Bumrungrad Hospital Public Company Limited and affiliates (hereinafter referred to as the “Hospital” or “we”, as the case may be) are the companies that are accredited to international standards with various specialists for medical treatments. We are a website and application platform provider who conducts services to facilitate website visitors and our patients. This privacy notice (the “Notice”) will cover these following websites:

1.  www.bumrungrad.com;
2.  www.vitallifeintegratedhealth.com; and
3.  www.esperance.com

 
(hereinafter referred to as the “Website”), and the application named “Bumrungrad” (hereinafter referred to as the “Application”)

 
We are deeply aware of the importance of protecting personal data and right to privacy of yours as you are the user of the Website and Application, (hereinafter referred to as “User” or “you”). We, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), we therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Hospital.
 
We ensure that your personal data will be secured by a stringent security standard throughout the processing procedure. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.

 

1. Definitions

"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Hospital as specified in this Notice.
 
“Sensitive Data” refers to Personal Data classified as sensitive data under the Personal PDPA that the Hospital is permitted to collect, use, disclose and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.

 

2. Personal Data Collected, Used and/or Disclosed by the Hospital

We will collect, use, and/or disclose your Personal Data which includes, but is not limited to, the following:
 
2.1 General Personal Data

1. ) Personal information, e.g., title, first name, middle name, last name, date of birth, gender, nationality, photograph, country of residence, hospital number, national ID card number, and passport number.
2. ) Contact information, e.g., address, mobile phone number, home phone number, and email address.
3. ) Financial information, e.g., bank account, credit or debit card information.
4. ) Personal information for account login e.g., username, log-in through social media account (such as Line, Facebook, and WhatsApp), including personal data from the social media account that you choose to share with us (such as email, phone number).
5. ) Automatically collected data about your use of service, e.g., access time, device ID, or other unique identifiers, IP address, mac address, overall usage data, usage history, settings, language information, device name and model, location and time zone, network provider, operating system information, and session length.

 

2.2 Sensitive Data 

Information relating to patient treatments and health services which may include Sensitive Data, e.g., health data, data about illnesses to be consulted, disabilities, medication, drug allergy, health-related reports, laboratory test results, and diagnoses, photos, and videos for service operations.

The Hospital will inform you toconceal the Sensitive Data that appears on a picture or copy of identification card such as religion and blood type. If you did not conceal such data, the Hospital will conceal those data on your behalf. In case that the data cannot be concealed due to technical limitation, the Hospital will keep such data as a part of your identification documents only.

 

3. Source of Your Personal Data

We will receive your Personal Data from the main channels as follows:
 
3.1 From the process of creating a user account through registration via the Hospital's Website or Application;

3.2 From the Personal Data you voluntarily release to us to request our services, whether through filling out a service request form at the Hospital, contacting via social media accounts, phone calls, or other forms filled out through the Hospital's Website and Application such as appointment forms, inquiry forms, product purchase or service request forms, and news subscription forms;

3.3 From your registration and log-ins through third-party platforms such as Google, Facebook, Twitter and Apple. We may receive your additional Personal Data through these platforms as they are capable of verifying the authenticity of your identity and providing you with the option to disclose your certain Personal Data, e.g., your name, email address and social media accounts, to the Hospital if you have authorized their platforms to share your Personal Data with us; and

3.4 From devices or other applications, such as “Apple Health App” to Bumrungrad Application that you can decide which health data will be disclosed to us for providing your health services.

We may receive your Personal Data from other sources, e.g., your family members, intimate persons, or any other third party assigned by you to register and complete your service request form. We may also receive your Personal Data from the Hospitals, representatives, or alliances that refer or introduce you to receive our services.

 

4. Purposes and Legal Bases 

We will process your Personal Data based on legal bases as provided below:

4.1 We rely on contractual obligations to process your Personal Data, for instance

1. ) consider registration requests to create user accounts on the Website and Application;
2. ) verify your identity when registering to create an account on the Website and Application;
3. ) register new patients into the Hospital's information system;
4. ) proceed with the registration of service with the Hospital through online platforms (such as Booking an Appointment, Pre-registration, Telemedicine, Tele-Consultation with Doctor, Refill Medicine and Healthcare at home) and contact you for providing the services;
5. ) assist you in buying products and services from the Hospital through online platforms such as purchasing vouchers for health check-up programs and other medical treatment programs;
6. ) collect payment for products and services, e.g., service packages, purchased products, etc. through the Website;
7. ) estimate the cost of medical treatment and the service fee for consulting with a doctor; and
8. ) facilitate the processing of hotel reservations in the vicinity of the Hospital.

 
4.2 We rely on legal obligations to process your Personal Data, for instance:

1. ) comply with the applicable laws to achieve the objectives relating to medical diagnosis, health services, medical treatment, compliance with professional ethics, health management, insurance proceedings, and welfare with regard to medical treatment for those who are legally entitled;
2. ) submit Personal Data to government agencies as required by law;
3. ) comply with court orders or orders of competent authorities as required by law; and
4. ) pay legal fees.

