PDPA

PDPA + PRIVACY POLICY

At Boston Health Polyclinic, accessible from https://bostonhealthcm.com/, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected by Boston and how it is used and disclosed in accordance with the Personal Data Personal Act B.E. 2562 (2019) and applicable law.

If you have additional questions or require more information about our PDPA + Privacy Policy, do not hesitate to contact us. Rest assured that the data entrusted to Boston will be processed accordingly.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regard to the information that they shared and/or collect in Boston.

INFORMATION WE COLLECT

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

This data may include information such as your name, contact details, phone number, email address, transaction and financial information, technical data such as IP Address, cookies via google analytics and other transaction records. It can also be information such as articles, feedback and photos sent by you directly to us.

HOW WE USE YOUR INFORMATION

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

SERVICES AND SERVICE PROVIDERS

We DO NOT share or disclose your personal data outside our company. It will be shared within our organization to develop our products and services to help us be more relevant and useful to you and others. We may use service providers to help us provide our services (ie payments, marketing and development) but they will have their own privacy policies. 

STORAGE OF DATA

Your personal data will be stored as hard copies and soft files using the following systems:

  • Hubspot
  • Google Workspace
  • Microsoft 365
  • Xero Accounting System
  • MAM Backup Servers

We will retain your personal data for as long as necessary during the period you are a customer or under a relationship with us, or for as long as necessary in connection with the purposes set out in this Privacy Policy unless law requires or permits a longer retention period. We will erase, destroy or anonymize your personal data when it is no longer necessary or when the period lapses.

SECURITY

We use reasonable administrative, physical, logical, and managerial measures to protect your data against unauthorized access, use, theft, loss and modification. These efforts are created to provide a level of security appropriate to the risks of processing your personal data. We store your payment details in our secured systems for your future payment or for the billing process. 

Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities. 

DATA SECURITY RULE

All employees shall comply with the company’s Data Security Rule and keep all company’s and client’s data confidential at all times and will not take any action which will leak such data to a third person at any time. All data retained by the Company is deemed as company assets. Hence, all employees are not allowed to manage the data without written permission from the Company. All employees shall secure the data at all times of data management through the Company’s device.

LOG FILES

Boston Health Polyclinic follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information. 

ADVERTISING PARTNERS AND THIRD-PARTY PRIVACY POLICIES

To enable you to receive benefits from using our products or services, we use your information to analyze, personalize and enhance our products or services, and marketing efforts through Google, Facebook, pixel tracking code and others. We use such information to provide you with customized and personalized recommendations for products or services we think will be of interest to you.

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Boston Health Polyclinic, which are sent directly to users’ browsers. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that Boston Health Polyclinic has no access to or control over these cookies that are used by third-party advertisers.

Boston Health Polyclinic’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt out of certain options. 

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found on the browsers’ respective websites. 

COOKIES AND WEB BEACONS

Like any other website, Boston Health Polyclinic uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.

LINKS TO OTHER SITES

The purpose of this Privacy Policy is to offer products or services and use our website. Any websites from other domains found on our site are subject to their privacy policy which is not related to us.

PDPA PROTECTION RIGHTS & DUTIES

We would like to make sure you are fully aware of all of your data protection rights. Every data subject is entitled to the following:

  • Withdraw consent at anytime
  • Object to any collection, use or disclosure of their personal data
  • Access and request the controller to provide a copy of their personal data and the source for obtaining it
  • Request to suspend the use of personal data
  • Request to erase, destroy or de-identify the personal data (in certain circumstances)
  • Data portability (obtain and transmit such data to another controller – if legitimate)
  • Request to rectify and update personal data
  • Right to lodge a complaint to the office of the PDPC

Our duties as the data controller are as follows:

  • Process accurate Personal Data: Ensure that the Personal Data remains correct, up-to-date, complete, and not misleading.
  • Implement security measures: Implement suitable measures for preventing loss, unauthorized access, alteration, or disclosure of personal data.
  • Record of Processing Activities (ROPA): Record information relating to personal data in writing or in an electronic system.
  • Erasure of Personal Data: Implement monitoring systems to delete or destroy Personal Data (limited circumstances – e.g. when the Personal Data is not necessary).
  • Enter into a Data Processing Agreement: Arrange for a contract with its Data Processor, in order to obligate the Data Processor to comply with the requirements under the PDPA, when processing the Personal Data.
  • Data Breach Notification: Notify a data breach incident to the PDPC/the Data Subject

CHILDREN’S INFORMATION

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Boston Health Polyclinic does not knowingly collect any Personal Identifiable Information from children under the age of 20. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

DATA BREACH NOTIFICATION

We will notify the PDPC (Personal Data Protection Commission) without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to your rights and freedoms of you, we shall also notify the personal data breach and the remedial measures to you without delay by email. 

CHANGES TO THIS

We may change this PDPA + Privacy Policy from time to time. Any changes to this, we encourage you to frequently check your email.

CONTACT INFORMATION

If you have any questions about this PDPA + Privacy Policy, please contact us by using the contact information through the following channels

DATA CONTROLLER: 

Boston Health Polyclinic
88/25 Moo 3 Tawangtan Saraphi Chiang Mai 50140 Thailand
Phone: +66 052 082 888
Email: info@bostonhealthcm.com

We will send communications or news for the purpose of utilizing your preference. If you no longer want to receive communications from us via email, you can click the “unsubscribe” in the email or send us an email to info@bostonhealthcm.com with the subject “Remove From Database”.

This Policy was last updated and effective in JULY 2023.