Healthscape Company Limited is aware of the importance and responsibilities under the Personal Data Protection Act B.E.2562 (2019). We prioritize respecting privacy rights and are committed to ensuring the security of personal data for everyone. This Privacy Notice applies to the personal data of customers, suppliers, contractual partners, service users, and business-related persons with the company. The aims are to inform and explain how we collect, process, and disclose personal data, as well as the measures in place to safeguard your data. We also outline your legal rights as the data subject. The details are as follows:

1.      Applicability of this Notice

   This Notice applies to the personal data of customers, suppliers, contractual partners, service users, and business-related persons with the company. This includes individuals acting on behalf of legal entities who are data subjects, such as directors, consultants, executives, employees, agents, and any individuals associated with the aforementioned persons hereinafter collectively referred to in this Notice as “You”.

2.   Definitions

        Definitions and meanings are provided in the table below.

DefinitionsMeanings
CompanyHealthscape Company Limited and the affiliated companies  
Affiliated CompaniesThe affiliated companies or legal entity partnerships with relationship to Healthscape or any other organizations which control, are controlled, or are regulated by Healthscape which may involve common shareholders or a majority of directors forming the same entity.
Customers        The individuals targeted in the company’s operations or services include participants in the company’s campaigns or marketing activities, those interested in the company’s products or services through various channels, and/or users of the company’s services through online and electronic media, as the case may be. This also includes authorized representatives, individuals with legal authority to act on behalf of customers as needed, such as legal guardians for minors, custodians for incapacitated individuals, advocates for individuals with disabilities, etc.
Suppliers, Contractual Partners, Service Users, and Business-related PersonsSellers, property owners, contractors, and/or service providers, or any individuals who have business relationship with the company, whether they are legal entities or natural persons, including sub-contractors of the sellers, contractors, and/or service providers.
IndividualsIndividuals, specifically natural persons, excluding legal entities.
Data SubjectThe individual to whom the data can be referred.
Personal DataThe data about an individual that enables the identification of that person, whether directly or indirectly, excluding information about a deceased person specifically.
Sensitive Personal DataThis includes personal data related to race, ethnicity, political opinions, beliefs in ideologies, religions, or philosophies, sexual behaviors, criminal records, health information, disabilities, labor union membership, genetic data, biometric data, or any other data that similarly affects the data subject, as defined by the Personal Data Protection Committee’s regulations.
Personal Data ProcessingCollecting, using, or disclosing personal data.
Data ControllerAn individual or legal entity with the authority to make decisions regarding the collection, usage, or disclosure of personal data.
Data ProcessorAn individual or legal entity that processes the collection, usage, or disclosure of personal data based on the instructions or on behalf of the data controller. The data processor is not the entity that controls the personal data.
Non-personal dataVarious types of data that do not identify an individual, such as company registration details, business contact information, which may include work phone numbers, work email addresses, office addresses, anonymous data, and data of deceased individuals.
TransactionAny action related to activities in both legal and commercial aspects.
Electronic TransactionA transaction conducted entirely or partially using electronic means.

 3.   Personal Data Collected by the Company

   The company collects personal data as necessary. We have collected personal data from the contracting party, and the types of personal data stored by the company are detailed in the table below.