 
4.3 We rely on legitimate interest to process your Personal Data, for instance:

1. ) facilitate your access to the Website and Application;
2. ) allow you to access services through the Hospital's online platforms reserved for members with user accounts;
3. ) manage bookings and appointments for medical treatments or consulting by a doctor;
4. ) deliver doctor’s appointment notification messages or offer assistance;
5. ) provide assistance, answer questions, respond to inquiries, and accept the request with regard to services;
6. ) contact you due to your complaint or comments on the Hospital’s services that you want to improve;
7. ) track your use of services to improve the quality of the Hospital’s services;
8. ) develop and improve service quality, increase service efficiency, and facilitate the use of services through the Hospital’s systems to the User and customers;
9. ) disclose your Personal Data, where it is necessary, to investigate, prevent, or act in reprisal in the event of suspected illegality or fraud, or to safeguard the safety, rights, or property of the Hospital or of another person; and
10. ) disclose your Personal Data for the purpose of internal auditing.

 
4.4 We rely on the necessity to process your Sensitive Data in order to establish and exercise legal claim as permitted by law, for instance, collecting patients’ medical expenses, invoicing, requesting patients to pay off the invoice, issuing a receipt, and examining patient’s billing and debt payment status.

4.5 In the event that you have given your explicit consent, we will collect, use, disclose and/or transfer your Personal Data for the purposes set forth in each of the following consent:

1. Perform data analysis regarding purchased products and/or services including your health data for sending news, advertisements, notifications, promotions, campaigns or invitations to the Hospital’s activities that might benefit you or match your interest via channels you have given to the Hospital.

 

5. Disclosure of Your Personal Data

We will not disclose your Personal Data for purpose other than purposes specified herein, unless having been consented to do so.
 
We will not disclose your Personal Data for purpose other than purposes specified herein, unless having been consented to do so.
 
The Personal Data that you have provided to us may be transferred outside Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
 
We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g., insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of medicines and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are alliance with us, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers. We may proceed any other actions to complete the purposes specified in this Notice in order to benefit our services.
 
We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
 
Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as the Embassy and ​​Immigration Office, or to relevant agencies in order to verify your Personal Data to prevent fraud or corruption, we reserve the right to do so without your prior consent.

 

6. Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons

In the event that we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them.
 
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
 
If you become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, you can exercise the rights of the Data Subject as the legal representative under the PDPA.


 

7. Cookies

We may place cookies on your device and use them to automatically collect your Personal Data when you visit the Website.
 
Cookies are small pieces of data sent from a website that are stored on your computer. They help record the User’s browsing activities conducted on the Hospital’s website, such as preferred languages, list of favorites, most common use, and other settings, to customize the Website to fit your preference and make internet browsing faster and easier.
 
You can customize your browser settings to block the use of cookies in order to prevent your browser from automatically accepting new cookies, but it may affect a quality of usage on the Website or difficulty in making any request or entering into any transaction with us on the Website.
 
We reserve the right to place cookies on your devices for the purpose of collecting your Personal Data.
 
You may learn more about cookies on the Website at https://www.bumrungrad.com/en/cookies-policy

 
 

8. Retention Periods and Security Protection Measures

8.1  We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law.
 
8.2  We have provided an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for the purpose of collecting specified by this Notice.

8.3  We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means with appropriate Personal Data security protection measures against loss, and unauthorized or unlawful access, use, change, modification and disclosure.
 
8.4   We have limited access of your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your Personal Data by data processors or other third parties will take place under appropriate monitoring.

 
 

9. User’s Right as the Data Subject

9.1     Under the PDPA you, as the Data Subject, are entitled to

1. ) Request access to, or copies of, your Personal Data collected, used and disclosed by the Hospital.
2. ) Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Hospital reserves the right to charge you a fee, the amount of which is at our discretion.)
3. ) Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
4. ) Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
5. ) Sequester your Personal Data from further use by any method unless the law provides otherwise.  
6. ) Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
7. ) File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA. 

9.2  We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.
 
9.3   The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.
 
9.4    To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason accordingly.

 

10. Notifications, Reminders, and Location Settings

The Hospital may deliver a notification or reminder to your device. You can opt out of receiving these messages at any time by setting up notifications on your device or by adjusting the notification settings on the Application or by changing the notification settings on your mobile in the notification setting and in the Application.

 

11. Links To Third Parties

Some of the Hospital's online services may contain links to third-party applications or websites. Access to and usage of such applications or websites shall be governed by the privacy notice of such third party. We refuse to be held liable to the User if such applications or websites do not comply with or operate in accordance with a third party’s privacy notice.
 
 

12. Amendment

We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. The amended, adjusted, or modified notice shall be announced to you as soon as it becomes effective. Your use of the service after such amendment, adjustment, or modification is posted shall constitute your acceptance of the new notice.

 

13. Contact Us

Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our privacy notice, you can contact us via the following channels:
 
 

BUMRUNGRAD HOSPITAL PUBLIC COMPANY LIMITED
33 Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110
Data Protection Officer (DPO)
Email: [email protected]
 

 

 
Bumrungrad Hospital Public Company Limited and its affiliated companies (hereinafter referred to as the “Hospital” or “we”, as the case may be) are the hospitals that are accredited to international standards with various specialists for medical treatments. The Hospital, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), are aware of the importance of protecting the personal data of patients, contacts, emergency contacts, and others who involved with the Hospital (hereinafter referred to as “you” or “Data Subject”), we therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Hospital.

