Overview of Personal Data Protection
Intermedical Care and Lab Hospital Public Company Limited (IMH) and its subsidiaries recognize the importance of personal data protection and are committed to maintaining appropriate security measures in line with international standards. The company has therefore established and published its Personal Data Protection Policy to inform all related parties and to enforce this policy on all executives, employees, and external personnel working for the company. All executives are responsible for supporting, promoting, and monitoring the implementation of this policy in strict compliance with the Personal Data Protection Act B.E. 2562 (2019), as outlined below:
1. Collection of Personal Data
The collection of personal data shall be limited to what is necessary and relevant for the intended purposes, in accordance with the companys established policies and guidelines.
2. Data Quality
The company collects and stores personal data of service users to support operations aligned with its mission, authority, and legal objectives. Emphasis is placed on ensuring that personal data is accurate, complete, appropriate, and up to date. Adequate security measures are in place, including risk management and awareness-building regarding data security responsibilities.
3. Purpose of Collection, Use, or Disclosure of Personal Data
The company shall collect, use, or disclose personal data only for the purposes specified below, and in accordance with legal grounds and relevant laws:
3.1 For purposes related to the sale of products and provision of services to customers, including any other related operations.
3.2 For purposes related to procurement activities with business partners, utilization of service providers, and other related operations .
3.3 For purposes related to communication and marketing activities.
3.4 For purposes related to data analysis and the improvement of the hospitals product and service quality.
3.5 For purposes related to human resource management.
3.6 For purposes related to the administration of shares, debentures, and other securities of the hospital.
3.7 For purposes related to the fulfillment of legal obligations applicable to the hospital, or the establishment of legal claims.
3.8 For purposes related to security and safety management.
3.9 For any actions necessary or beneficial to you, and for other purposes as deemed appropriate.
4. Publication and Communication of the Policy
The company shall publish and communicate this personal data protection policy and related practices through its website, and undertake other actions as required by law. These include implementing mechanisms to facilitate the exercise of data subject rights, defining responsibilities for personal data controllers and processors, and appointing a Data Protection Officer (DPO) as necessary.
5. Company and Subsidiary Personnel
All personnel of the company and its subsidiaries are expected to maintain awareness and take responsibility in protecting personal data of related parties as if it were their own.
6. Scope of Application
This Personal Data Protection Policy applies to the personal data that the Company and its subsidiaries may collect, use, disclose, or transfer regarding the following groups:
6.1 Business Partner Group
This includes both individual persons who are current, former, or potential business partners or contractual counterparties of the Company, as well as employees, personnel, officers, representatives, agents, authorized persons acting on behalf of legal entities, directors, contacts, and other individuals acting in the name of such corporate partners or counterparties.
6.2 Hospital Personnel, Employees, and Job Applicants
This includes the Companys and its subsidiaries employees and job applicants, as well as family members or reference persons named by the employees or applicants.
6.3 Shareholders and Securities Holders
This includes shareholders or holders of other securities, as well as any persons who are interested in investing in the Company.
6.4 General Public, Visitors, and External Individuals
This includes general individuals, visitors, and external parties who enter the Companys premises, whose personal data may need to be collected for the purpose of maintaining security within the Company's areas of responsibility.
7. Personal Data Retention Period
The hospital will retain your personal data for as long as necessary to fulfill the purposes for which such data is processed. The retention period may vary depending on the specific purpose of processing. In addition, the hospital will retain personal data in accordance with any applicable legal requirements, taking into account the statutory limitation periods for potential legal claims arising from or related to the documents or personal data collected by the hospital. The retention period will also be based on the hospitals internal practices and relevant industry standards for each type of personal data.
In any case, the hospital will retain your personal data for no longer than 5 years from the date the legal relationship between you and the hospital ends. However, the hospital may retain your personal data for a longer period if permitted by law or if such retention is necessary for the establishment of legal claims by the hospital.
8. Your Rights Regarding Personal Data
As the data subject, you have the following rights concerning your personal data, subject to the criteria, procedures, and conditions as specified by the Personal Data Protection Law. If you wish to exercise any of your rights, you may contact the hospital using the contact details provided in Section 9 of this announcement.
8.1 Right of Access
You have the right to access your personal data and request a copy of such data from the hospital, as stipulated by the Personal Data Protection Law.
8.2 Right to Data Portability
You have the right to obtain your personal data and request the hospital to transfer or transmit such data to another data controller or to yourself, unless it is technically unfeasible, as prescribed by law.
8.3 Right to Object to Processing
You have the right to object to the processing of your personal data under circumstances as specified by the Personal Data Protection Law.
8.4 Right to Erasure
You may request the hospital to delete, destroy, or anonymize your personal data when permitted by the Personal Data Protection Law.
8.5 Right to Restriction of Processing
You have the right to request the hospital to suspend the processing of your personal data under the conditions outlined by the law.
8.6 Right to Rectification
You have the right to request the correction of your personal data if it is inaccurate, outdated, incomplete, or misleading.
8.7 Right to Withdraw Consent
If the hospital relies on your consent to process your personal data, you have the right to withdraw such consent at any time.
8.8 Right to Lodge a Complaint
If you have any concerns or questions about how the hospital handles your personal data, you may lodge a complaint by contacting the hospital using the contact details provided in Section 9 of this announcement.
In the event that there are reasonable grounds to believe that the hospital has violated the Personal Data Protection Law, you have the right to lodge a complaint with the Expert Committee appointed by the Personal Data Protection Committee in accordance with the rules and procedures prescribed by the Personal Data Protection Law.
The hospital reserves the right to consider your request to exercise any of your rights and to proceed in accordance with the provisions of the Personal Data Protection Law.
Intermedical Care and Lab Hospital Public Company Limited (IMH)
INTERMEDICAL CARE AND LAB HOSPITAL PUBLIC COMPANY LIMITED
442 Bang Waek Road, Bang Waek Subdistrict, Phasi Charoen District, Bangkok 10160
0-2865-0044 - 49
0-2410-4284
info@intermedthai.com
10. Additional Guidelines
Executives, employees of the company and its subsidiaries must comply strictly with the policy, guidelines, and relevant laws on personal data protection. They must also understand the content of regulations, policies, and accompanying practices that form part of the Personal Data Protection Policy of Intermedical Care and Lab Hospital Public Company Limited (IMH), including manuals, internal and external regulations related to their duties and the protection of personal data. If any inconsistencies are found, they should report the matter via email at: admin@intermedthai.com or through other contact channels specified by the company.
11. Amendments to This Announcement
The hospital may revise this announcement from time to time to reflect changes in the processing of your personal data and in accordance with the Personal Data Protection Act or other applicable laws. The hospital will notify you of any significant changes to this announcement along with the updated version through appropriate channels. The hospital recommends that you periodically review this announcement for any updates.
In the event that there were any prior announcements regarding the Personal Data Protection Policy before this version takes effect, such previous announcements shall be repealed and replaced by this version.
Effective Date : June 1, 2022
Announced on : May 10, 2022 Personal Data Breach means the destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
News and Activities
Investor Relations
Contact Us