Table of Personal Data Collection

Type of Personal DataDetails
Basic Personal DataIdentity data used for identification purposes, such as name, surname, national identification number, passport number, date of birth, gender, age, nationality, signature, photograph, professional license number, and membership number.
Sensitive Personal DataSuch as fingerprints, facial images, health information, food allergy information, specifically obtained with clear and explicit consent from you or as permitted by law.
Contact DataSuch as address, copy of house registration, phone number, email address, geolocation, emergency contact, online social media account, LINE ID, and work-related information including workplace name, address, phone number, email address, position, etc.
Third-Party Personal DataIf you provide personal data of third parties to the company, such as executives, authorized individuals, delegated authorities, board members, employee data, contract workers, contact persons, marital partners, family members, tenant, tenant’s assistants, and other individuals not directly related to the company but associated with your relationship with the company
Communication DataSuch as recording of images or sounds when contacting the company, etc.
Service-related InformationSuch as types of products or services you choose, product or service application details, reservation details, and any other information provided in documents that you submit to the company.
Transaction-related dataSuch as details of transactions with or involving you, transaction-related details from contracts, supporting documents for contracts/agreements, requests, claims, agreement details, and other transaction-related information.
Electronic Transaction DataSuch as the data related to electronic transactions conducted through channels such as the Website, Application, etc.
Financial DataBank account details, source of funds, transaction record details, personal asset details, such as salary certificates, vehicle registrations, and other financial data of a similar nature including bank account information, credit/debit card information, details of fund transfers, and bank loan application details, etc.
Usage of Electronic Systems DataSuch as the data of Username, Application usage data, Browsing Information, website visit history, IP Address, Cookies, Log file, etc.
Service Usage Data  Such as the data of reservations and services for villages or juristic person condominiums, vehicle registrations, motorcycle registrations, pet information, postal services, packages, repair notifications, etc.
Property dataSuch as the data of vehicles, pets, postal services, packages, etc.
Data of participation in meetings, seminars, and eventsSuch as the data of related to participation in company-organized meetings, seminars, activities, and programs including static and motion images and audio recordings during meetings, training, seminars, or other activities.
Risk Consideration DataSuch as the data used for risk assessment for background checks, evaluating suitability, or considering risks before making decisions to engage in transactions. This also includes information for legal proceedings or enforcement, such as marital status and details about properties.
Security dataCCTV images, vehicle data, license plate details, and date and time data regarding entry and exit from the company’s premises for safety considerations.
Feedback dataSuch as the opinions, suggestions, and complaints.
Public dataData that is publicly available both online and offline, the disclosed public data such as names, aliases, photos, posts, locations, friend lists, interests, and pages followed.
Communication DataSuch as conversations, email correspondence, and data used in various forms of communication.
Personal Interest DataSuch as Lifestyle travel preferences, leisure activities, pets, products, and services. This encompasses likes, dislikes, and other interests.
Other DataOther personal data used for facilitation as necessary.                                                               

4.   Source of Personal Data

      The company collects personal data from the following sources:

      4.1 Directly from Individuals

The company obtains personal data directly from individuals through various channels such as contact interactions, customer registration, account creation through applications, reservation processes, contractual agreements, service requests, recruitment processes, business partner engagements, provision of information or filling out Offer Form, documents supporting business consideration, documents for service request, quotation submission, bid envelope submission, participation in marketing activities, participation in sales promotion activities through various channels, including physical and information technology channels as well as the data and updates of your data while you are a customer, supplier, contractor, service user, etc.

      4.2 Receiving Personal Data from Other Sources

   The company possibly collects your personal data from other sources, such as agents, websites, your employees, or representatives, or from third parties who collect, use, or disclose personal data under the company’s instructions or on its behalf, or from external sources, as permitted by law.

      4.3 Personal Data of Third Parties

      The company possibly receives personal data of third parties related to you, provided by you to the company, such as contacts, employees, contractors, agents, sub-contractors, or other individuals. The company uses this information for contract purposes, to provide services, contact in emergencies, or for reference that may be beneficial to you. Please inform the concerned third parties about this Privacy Notice and obtain their consent, unless there are legal requirements for the disclosure of their personal data to the company without consent.

      4.4 Personal Data of Minors, Persons with Disabilities, and Incapacitated Persons

The company collects personal data related to minors, persons with disabilities, and incapacitated persons only with the consent of their parents, guardians, or legal representatives. We do not intend to collect personal data from individuals under the age of 20 (twenty) without the consent of their parents, as required by law, or from persons with disabilities and incapacitated persons without the consent of their guardians or legal representatives, as applicable. In cases where the company becomes aware that we have collected personal data from individuals under the age of 20 without the consent of their parents, or from persons with disabilities and incapacitated persons without the consent of their guardians or legal representatives, as required by law, the company will handle the situation in accordance with applicable laws, will delete such personal data immediately and will only collect, use, and/or disclose the personal data if there is a legal basis other than consent or as permitted by law.

