(For online health-related products and services reservation platform (OMA))
Ever Medical Technologies Co., Ltd., (referred to as “EVER”, “we” or “our”) the service provider of online health-related products and services reservation platform (OMA) (“Platform”), is always committed to conduct its business under good corporate governances, including recognizing the importance of data security and privacy where we intend to process your personal data with transparency.
1. Collection of Personal Data
EVER may, directly or indirectly, collect your personal data from the following sources:
- Information provided to us via the use of the Platform or the registration of user account or the purchase of products and services through our Platform or by doing any transactions or participating in any campaigns or activities of EVER;
- Medical Service Provider, hospital, clinic, hotel, transportation service provider or passport and immigration service provider;
- Social media and/or other public relation media that you use to access our Service;
- Personal data from third-party, such as our business partners; and
- Any public sources such as government data, and other professional institution
2. Types of Personal Data Collected
Depending on purposes of use and requirement of the officers in processing personal data, EVER may collect various types of your personal data including:
General Personal Data
- Identification information such as name, username, password, date of birth, identification number, telephone number, email address, social media account, address, copy of public servant identification card, copy of identification card, copy of passport, photo, voice, and video;
- Personal characteristics such as age, sex, weight and height;
- Location information such as IP Address, GPS, or your current location;
- Financial information such as credit and debit card, bank account, transaction information including price, payment method, and other payment details;
- Service usage history such as voice recording, video recording, and other record created during the services, data automatically collected via Platform including Platform usage behavior, log-file, devices information and your IP address, setting information, Platform adjustment, date or location that you use the Platform;
- Other information such as personal data that you provide when communicate with us through the Platform;
Sensitive Personal Data
- Medical information and medical history such as health and treatment record, medication and food allergies, medical record and physical therapy record, special request for your treatment or other health-related information you informed during consultation stage in order to choose medical services through our Platform;
With regard to the processing of sensitive data, we will obtain consent from the data subject before or at the time of data processing, unless the processing of such sensitive data fall under the exceptions that the personal data protection law prescribed.
3. Retention Period
We will retain your personal data as long as it is necessary for the purpose of data processing. After that, we will erase and destroy your personal data except as may be required, by applicable laws, or for protection of our interest. In general, personal data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law or for the protection of our interest.
Upon the completion of the abovementioned period, we will follow the deletion procedure to ensure that all your personal data is safely deleted from our server or is retained in the form of anonymous data.
4. Purposes of Use and Disclosure
We will process your personal data to: (i) perform contractual obligations as a party to the contract, (ii) comply with legal obligations, (iii) for the legitimate interest, (iv) for vital interest, or (v) for the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics. We will use and disclose Personal Data for the abovementioned purposes and scope, including the following purposes:
4.1 Purposes of Providing Platform Service
- Registration for using Platform, creation of user account, account registration, and verification record;
- Ordering/ reserving products and/or services of your chosen medical service provider via our Platform;
- Notification for your chosen medical service or other health-related service via our Platform and notification for other services;
- Specifying your location for receiving service or for delivery of medical supplies, products, or other services;
- Providing communication system (chat) on Platform;
- Processing payment, proceeding in relation to the purchase order of medical supplies, products and service, including delivery of medical supplies, products and services under the purchase order and other transaction made on the Platform;
- Facilitating VISA application in order to receive medical services and/or other health-related services;
- Providing services relating to hotel reservation and/or residence for user of the Platform;
- Providing transportation reservation service for user of the Platform;
- Ensuring that the content on our Platform will be provided to you and shown on your electrical devices efficiently; and
- Communication, expressing opinion, making queries, and communicate with you.
4.2 Purpose of Analyzing, Developing, and Improving Service including Preparing Statistical
- Conducting research or strategy analysis in developing, improving functions of the Platform, including developing software, tools, and functions relating to the Platform or other services of EVER;
- Preparing statistical information in relation to public health system, for education, and our internal analysis only;
- Supporting the stability and security of the Platform;
- Conducting satisfactory survey, questionnaire, and opinion suggestion on the Platform; and
- Prepare any set of anonymous data (anonymous data such as demographic information, behavioral information, and technical information that summarized from fundamental information) for the usage of our purposes.
4.3 Marketing Purpose
In the case where applicable law permits and/or we obtained your consent to process data, we
may collect, use, and disclose your personal data including but not limited to the following
- Offering information and newsletter in relation to our Platform. In case where you no longer wish to be contacted for marketing of sales activities, you could opt-out through our designated channels;
- Processing the purchasing order for products, and services that you choose in order to improve quality of service, and offering products and services that you may interested in, including giving advice in relation to products and services to you via chat program on our Platform;
- Setting pattern and improving our general marketing activities; and
- Using all information of the Platform’s visitors and users to generate usage pattern or interest of the Platform’s visitors and users.
