Privacy Policy

Personal Data Breach Response Procedure

Overview of Personal Data

Intermedical Care and Lab Hospital Public Company Limited (IMH) and its subsidiaries recognize the importance of personal data protection and maintain security measures for personal data that are appropriate and comply with international standards. Therefore, this Personal Data Protection Policy has been developed and disseminated to all individuals related to the Company to ensure awareness, and it shall be strictly enforced upon all executives, employees, and external personnel working for the Company. Furthermore, executives of all departments are responsible for supporting, promoting, and inspecting operations to ensure strict adherence to this policy and the Personal Data Protection Act B.E. 2562 (2019), as detailed below:

1.Personal Data Collection

The collection of personal data shall be performed in a limited manner, only to the extent necessary for the purpose of use, and in accordance with the Company's established policy and procedures.

2.Quality of Personal Data

The Company collects and stores personal data of service users to utilize it for operating the unit's mission in accordance with its legal authority and operational objectives. The Company places importance on ensuring the accuracy, completeness, suitability, and up-to-dateness of the collected data. This includes implementing appropriate measures for personal data security, managing risks, and cultivating awareness of responsibility concerning personal data security.

3.Purposes of Collection, Use, or Disclosure of Personal Data

under a legal basis and the data shall be processed only for the specified purposes. Personal data collected will not be disclosed to third parties except for the following purposes:

3.1 Purposes related to the sale of products and provision of services to customers, as well as other related operations. 3.2 Purposes related to procurement with trading partners, utilization of service providers, and other related operations. 3.3 Purposes related to communication and marketing activities.

3.4 Purposes related to data analysis and the quality development of the Hospital's products and services.

3.5 Purposes related to human resource management.

3.6 Purposes related to the management of shares, debentures, and any other securities of the Hospital.

3.7 Purposes related to compliance with relevant or applicable laws to the Hospital, and the establishment of legal claims.

3.8 Purposes related to security and safety maintenance.

3.9 Any necessary and beneficial actions for you, and other purposes

4.Requiring the Communication and Dissemination of the Policy

practices related to personal data protection via the Company's website, and undertaking other necessary actions as required by law. This includes measures to support the rights of the personal data subjects, defining the responsibilities of individuals acting as personal data controllers and processors, and the appointment of a Data Protection Officer (DPO), among others.

5.Personnel of the Company and its subsidiaries

Everyone shall have the awareness and responsibility to protect the personal data of all relevant individuals as if it were their own personal data.

6. Scope of Application

This Personal Data Protection Policy shall apply to the personal data that the Company and its subsidiaries may collect, use, disclose, or transfer, belonging to the following groups of people: the Customer Group, which includes natural persons who are past, present, or potential future customers of the Company, or employees, personnel, officers, representatives, agents, authorized persons acting on behalf of a legal entity, directors, contacts, and any other natural persons acting on behalf of a legal entity that is a corporate customer of the Company.

6.1 The Partner Group, which includes natural persons who are past, present, or potential future partners or contracting parties of the Company, as well as employees, personnel, officers, representatives, agents, authorized persons acting on behalf of a legal entity, directors, contacts, and any other natural persons acting on behalf of a legal entity that is a corporate partner or contracting party of the Company.

6.2 The Hospital Personnel Group, employees, and job applicants, which includes family members or reference persons referred to by the employee or applicant.

6.3 The Shareholders Group or Securities Holders, including any individuals interested in investing in the Company.

6.4 The General Public Group, visitors, and external parties entering the Companys premises, whose personal data must be collected for the convenience of maintaining security within the responsible areas.

7.Personal Data Retention Period

The Hospital will retain your personal data for the period necessary to fulfill the purposes defined for the processing of that personal data. The retention period will vary depending on the specific purposes defined for processing that personal data. Furthermore, the Hospital will retain personal data for the duration required by relevant laws (if any), taking into account the statutory limitation periods for legal proceedings that may arise from or be related to the documents or personal data that the Hospital collects for each item, and by primarily considering the practices of the Hospital and the related business sector for each type of personal data.

