บริษัทโรงพยาบาลวิภารามจำกัดเรื่อง นโยบายการคุ้มครองข้อมูลส่วนบุคคล (PRIVACY NOTICE)

บริษัท โรงพยาบาลวิภาราม จำกัด (โรงพยาบาล) ตระหนักถึงความสำคัญของการคุ้มครองข้อมูลส่วนบุคคลและดำรงไว้ซึ่งมาตรฐานในการรักษาความมั่นคงปลอดภัยในข้อมูลส่วนบุคคลที่เหมาะสมและเป็นไปตามมาตรฐานสากล จึงได้จัดทำและเผยแพร่นโยบายความเป็นส่วนตัว (Privacy Notice) ฉบับนี้ให้บุคคล นิติบุคคล ที่เกี่ยวข้องกับโรงพยาบาลได้รับทราบ โรงพยาบาลในฐานะผู้ควบคุมข้อมูลส่วนบุคคลและผู้ประมวลผลข้อมูลส่วนบุคคล ตามพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 (กฎหมายคุ้มครองข้อมูลส่วนบุคคล หรือ Personal Data Protection Act) มีหน้าที่ต้องปฏิบัติตามกฎหมายคุ้มครองข้อมูลส่วนบุคคล 

The hospital needs to collect personal information. of the data owner Both directly and indirectly from the information that the owner of the information or a representative of the data subject given to the hospital or those involved with the data subject or internal departments of hospitals or other agencies telephone service Including the website, downloading, uploading information from the hospital's website. in the form of documents, still images, animations All forms of digital and electronic media

          By setting up a personal data protection policy as follows

  1. Personal Information Protection Policy This will be effective from June 1, 2022 if there are any regulations. that contradicts or contradicts This personal information protection policy Use this Privacy Policy instead.
  2.  In the event that any action relating to Personal Information Protection Policy which this announcement is not defined Comply with laws, rules, regulations, regulations and relevant laws.
  3. Collection, use or disclosure of personal information of the hospital must comply with the following personal data protection principles
    1. legitimate It is transparent and verifiable.
    2. within the scope and purpose of collecting, using or disclosing that information
    3. It must be done in an adequate, relevant and necessary manner. according to the purpose of collecting, using or disclosing personal information
    4. It must be done correctly and keep information updated where necessary.
    5. must be done for as long as necessary
    6. Appropriate data security measures must be provided.
  4. The collection of personal data that the hospital collects, uses, collects and discloses must be based on legal bases for processing personal data in accordance with personal data protection laws. to achieve the objectives of the hospital
  5. In the event that such personal information It is a person's health information. which is a personal secret, will not be disclosed in a way that will not cause damage to the owner of the personal information unless the disclosure is directly at the will of that person. Or there is a law on personal data protection or other laws that can be disclosed.
  6. Collection, use or disclosure of personal data in the operation of the hospital It must be in accordance with the purposes that the personal data subject has previously been notified to when collecting the data. Unless the new purpose has been notified to the owner of the personal data prior to collection, use or as permitted by law.
  7. The hospital will collect personal information as necessary. according to the retention period necessary and appropriate to the information under legitimate purposes as long as the purpose for which such information is used remains
  8. In case the hospital needs to obtain consent for the collection, use or disclosure of personal data Consent must be obtained openly and explicitly. The data subject can withdraw their consent at any time.
  9. The hospital will provide a Data Protection Officer (DPO) to perform duties as required by law. and must support the performance of duties of the personal data protection officer
  10. to protect personal information The hospital will provide measures to maintain stability. Proper security of personal information To prevent the loss, access, destruction, use, conversion, alteration or disclosure of information wrongfully. and will review such measures when necessary or when technology changes. in order to have the appropriate security performance in order to comply with the hospital's regulations on security measures of personal information
  11. The hospital does not allow staff, doctors, personnel or any person to disclose personal information in a way that directly and indirectly causes damage to the data owner. Those who disclose information are liable in accordance with all applicable laws.
  12. In the event of a breach of personal data, staff, doctors, and personnel in the hospital must report the breach to the hospital and DPO's personal data protection officer within 24 hours.
  13. However, the consent of the owner of the personal data provided to Vibharam Hospital in collecting, using, collecting, disclosing personal information It remains valid until the subject of personal data withdraws written consent. The owner of personal data can revoke consent or amend or suspend the use or disclosure of personal data. for the purpose of carrying out any activity By submitting the request of the personal data subject to the hospital in writing or via electronic mail. [email protected]

In addition, under Personal Data Protection Act B.E. 2562 Owner of personal data have the right to request according to the following laws

  1. right to be informed
  2. The right to request correction of inaccurate information or addition of incomplete information.
  3. The right to withdraw consent to the processing of personal data that has been given to the hospital for the duration that the personal data is with the hospital
  4. The right to suspend the use of personal information for certain reasons
  5. right of access to personal data and ask the hospital to make a copy of such personal information Including asking the hospital to disclose the acquisition of personal data that the data subject has not given consent to the hospital.
  6. The right to transfer the personal data provided to the hospital to other data controllers or the owner of the personal data for some reason
  7. The right to object to the processing of personal data for certain reasons
  8. the right to ask the hospital Data can be deleted for certain reasons under the provisions of the law.
  9. right to complain In the event of a violation or non-compliance with personal data protection laws or announcements issued under such laws

Requests listed above Must be made in writing and the hospital will notify the result of the petition within 30 days, unless there are legal restrictions. However, the revocation of consent may result in insufficient data processing to achieve the stated purposes And may not be convenient to receive the service, but will not affect any rights that have been done according to the objectives

  14. In case if you are the owner of personal data Have questions about this privacy policy? or wish to exercise your rights regarding the processing of your personal data You can inquire with the Data Protection Officer (DPO).

e-mail : [email protected]

      Vibharam General Hospital (Vibharam Hospital) 2677 Phatthanakan Road, Phatthanakan Subdistrict, Suan Luang District, Bangkok 10250 Tel.02-032-2550, 02-722-2500

             website www.vibharam.com

ประกาศ ณ วันที่  1 มิถุนายน 2565

Vibharam Hospital Company Limited

Share