      4.5 Personal Data Obtained from Cookies

            When you visit the company’s website, this information helps the company provide improved, faster, and more secure services while ensuring your privacy. This includes when you use the services and/or access the platform.

5.   Legal Basis for Processing Personal Data

   The company collects, uses, or discloses your personal data based on the legal grounds for processing data, as outlined below:

      5.1 Contractual Basis

            For the performance of a contract to which you are a party, such as contracts for goods, service contracts, or any other contracts, or for actions necessary before entering into a contract, as applicable.

      5.2 Legal Obligation

            To comply with legal obligations imposed on the company, such as tax laws, computer laws, and other laws that the company is required to adhere to.

      5.3 Legitimate Interest

           For the legitimate interests pursued by the company, provided that such interests are not overridden by your fundamental rights or freedoms. This processing will not violate your basic rights or freedoms.

      5.4 Consent

               The company will seek your consent in cases where the law requires it, or there is no legal basis for the processing of the personal data collected from you.

6.   Purposes of Collecting, Gathering, Using, and Disclosing Personal Data (Personal Data Processing)

   The company engages in the collection, use, or disclosure of your personal data for the following purposes:

Table detailing the objectives of personal data processing

Objectives of personal data processingBasis of personal data processing
For evaluating qualifications of natural person/juristic person before entering into the contracts– Contractual performance or operation taken as requested before entering into the contracts
– Necessity for the legitimate interests
For Personal Identification Verification– Contractual performance
– Necessity for the legitimate interests
– Legal compliance
For transactional purposes, contract execution, performance evaluation, and evaluation result notification– Contractual performance
– Necessity for the legitimate interests
For Electronic Transactions– Contractual performance
– Necessity for the legitimate interests
For operational management, facilitation in various areas such as installments, services, outstanding balance, payments, etc.–  Contractual performance
– Necessity for the legitimate interests  
For use in processing payment data, issuing and delivering tax invoices, payment requests, and receipts, as well as presenting account statements. This includes financial transaction purposes and account management objectives, accounting examinations, or debt tracking of the company.– Contractual performance
– Necessity for the legitimate interests
– Compliance with the law      
For transferring rights, duties, and benefits as stipulated in contracts.– Contractual performance
– Necessity for the legitimate interests
For communication purposes, notification, and/or receiving relevant information associated with the company. This involves handling expenses, delivering pertinent documents, or managing various changes that occur, including providing information and relevant news related to or associated with the relationship you have with the company. Additionally, for conducting operations and managing the accounts and loyalty points of customers, and for issuing reward cards or gift cards as requested by customers.– Contractual performance
– Necessity for the legitimate interests  
For maintaining a relationship with the company, such as handling inquiries, conducting surveys, and analyzing feedback.– Necessity for the legitimate interests
– Consent  
For operational and post-sales service management.– Necessity for the legitimate interests
– Consent  
For complying with legal obligations and responding to legal claims as well as reporting information to government agencies as required by law.– Compliance with the law      
For the establishment of legal claims, delegation and acceptance of authority, compliance with or exercise of legal claims, litigation, use of judicial rights, compliance with court orders, and the conduct of various legal proceedings.  – Contractual performance
– Compliance with the law
– Necessity for the legitimate interests        
For complying with legal processes and ensuring adherence to the provisions of laws, regulations, agreements, or policies enforced by regulatory authorities, governmental bodies responsible for enforcing laws, and state agencies overseeing the company’s business.– Compliance with the law          
For auditing, prevention, investigation, and actions taken in cases involving fraud, money laundering, financial support for terrorism, criminal activities, immigration checks, or any operations that may potentially violate the law. This is done to mitigate risks in cases where there is suspicion or belief that there might be fraud, deception, money laundering, or other unlawful activities, or activities that may impact the safety of others’ lives, health, or physical well-being.– Contractual performance
– Compliance with the law
– Necessity for the legitimate interests              
For maintaining security within the company’s buildings or premises, including the exchange of cards before entering office areas and recording images of individuals who come into contact with the company through Closed-Circuit Television (CCTV) cameras.– Necessity for the legitimate interests
For business planning, reporting, and forecasting, risk management, audit supervision, and internal organizational management. This includes using data as evidence to support certification applications for various management systems in the company.– Necessity for the legitimate interests          
For advertising and public relations management, conducting marketing campaigns, analyzing and developing products, and contacting customers to provide advice or present products. This includes managing advertising and public relations media, where you may act as a presenter or be part of the company’s advertising and public relations media.– Consent          
For analyzing data to enhance service quality by assessing overall data without revealing the identity of the data subject.  – Necessity for the legitimate interests
For disclosing contractor’ information or company representatives’ information to you as stipulated in the contract or disclosing your information to the aforementioned individuals.– Performance of the contract or taking action upon request before entering into a contract    
For developing the company’s service channels to ensure that you receive high-quality services.– Necessity for the legitimate interests    
For information technology management, including the storage, creation, and organization of documents and various data, regardless of the format. This includes processing personal data and addressing technical issues as arising.– Contractual performance
– Compliance with the law
– Necessity for the legitimate interests
– Consent  
For providing system services, websites, or various applications.  – Contractual performance
– Compliance with the law
– Necessity for the legitimate interests
– Consent
For managing and handling risk management, complaints, disputes, legal cases, and enforcement cases.– Contractual performance
– Compliance with the law
– Necessity for the legitimate interests  
For customer transactions with banks or financial institutions, including assessing performance.– Contractual performance
– Consent  
For providing Call Center services and for identity verification, examining and confirming identities for processing requests or inquiries.– Contractual performance
– Necessity for the legitimate interests    
For updating your information based on the data you provide, collecting and managing your database, including other relevant records, to enhance the company’s service. Ensuring that your historical and personal information is current, accurate, and complete.– Compliance with the law
– Necessity for the legitimate interests
For offering products, services, marketing promotions, targeted marketing, sales promotions, and promotions that align with your preferences.– Consent
For capturing photos or videos of customers at the office or event venues and publish or advertise these images or videos on the company’s website, applications, or other platforms for the preparation of food and/or other facilities.– Consent
Legal duties– Compliance with the law

