’s website to ensure that you are aware of how Synphaet collects, uses, handles, discloses, and protects your data.

Cookie Policy of Synphaet Hospital Group

While browsing the website www.synphaet.co.th, information related to your website browsing will be stored in the form of cookies. This Cookie Policy explains what cookies are, how they work, their purpose, and how to delete cookies for your privacy. By browsing the website www.synphaet.co.th, you are considered to have consented to our use of cookies in accordance with this Cookie Policy, the details of which are as follows:

1. What are Cookies?

Cookies are small computer data files that will be installed or saved on your computer or electronic device when you visit a website. Cookies will remember your website usage information. We will also refer to other technologies that function similarly as cookies.

How Cookies are Used

We use cookies to store your website visit identity. This identity allows us to easily remember your website usage patterns, and this information will be used to tailor our website to your needs. For your convenience and speed in using our website, we may need to involve third parties in this process, which may require the use of Internet Protocol addresses (IP Addresses) and Cookies to analyze, link information, and process it for marketing purposes.

2. Types of Cookies Used

• Strictly Necessary Cookies: These cookies are essential for the operation of the website, including cookies that enable you to access information and use the Hospital's website securely.
• Analytical/Performance Cookies: These cookies help the Hospital to recognize and count the number of visitors to the website, as well as to understand their browsing behavior. This helps the Hospital to improve the performance of the website, making it better and more appropriate. They also collect statistical data about how users access and browse the website, which helps improve the website's functionality so that users can easily find what they are looking for and helps the Hospital understand user interests and measure the effectiveness of the Hospital's advertising.
• Functionality Cookies: These cookies are used to remember you when you return to our website. This allows the Hospital to personalize content for you, tailor the Hospital's website to your usage needs, and remember your preferences, such as language, region, or font size you choose to use on the website.
• Targeting Cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. The Hospital will use this information to make the website and any content displayed on it more relevant to your interests. The Hospital may also share this information with third parties for this purpose.  
• Advertising Cookies: These cookies remember your settings when you access the website and are used as information to adjust the website to present advertisements that are most relevant to you. For example, selecting to show advertisements for products you are interested in, preventing or limiting the number of times you see the same advertisement, and helping to measure the effectiveness of advertising.

Please be informed that some types of cookies on this website are managed by third parties, such as advertising networks, functionalities like videos, maps, and social media, and other external website providers, such as website visit analysis services. These cookies are often Analytical/Performance Cookies or Targeting Cookies. You should review the cookie policies and privacy policies on these third-party websites to understand how they may use your information.

3. Collection and Use of Cookies

The operation of cookies helps the Hospital automatically collect and store your website visit information as follows:

• Internet domain and IP Address from which you access the website.
• Type of browser software, as well as the structure and operating system used to access the website.  
• Date and time you access the website.  
• Address of other websites that linked you to the Hospital's website.
• Web pages you visit and that lead you away from the Hospital's website.
• Content on the web pages you visit and the duration of your visit.

4. Legal Basis

The collection, use, or disclosure of your personal data in the case of cookies is for the legitimate interests of the Hospital or in accordance with the explicit consent received from the data subject. You can withdraw your consent at "Cookie Settings".

5. Cookie Management

You can choose to set preferences for each type of cookie, except for Strictly Necessary Cookies, through the "Cookie Settings" or the settings in your web browser. For example, you can prevent the installation of cookies on your device. Most internet browsers are set to automatically accept cookies, but you can adjust your settings to block cookies or to notify you when your device receives a cookie. Managing cookies can be done in various ways, which you can learn from your browser's user guide or help section. In addition, most web browsers provide some control over most cookies through browser settings. For more information about cookies, visit www.aboutcookies.org or www.allaboutcookies.org. You can find instructions on how to manage cookies on popular browsers as follows:

1. Google Chrome
2. Mozilla Firefox
3. Microsoft Internet Explorer
4. Apple Safari

Additional Information

• Temporary Session Cookies: These cookies are deleted from your device after you leave the website.