We ensure that the processing of your personal data will be secured by security protection measures of our standard. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.
 

1. Definitions

"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Hospital as specified in this Notice.

“Sensitive Data” refers to personal data classified as sensitive data under the PDPA that the Hospital is permitted to collect, use, disclose, and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.
 

2. Personal Data Collected by the Hospital

The Hospital will collect, use, disclose and/or transfer your Personal Data which includes, but is not limited to, the following:
 
2.1      General Personal Data

1. ) Personal information, e.g., title, rank, position, first name, middle name, last name, age, date of birth, gender, photograph, nationality, country of residence, national ID card number, passport number, signature, and marital status.
2. ) Contact information, e.g., address, mobile phone number, home phone number, and email address.
3. ) Service information, e.g., record of doctor’s appointments, room requirements and other additional services.
4. ) Educational information, e.g., education background.
5. ) Information appearing on legal documents, e.g., national ID card, passport, house registration, driver's license, government official identification card, certificate of name/surname change, marriage certificate, divorce certificate, and birth certificate.
6. ) Contact information and emergency contact information, e.g., first name, middle name, last name, relationship with patients, and mobile phone number.
7. ) Information about the person who has the authority to act on behalf of Data Subject (legal representative, guardian, and curator), e.g., name, surname, and national ID card.
8. ) Financial information, e.g., billing information, credit or debit card information, and bank account details.
9. ) Information on news subscriptions and marketing activities, e.g., seminar enrollment and promotion registration.
10. ) Information from the Hospital’s websites such as IP address, cookies, online doctor appointment, and online doctor consultation.
11. ) Other, e.g., audio recordings, images and videos from CCTV footage.

 
2.2      Sensitive Data
 
The Sensitive Data that we will collect, use, disclose and/or transfer, e.g., information concerning religion, health, disabilities, genetic or biometric data, health history, record of medication/food allergy, treatment result, physical examination result, laboratory result, diagnosis result, medical record, medical certificate, surgical record, radiograph imaging, blood type, picture/audio/animation from medical/surgery/operation procedures.
 
The Hospital will inform you to conceal Sensitive Data that appears on an identification card such as religion and blood type (if any). If you did not conceal such data, the Hospital will conceal those data on your behalf. In case that the data cannot be concealed due to technical limitation, the Hospital will keep such data as a part of your identification documents only.

 

3. Source of Your Personal Data

We may collect Personal Data you voluntarily release to us, whether through hospital service request forms, social media accounts, phone calls, or other forms filled out through the Hospital's websites and applications such as appointment forms, inquiry forms, product purchase or service request forms, news subscription forms, including wearable medical devices.
 
We may receive your Personal Data from other sources, e.g., your family members or intimate persons, any other third party assigned by you to disclose your Personal Data, and hospitals, affiliated companies, representatives, or alliances of the Hospital.
 

4. Purposes and Legal Bases

4.1 We will process your personal data based on legal bases as provided below:  

1. ) We rely on contractual basis to process your Personal Data in order to, for instance,

1. review your various application requests before entering into a contract;
2. medical treatment rights’ claim,
3. request payment;
4. issue invoices and/or receipts;
5. communicate for the purchase of products and/or services;
6. perform contractual obligations;
7. deliver products or services;
8. proceed to collect or receive payment of products or services.

 

2. ) We rely on legitimate interest to process your personal data in order to, for instance,

1. verify your identity;
2. send medical appointment reminders;
3. collect contact information for future inquiries in case an emergency arises and the patient is unable to provide their own information;
4. provide or deliver services as requested;
5. monitor and review the performance of a contractual obligation;
6. provide post-sales services;
7. manage customer relationship;
8. send and follow up a questionnaire to assess customers’ service satisfaction;
9. verify and confirm your identity before entering into transactions or contracts;
10. financially and internally audit;
11. monitor the accuracy of payments, billing, refunds, and compensation;
12. monitor compliance with the Hospital’s regulations;
13. investigate or verify facts;
14. consult for establishment of legal claim or proof in legal process; and
15. record through CCTV for security protection in the buildings or premises.
16. Your Personal Data may be disclosed to lawyers, legal and tax consultants, external auditors, internal auditors, financial auditors, and any other consultants involved in the process of completing the purposes specified above.

 

3. ) We rely on legal obligations to process your Personal Data in order to comply with the laws related to medical facilities, for instance, new patient registration, doctor’s appointment, medical services, diagnosis, medical treatment, patient examination, preliminary physical examination, medication dispensing, use of Personal Data for the purpose of experimentation in internal laboratories of the medical facility, collection and use of contact person’s information to approve of or deny the request for medical treatment, medical benefit claim, and ethical and professional compliance.

 

4. ) We rely on other legal bligations to process your personal data in order to, for instance, collect Personal Data as required by law, disclose or submit Personal Data to government agencies as required by law, and comply with applicable laws, regulations, orders of competent authorities, and court orders.

 

5. ) We rely on vital interests to process your personal data in order to prevent and suppress danger to life, body, or health, for instance, emergency contact.