7.   Disclosure of Your Personal Information

  To carry out the purposes specified in this privacy notice, your personal information may be disclosed or transmitted to various units in the company, affiliated companies, individuals, or external organizations, as follows:

      7.1 Inside the Company

     Your personal information may be disclosed or transmitted to various units in the company only to those relevant and with roles and responsibilities as necessary for the stated purposes. Personnel or teams in the company, such as IT/computer department, administration department, legal department, and accounting department, will be authorized to access your personal information as necessary and appropriate, based on their respective roles and responsibilities.

      7.2 Outside the Company

      Your personal information may be disclosed or transmitted to external organizations, including:

            7.2.1 Government agencies or other organizations as required by law, such as the Revenue Department, the Legal Execution Department, or any other agency exercising authority according to the law.

            7.2.2 Affiliated companies, agents, contractors/subcontractors, financial institutions, individuals interested in investing, service providers for various operations, such as legal services, external auditors, technology service providers, consultants in various fields, condominium juristic persons, delivery services for mail or parcels, or various items, company representatives, or any individual with duties for the company, including personal data processors for the company. In case the company engages external services, we must ensure that these service providers comply with legal requirements, and your personal data will be protected by appropriate measures.

8.   Sending or Transferring Personal Data Abroad

   The company may need to send or transfer your personal data to affiliated companies or transfer data to other recipients, such as sending or transferring personal data to be stored on a server or cloud system (Cloud) in a foreign country. This is part of the company’s business operations and we will consider ensuring that the destination country has adequate personal data protection standards as required by law.

9.   Data Retention and Duration of Personal Data Storage

   The company will retain your personal data for the necessary duration while you are a supplier or contractual party of the company or for the period necessary to achieve the relevant objectives as outlined in this privacy notice. Additionally, the company may need to retain the data beyond that period if required or permitted by law, such as for a period of 10 (ten) years from the end of the contract to prove audits by the government in cases where the government may claim tax liabilities.