4.4 Other Purpose
- Assessment and management of your requests;
- Prevention and investigation of forgery;
- Inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies; and
- Compliance with applicable laws.
5. Personal data of minors, quasi-incompetent person and incompetent person (“Incapacitated
We will process the personal data of Incapacitated Person only where it is permitted by data protection law. For clarity, our Platform is not intended for Incapacitated Person. We do not seek to obtain, nor do we want to obtain personal information directly from Incapacitated Person, but we will arrange to obtain the consent from parent, curator or guardian who is the legal representative of such Incapacitated Person (as the case may be). This does not apply in a case of obtaining consent for processing of personal data of Minor over 10 years old which is strictly personal, suitable to his condition in life and actually required for reasonable needs which such minor can provide consent to us directly.
We will not disclose your personal data without any legal basis. In the case we required to transfer your personal data to other third parties, we will proceed according to an appropriate procedure in order to ensure that other third parties will protect and prevent your personal data from any lost, unauthorized access, usage, modification or disclosure. Your data may be disclosed to other third parties including:
- Medical Service Provider, health-related service provider, or other third-party service provider chosen by you via our Platform e.g. hospital, clinic, hospital, transportation company;
- Our group company or affiliates;
- Other third-party service providers such as cloud service provider or data analysis service provider;
- Governmental and regulatory bodies;
- Auditors, legal advisors, and other advisors; and
- Other data controller to whom you have previously disclosed or transferred data.
7. Cross-Border Transfer
We will disclose your personal data to the recipient outside of Thailand only where it is permitted by data protection law or other applicable laws. In this regard, we may follow the rule for the transfer of data to outside Thailand by entering the standard agreement or use other available tools under the applicable laws and may use the data transfer agreement or other permitted tools for the transfer of personal data to other country.
8. Data Security Measure
We adopt the high-standard security system in both technology and procedures to prevent any possible data theft. We make substantial investments, effort and human resources as to ensure that we maintain high-standard measures and your personal data remains safe. We implement various measures to protect its computer system such as, Firewall and Secure Socket Layer. In addition, EVER also adopt internal guideline to set personal data access control in order to maintain confidentiality and security of data. We will revisit such internal policies periodically according to the laws.
We will delete and destroy your data immediately when it is no longer necessary for the purpose of data processing, or when the retention period expires. In this regard, we may delete or destroy your personal data using appropriate and safe method without prior notice.
Although we make its best efforts to protect personal data with our technical mechanism along with the management by our personnel to control access and keep personal data against unauthorized access, we cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft. Also, monitoring own account on a regular basis (such as monitoring balance, transaction date) and keeping personal data and financial status confidential are strongly recommended.
9. Right of Data Subject
In accordance with the data protection law, you, as a data subject has the following rights (which may be amended pursuant to any regulations of the data protection law) which are exercisable in compliance with applicable laws:
- To access personal data;
- To rectify personal data;
- To erasure of personal data;
- To restrict the use of personal data;
- To object the collection, use and disclosure of personal data;
- To data portability; and
- To withdraw the consent.
In case that we cannot comply with your request to exercise the right of data subject, or that we fail to comply with the data protection law, you may make a complaint to the regulator, including the Personal Data Protection Committee, Ministry of Digital Economy and Society.
In case where you have given the consent for the processing of personal data to EVER (where the consent is not required by other applicable laws), you shall have the right to withdraw the consent at any time. Should a withdrawal of any consent affect any transactions or provision of services, you will be informed at the time of withdrawal request.
In responding to your request under this clause, we may be able to consider only for your personal data we processed as a data controller. For the exercising of your right for the personal data we processed as a data processor of your chosen medical service provider, we will inform such medical service provider to consider and proceed according to your request as your data controller.
SEND TO: Data Protection Officer
Ever Medical Technologies Co., Ltd.
Address: 394 Bangkok Bank Building, 5th floor, Rama I Road., Pathum Wan Sub-district,
Pathum Wan District, Bangkok, 10330
Phone number: 081-234-3834
- When making any complaint or claim, please provide your contact details as to enable EVER to revert as soon as possible.
- We do not charge any administrative fee relating to your personal data. However, a fee in processing certain requests (other than the request for rectification) under the data protection law may apply.