 

6. ) In the event that you have given your explicit consent, we will process your Personal Data to perform data analysis regarding purchased products and/or services for sending news, advertisements, notifications, promotions, campaigns or invitations to the Hospital’s activities that might benefit you or match your interest via channels you have given to the Hospital.

4.2 We will process your Sensitive Data based on legal bases as provided below:  

1. ) We rely on legal obligations to process your Sensitive Data in order to achieve the objectives relating to preventive or occupational medicine, medical diagnosis, health or social services, medical treatments, and health management, for instance:

1. Diagnosis and medical treatment;
2. Symptoms examination and preliminary physical examination;
3. Use of your data for the purpose of laboratory diagnostics of the Hospital;
4. Disclosure of your data to external laboratories or an external radiology room to conduct experiments and diagnosis;
5. Processing of genetic data to verify identity or relationships before the process of organ transplantation; and
6. Compliance with ethics and professional ethics.

 

2. ) We rely on public health purposes such as processing of your health data for purposes of healthcare service quality improvement, contagion control and prevention.

 

3. ) We rely on the necessity to process your Sensitive Data in order to establish and exercise legal claim as permitted by law, for instance, collecting patients’ medical expenses, invoicing, requesting patients to pay off the invoice, issuing a receipt, and examining patient’s billing and debt payment status.

 

4. ) We rely on vital interests to process your Sensitive Data in order to prevent and suppress dangers to life, body, or health such as emergency contact.

 

5. ) In the event that you have given your explicit consent, we will process your Sensitive Data for the purposes set forth in each of the following consent:

1. Use of a copy of your national ID card that contains Sensitive Data such as religion and blood type to verify your identity;
2. Disclosure of your health data to other hospitals or medical facilities for the purpose of patient referral that is not emergency case;
3. Disclosure of your health data and medical certificate to insurance company to claim your health insurance benefit;
4. Disclosure of your health data and medical certificate to your embassy, employer, agency, organization, governmental agencies, or any relevant person to collect payments for your medical services;
5. Disclosure of your health data to insurance company as requested by you or the insurer for the purpose of entering into an insurance agreement;
6. Disclosure of your health data to third parties such as your family members, relatives, dependents, or intimate persons upon their request;
1. Disclosure of your health data, medical certificate and health record to the airline for Fit for Air Travel;
7. Disclosure of your health data to our business partners for purposes of developing medical products and services;
9. Processing of your health data, biological samples, and the data obtained from such samples, and disclosure of such data to external laboratories for research and academic purposes.;
10. Disclose your sensitive data to external organizations for standard accreditation of the Hospital such as Healthcare Accreditation Institute (Public Organization) (HAI), Joint Commission International (JCI), and Bureau Veritas Internal Organization for Standardization (ISO).
11. Perform data analysis regarding purchased products and/or services including your health data for sending news, advertisements, notifications, promotions, campaigns or invitations to the Hospital’s activities that might benefit you or match your interest via channels you have given to the Hospital.

 

5. Disclosure of Your Personal Data

We will not disclose your Personal Data for purpose other than purposes specified herein, unless having been consented to do so.
 
Personal Data that you have provided to us may be transferred outside Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
 
We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g.,  insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of drugs and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are alliance with us, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers, and internal organizations such as Bureau Veritas, Joint Commission International (JCI), and Healthcare Accreditation Institute (Public Organization)(HAI). We may proceed any other actions to complete the purposes specified in this Notice in order to benefit our services.
 
We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
 
Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as embassy, the Immigration Office, or to relevant agencies in order to verify your Personal data to prevent fraud or corruption, we reserve the right to do so without your prior consent.
 

6. Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons

Where we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them.
 
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
 
If you become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, you can exercise rights of the Data Subject as the legal representative under the PDPA.
 

7. Retention Periods & Security Protection Measures

7.1 We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law. 

7.2 We have an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for the purpose of collecting specified by this Notice. 

7.3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means to ensure that your Personal Data is protected with secured and trustworthy security protection measures of international standard against loss, and unauthorized or unlawful access, use, change, modification, and disclosure. 

7.4 We have limited access of your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your personal data by data processors or other third parties will take place under appropriate monitoring. 
 

8. Data Subject’s Right

8.1 Under the PDPA, you, as the Data Subject, are entitled to: 

1. ) Request access to, or copies of, your Personal Data collected, used and disclosed by the Hospital.
2. ) Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Hospital reserves the right to charge you a fee, the amount of which is at our discretion.)
3. ) Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
4. ) Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
5. ) Sequester your Personal Data from further use by any method unless the law provides otherwise.  
6. ) Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
7. ) File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA. 
8. ) We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.

8.2 The exercise of your rights specified above must comply with law. The Hospital reserves the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the personal data processing record as required by law. 

8.3 The exercise of your rights specified above must comply with law. The Hospital reserves the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded as required by law

8.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason, accordingly.
 

9. Amendment

We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. If such changes occur, we will inform you of the amended, adjusted, or modified content in the designated channel as soon as it becomes effective. New Notice will only apply to you upon your use of service after the revision.
 