In any case, the Hospital will retain your personal data for a period not exceeding 5 years from the date the legal relationship between you and the Hospital ends. However, the Hospital may retain your personal data for a period longer than the aforementioned duration if legally permitted or if such retention is necessary for the establishment of the Hospital's legal claims.

8.Your Personal Data Rights

As the data subject, you have the following rights related to your personal data, subject to the criteria, procedures, and conditions under the personal data protection laws. Should you wish to exercise your rights, you may contact the Hospital using the contact details provided in this Announcement.

8.1 Right of Access to Personal Data: You have the right to access your personal data and request the Hospital to provide a copy of such personal data to you, as stipulated by the personal data protection laws.
8.2 Right to Data Portability: You have the right to receive personal data concerning you, including the right to request the transmission or transfer of your personal data to another personal data controller or to yourself, unless it is impossible to do so due to its nature, as stipulated by the personal data protection laws.
8.3 Right to Object to Processing of Personal Data: You have the right to object to the processing of your personal data in cases stipulated by the personal data protection laws.
8.4 Right to Erasure of Personal Data: You may request the Hospital to delete, destroy, or anonymize your personal data in cases stipulated by the personal data protection laws.
8.5 Right to Rectification of Personal Data: You have the right to request the rectification of your personal data to be accurate, current, complete, or not misleading.
8.6 Right to Withdraw Consent: In cases where the Hospital relies on your consent to process your personal data, you have the right to withdraw your consent for the processing of personal data that you have given to the Hospital.
8.7 Right to Lodge a Complaint: If you have concerns or questions regarding the Hospital's practices concerning your personal data, please contact the Hospital using the contact details provided in Clause 9 of this Announcement.

In the event that there are grounds to believe that the Hospital has violated the personal data protection laws, you have the right to lodge a complaint with the Expert Committee appointed by the Personal Data Protection Committee, in accordance with the rules and procedures stipulated by the personal data protection laws.

In any case, the Hospital reserves the right to consider your request to exercise your rights and to proceed as stipulated by the personal data protection laws.

Company Name (Thai): บริษัท โรงพยาบาลอินเตอร์เมดิคัล แคร์ แอนด์ แล็บ จำกัด (มหาชน) (IMH) 
Company Name (English): INTERMEDICAL CARE AND LAB HOSPITAL PUBLIC COMPANY LIMITED

Address (Thai): 442 ถนนบางแวก แขวงบางแวก เขตภาษีเจริญ กรุงเทพฯ 10160 
Address (English): 442 Bang Waek Road, Bang Waek Sub-district, Phasi Charoen District, Bangkok 10160, Thailand

Phone (Tel): 0-2865-0044 - 49 
Fax: 0-2410-4284 
Email: info@intermedthai.com

9.Additional Practices

Executives, employees of the Company and its subsidiaries must adhere to and comply correctly with the policy, guidelines, and laws related to personal data protection, including understanding the substance of the regulations, policies, and supporting guidelines, which shall be considered an integral part of the Personal Data Protection Policy of Intermedical Care and Lab Hospital Public Company Limited (IMH), as well as various manuals. They must always maintain an understanding of internal and external laws and regulations related to operations and personal data protection. Should any non-compliance be found, please report it via email: admin@intermedthai.com or through other contact channels designated by the Company.

10.Changes to this Announcement

The Hospital may make changes to this Announcement from time to time to ensure compliance with any changes related to the processing of your personal data, and as required by the personal data protection laws or other relevant laws. The Hospital will inform you of any significant amendments to this Announcement, along with the revised Announcement, through appropriate channels. The Hospital recommends that you periodically review any changes to this Announcement.

Furthermore, if there was any prior Personal Data Protection Policy Announcement existing before the effective date of this Announcement, it shall be revoked, and this Announcement shall be used in its place.

The announcement on May 10, 2022 is a result of the fact that the origin of the incident is a matter of change.