10. Contact Us

Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our Notice, you can contact us via the following channels:
 

BUMRUNGRAD HOSPITAL PUBLIC COMPANY LIMITED
33 Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110
Data Protection Officer
Email: [email protected]

 

Bumrungrad Hospital Public Company Limited and its affiliated companies (hereinafter referred to as the “Company” or “we”) are hospitals accredited to international standards, with various specialists providing medical treatments. The Company, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), recognizes the importance of protecting your personal data as our business partners, contracting parties in the present, in the past, and possibly in future contracts, including employees, personnel, officers, representatives, agents, authorized directors of juristic persons, directors, contact persons, and any other natural persons acting on behalf of juristic persons who are our business partners, witnesses, and other related persons (hereinafter referred to as “you” or the “Data Subject”). We therefore issue this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed, and/or transferred (“process” or “processing”) to any other relevant persons by the Company.

We ensure that the processing of your personal data will be secured by our standard protection measures. We will not process your personal data for purposes other than those specified in this Notice unless you have given your consent.


1. Definitions
"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Company as specified in this Notice.
“Sensitive Data” refers to personal data classified as sensitive under the PDPA, which the Company is permitted to collect, use, and/or disclose with your explicit consent. This includes, for example, information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, as well as data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that similarly affect the Data Subject.


2. Personal Data Collected by the Company
The Company will collect, use, disclose, and/or transfer your personal data, which includes but is not limited to the following:
 
2.1  General Personal Data

1. Personal information, e.g., name, surname, title, nationality, gender, age, date of birth, photograph, identification number, tax identification number, professional license number, etc.
2. Contact information, e.g., telephone number, fax number, address, email address, etc.
3. Work Information, e.g., occupation, job title, etc.
4. Financial information, e.g., bank account number, etc.
5. Information appearing on legal documents, e.g., a copy of an identification card, a copy of a professional license, a copy of any license, etc.
6. Other information, e.g., pictures or videos from CCTV footage.

2.2 Sensitive Data
The Company may collect, use, disclose, and/or transfer Sensitive personal data, including race, religion, and blood group, as shown on a copy of your national identification card or any other official document you provide to the Company, for the purposes of identity verification, legal compliance, or the fulfilling of the Company’s contractual obligations. The Company will process such sensitive data only with your explicit consent or where otherwise permitted by law.
If you do not wish the Company to process such sensitive personal data, please strike out the information on the copy of the document before submitting it to the Company. In the event that you do not strike out the sensitive personal data, the Company will consider that you have explicitly consented to the processing of such sensitive personal data for the purposes specified in this Notice. Where processing is not necessary, the Company will redact or conceal such data instead. However, if it is technically impossible to do so, the Company will retain the data solely as part of your identity verification documents.



3. Source of Your Personal Data
The Company may collect your personal data directly from you, such as when you provide it through communication channels in connection with the procurement of goods or services, through the exchange of business cards, or via the Company’s electronic platforms or channels (e.g., registration to access the Company’s premises or identity verification). We may also collect your personal data from communications with the Company’s employees through various channels, such as email, telephone, or Microsoft Teams. In addition, the Company may receive your personal data from other sources, such as referrals or recommendations by other persons or medical personnel, from your close acquaintances or persons authorized by you to act on your behalf, or from publicly available sources.



4. Purposes and Legal Basis for Processing 
We will process your personal data for the following purposes, under the corresponding legal bases:

1. For the fulfilling of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as procurement selection processes, pre-contractual qualifications review, contract negotiation or execution, communication for the sale of goods and/or services, fulfillment of contractual obligations, invoicing or payment for goods or services, delivery or receipt of goods or services, etc.
2. For legitimate interests, such as procurement, acceptance of goods or services, contract performance monitoring, product or service quality verification, identity verification for transactions or legal agreements, performance evaluations, investigations, audits, consultations regarding the establishment of legal claims, or proceedings in legal processes. This may include disclosure of your personal data to attorneys, legal or tax advisors, auditors, internal or financial auditors, and other consultants for such purposes; disclosure to external service providers for accounting, financial, or IT system services; and the use of CCTV footage for building or premises security.
3. For compliance with legal obligations applicable to the Company’s operations, such as accounting and financial activities, including audits, debt collection, issuance of tax invoices, and transaction records as required by law; the collection of personal data as mandated by legal provisions; the disclosure or submission of data to government authorities as required by law; compliance with legal provisions, regulations, court orders and/or orders of authorized officials; payment of legally required fees; and the establishment or exercise of legal claims or rights in judicial proceedings.
4. For the prevention or mitigation of danger to life, body, or health, such as emergency contact or the control and prevention of communicable diseases.

5. Disclosure of Personal Data
We will not disclose your personal data to any third party for independent use under any circumstances, except as stated in this Notice or when authorized by you.

However, the Company may disclose your personal data to affiliated companies or third parties for purposes such as auditing, legal consultation, litigation, or any other necessary actions related to the purposes specified in this Notice, and for the legitimate interests of the Company's business operations. In such cases, the Company will ensure that those parties process your personal data in accordance with this Notice and applicable laws.

The Company may also be required to disclose your personal data to government authorities or other regulatory bodies, such as the Revenue Department, or pursuant to orders issued by government agencies or regulatory authorities, without obtaining your prior consent, as required by law.



6. Cross-border Data Transfer
In certain circumstances, the Company may need to transfer your personal data to a foreign country. Such transfers will be conducted only where permitted under applicable data protection laws.
The Company will implement appropriate safeguards in accordance with legal requirements, which may include entering into Standard Contractual Clauses (SCCs) or relying on other lawful data transfer mechanisms, to ensure that your personal data is adequately protected in line with applicable data protection regulations.


7. Retention Periods
7.1 The Company retains your personal data only as long as necessary to fulfill the purposes stated in this Notice. The retention period will be determined based on appropriateness and aligned with contractual terms, accounting standards, statutory prescription periods, and any legal obligations requiring the continued retention of your personal data for compliance, the establishment of legal claims, or the exercise or defense of such claims.
7.2 The Company has implemented a system to review and ensure the deletion or destruction of personal data once the retention period has expired, or when the data is no longer relevant or necessary for the purposes for which it was collected.


8. Security Measures
8.1 The Company has established appropriate security measures to protect personal data, covering both physical and digital formats, including documents, electronic systems, computers, or other tools, in accordance with international standards. These measures are in place to give you confidence in the security of the Company’s personal data protection system and include safeguards against loss, unauthorized access, use, alteration, modification, or disclosure of personal data, whether accidental or unlawful.
8.2 The Company restricts access and uses security technologies to prevent unauthorized access or cyberattacks on its computer and electronic systems. When your personal data is disclosed to external parties for processing or to data processors, the Company will ensure such parties are appropriately supervised and act in compliance with the Company’s instructions.


9. Your Rights as a Data Subject
9.1 Under the Personal Data Protection Law, you have the following rights:

1. ) The right to request access to or obtain a copy of your personal data that the Company collects, uses, or discloses.
2. ) The right to receive or request the transfer of your personal data in a structured, commonly used, and machine-readable format, and to transmit such data to another party as requested. (The Company reserves the right to charge a reasonable fee based on actual costs incurred.)
3. ) The right to object to the collection, use, or disclosure of your personal data, as permitted by law.
4. ) The right to request the deletion, destruction, or anonymization of your personal data, as required by law.
5. ) The right to request the suspension of the use of your personal data, unless there are legal limitations that prevent the Company from complying with your request.
6. ) The right to withdraw your consent at any time, unless restricted by law or contract. Withdrawal of consent will not affect the lawful processing of personal data conducted prior to the withdrawal.
7. ) The right to file a complaint with the authorized supervisory authority under the Personal Data Protection Law if you believe the Company has not complied with applicable laws.

9.2 The Company will make reasonable efforts to ensure that your personal data is accurate, complete, and up to date in order to avoid any misunderstanding. You have the right to request a correction or update of your personal data if you believe it is inaccurate or has changed.
9.3 Your exercise of the above rights must comply with the applicable laws. The Company may deny your request if it falls under legal exceptions or restrictions provided by the law. In the event that your request is denied, the Company will record your request along with the reason for denial in the processing activity records as required by law.
9.4 To exercise your rights, you may contact the Company using the contact details provided in this Notice. The Company will review your request and inform you of the outcome within 30 days from the date of receiving your request. If your request is denied, the Company will provide a reason for the denial along with the response.


10. Amendment to this Privacy Notice
The Company may review, amend, or update this Privacy Notice from time to time to ensure its consistency with relevant practices, laws, regulations, and legal requirements. In the event of any changes to this Notice, the Company will notify you by publishing the updated version through channels designated by the Company as soon as practicable. Your continued use of the services following the publication of any changes to this Notice shall be deemed as your acceptance of such changes.


11. Contact Information
Should you wish to exercise any of your legal rights under applicable data protection laws as outlined above, or if you have any questions, concerns, suggestions, or complaints regarding this Privacy Notice, you may contact the Company through the following channels:


 
BUMRUNGRAD HOSPITAL PUBLIC COMPANY LIMITED
33 Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110
Data Protection Officer (DPO)
Email: [email protected]
 
   
 

We, Bumrungrad Hospital Public Company Limited, an internationally accredited and multi-specialty hospital, and its affiliated companies* (hereinafter referred to as the “Company” or “We,” as the case may be), as the data controllers under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), are aware of the importance of protecting the Personal Data of the shareholders and the relevant persons (hereinafter referred to as “You” or “Data Subject”). We, therefore, announce this Privacy Notice (the "Notice") to inform you of the protection of your Personal Data that is collected, used, disclosed, and transferred (collectively “Processing”) by the Company to any other relevant persons.

We ensure that Processing your Personal Data will be secured by our appropriate and sufficient security measures. We will not process your Personal Data for purposes other than those specified in this Notice unless you consent.


1. Definitions

"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the Company as specified in this Notice.

“Sensitive Data” refers to Personal Data classified as sensitive data under the PDPA that the Company is permitted to collect, use, and disclose with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data processed to identify a natural person uniquely.


2. Personal Data Collected, Used, and Disclosed by the Company

The Company will collect, use, or disclose your General Personal Data, which includes, but is not limited to, the following:

1. Personal information, e.g., first name, last name, title, national identification card number, copy of passport/visa, age, date of birth, gender, and nationality.
2. Contact information, e.g., address, mobile phone number, and email address.
3. Financial and investment information, e.g., shareholder reference number, share certificate number, number of share(s), bank account number, and dividend payment.
4. Other, e.g., capture or video from meeting and conversation records from the meetings.

3. Source of Your Personal Data

We may collect Personal Data you voluntarily release to us, such as your disclosure as a shareholder, or from other sources, e.g., broker and Thailand Securities Depository Co., Ltd. (TSD)


4.  Purposes and Legal Bases

We will process your Personal Data based on legal bases as provided below:

4.1 We rely on contractual obligations to process your Personal Data, such as follows:

1. ) To communicate with you as a shareholder;
2. ) To verify your registration relating to the shareholders’ meetings;
3. ) To process the meeting registration system and voting;
4. ) To close the share registry book for determining your rights to attend the shareholders’ meetings, your rights to receive dividends, or from time to time for checking of shareholders list;
5. ) To convene a shareholders’ meeting and to send the invitation letter or other documents to the shareholders; and
6. ) To pay dividends to the shareholders.

4.2 We rely on legal obligations, such as follows:

1. ) To treat you, as a shareholder, according to your rights and responsibilities under the laws;
2. ) To call and convene annual shareholders’ meetings or extraordinary shareholders’ meetings in accordance with the laws;
3. ) To collect, disclose, and report your Personal Data to the regulatory authorities, e.g., Securities and Exchange Commission (SEC), Stock Exchange of Thailand (SET), Thailand Securities Depository Co., Ltd. (TSD), Department of Business Development (DBD), as well as to comply with the orders of the court and competent governmental authorities;
4. ) To count the votes and to process the vote counting; and
5. ) To prepare and disclose the related party transaction report.

4.3 We rely ona legitimate interest to process your Personal Data, such as follows:

1. ) To verify your or your proxy’s identity at the shareholders’ meeting;
2. ) To prepare the minutes of the shareholders’ meeting and to witness your attendance;
3. ) To take pictures and record videos of the events at the meeting places and the attendants, in which your photographs or movements may appear. This includes the record of conversations during the meeting;
4. ) To secure the inner and outer building and the premises whereby the surveillance cameras may collect your pictures;
5. ) To prevent and investigate fraudulent actions, money laundering, criminal offenses, or any other unlawful activities;
6. ) To investigate, verify facts, establish/exercise the legal claims, or be used as evidence in the legal proceeding.
7. ) To disclose your opinions and suggestions to the directors, the executives, the committees, and other relevant parties for further utilization or to fulfill your request, such as nominating a director or proposing an agenda item.

5. Disclosure of Your Personal Data

We will not disclose your Personal Data for a purpose other than those specified herein unless having been consented to do so.

We may disclose your Personal Data to our group of companies and affiliates or third parties to take out loans from banks, for investment, license applications, arrange the shareholders’ meetings, count the votes, process vote counting results, pay dividends, audit accounts, seek for legal advice, prosecute, and perform other activities to complete the purposes as specified herein for the sake of our business operation. We will ensure that the aforementioned third parties handle your Personal Data in accordance with this Notice and the applicable laws.

Where it is necessary to disclose your Personal Data to any governmental or regulatory agency such as the SEC, SET, TSD, or DBD, in order to comply with the laws or orders of governmental or compliance authorities, we reserve the right to do so without your prior consent.


6. Retention Periods & Security Protection Measures

1. 1 We will retain your Personal Data for as long as necessary to fulfill the purposes specified in this Notice. We may retain your Personal Data as long as agreed on in the contract or per accounting standards, prescription periods, legal obligations, or establishment or exercise of a legal claim as permitted by the law.
2. 2 We have an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period or if such Personal Data is unrelated to or beyond the necessary collection specified by this Notice.
3. 3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means with appropriate Personal Data security measures against loss, unauthorized or unlawful access, use, change, modification and disclosure.
4. 4 We have limited access to your Personal Data and adopted technology to secure your data from cyber-attacks and unauthorized access to our computer and electronic systems. We further ensure that any processing of your Personal Data by data processors or other third parties will occur under appropriate and stringent monitoring.

7.Data Subject’s Right

7.1 Under the PDPA, you, as the Data Subject, are entitled to:

1. ) Request access to, or copies of, your Personal Data processed by the Company.
2. ) Request transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Company reserves the right to charge you a fee, the amount of which is at our discretion.)
3. ) Object to the collection, use, and disclosure of Personal Data to the extent permitted by law.
4. ) Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
5. ) Sequester your Personal Data from further use by any method unless the law provides otherwise.
6. ) Withdraw your consent given us at any time unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for Processing.
7. ) File a complaint with the competent officer authorized under the PDPA if you believe we have violated, or do not comply with, the PDPA.

7.2 We will endeavor to procure or maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections to it.

7.3 The exercise of your rights specified above must comply with the law. We reserve the right to refuse any request on grounds permitted by law. If we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.

7.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be notified accordingly.


8. Amendment

We reserve the right to alter, adjust, and modify this Notice to comply with applicable guidelines, laws, and regulations. If such changes occur, we will inform you of the amended, adjusted, or modified content in the designated channel as soon as it becomes effective. New Notice will only apply to you upon your service use after the revision.


9. Contact Information

Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions, or complaints about our Notice, you can contact us via the following channels:

BUMRUNGRAD HOSPITAL PUBLIC COMPANY LIMITED
33 Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok
Data Protection Officer (DPO)
Email: [email protected]


 

 

1. Personal Data Collected by the Hospital

The Hospital will collect your personal data through its CCTV system, which may include:

• Still images and video footage of individuals
• Vehicles and license plate numbers
• Objects that may identify an individual (if captured in the footage)
• Information relating to date, time, and location

Such data will be recorded while you are present in areas of the Hospital where CCTV cameras are installed, both inside the buildings and around the premises. The Hospital will collect this data only within the scope and purposes specified in this Notice. Where required by law, the Hospital will obtain your consent through appropriate procedures before collecting such data.
 

2. Purpose and Legal Basis of Collection

The Hospital may record, store, duplicate, process, update, or disclose CCTV images and video footage for the following purposes:

• To ensure the safety and security of the life, body, and property of employees, customers, visitors, and other individuals on the Hospital premises.
• To prevent, detect, and monitor irregularities, damages, or unlawful activities that may occur within the Hospital premises.
• To support investigations by governmental authorities or other competent agencies, including compliance with court orders.
• To serve as evidence in disciplinary investigations, dispute resolution, or internal investigations conducted by the Hospital.
• To establish, exercise, or defend legal claims to protect the rights and interests of the Hospital and relevant individuals.
• To verify identity or manage control access to areas in compliance with law requirements or security regulations.
• To facilitate a safe and secure environment for service users and all individuals present on the premises.

The Hospital installs CCTV cameras only in necessary areas for security and operational purposes. Cameras are not installed in private areas such as restrooms, changing rooms, or staff break areas, in order to protect individuals’ privacy rights.

CCTV cameras operate 24 hours a day, every day. The Hospital has installed clear notification signs in areas under surveillance to ensure transparency in data collection and compliance with personal data protection principles.

The processing of such data is based on the following legal bases:

• Legitimate Interest: The Hospital’s legitimate interest in maintaining security and protecting the rights of individuals and property, without affecting the fundamental rights and freedoms of the data subjects.
• Vital Interest: To prevent or mitigate harm to the life, body, or health of individuals.
• Legal Obligation: To comply with applicable laws and regulations.

3. Retention Period

The Hospital will retain your personal data for a period of 30 days. In the event of a dispute or investigation, the Hospital may retain the relevant personal data until the dispute or investigation is fully resolved or concluded.

 

4. Disclosure and/or Transfer of Personal Data

The Hospital will keep CCTV data confidential and will not disclose or transfer such data to external parties, except for security purposes or to comply with applicable laws. The Hospital may disclose and/or transfer your personal data to the following individuals, legal entities, or agencies:

• Government and law enforcement authorities, such as courts, police officers, investigative agencies, or regulatory authorities with legal powers.
• Authorized external service providers selected appropriately, such as security system providers, domestic cloud service providers, or technical service providers involved in the installation and maintenance of CCTV systems. The Hospital will enter into contracts or data processing agreements with these service providers to ensure that your data is adequately protected.
• Contractual partners or legal representatives of the Hospital, when it is necessary to use the data to establish, exercise, or defend the Hospital’s legal rights or claims.

5. Cross-Border Transfer of Personal Data

In certain cases, the Hospital may need to transfer CCTV data to cloud service providers or data processors located outside Thailand, solely for the purpose of data storage or system maintenance. Such transfers will be carried out under the following conditions:

• The Hospital will transfer data only to countries that provide an adequate level of personal data protection as required under Thai law; or
• If the destination country does not provide an adequate level of data protection, the Hospital will enter into data protection agreements with the foreign recipient to ensure that your personal data is protected to a standard equivalent to that required under Thai law.

 

6. Security Measures

The Hospital implements technical, organizational, and physical measures to prevent unauthorized access to, use, alteration, or disclosure of CCTV data. Such measures include restricting access to authorized personnel only, storing data in systems protected by passwords and security controls, and regularly monitoring and reviewing these security measures.


7. Your Rights as a Data Subject

As a data subject, you have the following rights with respect to your personal data held by the Hospital, to the extent permitted by law:

•  To withdraw your consent for the collection, use, or disclosure of your personal data.
•  To request access to, or copies of, your personal data, or to request disclosure regarding how your personal data was obtained.
•  To request the transfer of your personal data to another person or organization.
•  To object to the collection, use, or disclosure of your personal data.
• To request the erasure, deletion, or anonymization of your personal data.
• To request the restriction of the collection, use, or disclosure of your personal data.
• To request the correction of your personal data to ensure it is accurate, up-to-date, complete, and not misleading.

​
8. Contact Us

Bumrungrad Hospital Public Company Limited
33 Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110
Phone            +66 2011 2555
Email:             [email protected]
 
Data Protection Officer (DPO)
33 Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110
Email:             [email protected]