      The company will delete or destroy your personal data or render it non-identifiable once it becomes unnecessary or at the end of the specified period.

10. How the Company Protects Your Personal Data

The company implements appropriate security measures to safeguard your personal data, preventing loss, unauthorized access, use, alteration, correction, or disclosure of personal data without authorization. The company ensures the confidentiality, integrity, and availability of personal data in an appropriate manner. We employ security measures in terms of organizational measures, technical measures, and physical measures to maintain the security of personal data processing adequately. We continuously updates our policies, regulations, and criteria as necessary and appropriate. Additionally, our management, employees, contractors, agents, consultants, and data recipients from the company have the responsibility to uphold personal data according to the company’s established measures.

11. Data Subject Rights

      In this section, the rights refer to the rights under the law regarding your personal data. You may exercise these rights with the company under the conditions specified by law and the company’s rights management process.

      11.1 Right to Withdraw Consent

      If you have given consent to the company to collect, use, and disclose your personal data (whether the consent was given prior to the effective date of data protection laws or thereafter), you have the right to withdraw your consent at any time during the period your personal data is with the company, unless there are legal limitations or contractual obligations benefiting you.

     11.2 Right to Access Personal Data

You have the right to request access to your personal data that is under the responsibility of the company. You may request the company to provide you with a copy of such data, including disclosing how the company obtained your personal data without your consent.

      11.3 Right to Data Portability

      You have the right to request your personal data in a format that can be read or used automatically by tools or devices and can be used or disclosed automatically. You also have the right to request that the company sends or transfers personal data in the mentioned format directly to another data controller when it can be done automatically. You have the right to receive personal data that the company sends or transfers in the mentioned format to another data controller directly unless it is not possible due to technical reasons.

      11.4 Right to Object to Data Processing

You have the right to object at any time if the collection, use, and disclosure of your personal data made for the company’s or another person’s legitimate interests or for public interest purposes. If you raise an objection, the company will continue to collect, use, and disclose your personal data only if the company can demonstrate compelling legitimate grounds for the processing that override your basic rights, or for the establishment, exercise, or defense of legal claims, depending on the specific situation.

      11.5 Right to Request Deletion or Destruction of Personal Data

      You have the right to request the deletion or destruction of your personal data or to make it unidentifiable if you believe that your personal data is collected, used, or disclosed unlawfully or that the company no longer needs to keep it for the purposes stated in the privacy notice or if you have withdrawn your consent or objected as previously notified.

      11.6 Right to Request Suspension of Personal Data Usage

      You have the right to request the temporary suspension of the use of your personal data while the company is reviewing your request to exercise your rights to correct your personal data or object to it, or in other cases where the company deems it unnecessary and must delete or destroy your personal data according to the relevant laws. However, you request that the company suspend usage instead.

      11.7 Right to Correct Personal Data

            You have the right to request the company to correct your personal data to be accurate, up-to-date, complete, and not misleading. If you are a current employee or staff of the company, you can update your personal data following the company’s procedures.

      11.8 Right to File a Complaint

      You have the right to file a complaint with the competent authority if you believe that the collection, gathering, use, and disclosure of your personal data violate or do not comply with relevant laws. For contact details, please refer to Clause 13, the Office of the Personal Data Protection Commission (PDPC).

12. Changes to the Privacy Notice

The company will regularly review the privacy notice to ensure compliance with best practices and relevant laws and regulations. Any changes to the privacy notice will be communicated to you through announcements on the company’s website.

13. Appropriate Authority Contact

      If you would like to report a complaint or if you feel that the company does not respond to your concerns in a satisfactory manner, you can contact and/or file a complaint to Office of the Personal Data Protection Commission (PDPC) as per the details below.

Telephone numbers02 141 6996 and 02 142 1033
Electronic mail (Email)https://www.pdpc.or.th
Website https://www.pdpc.or.th
Post addressOffice of the Personal Data Protection Commission
120 Village No. 3 Government Complex
Commemorating His Majesty the King’s 80th Birthday
Anniversary, Ratthaprasasanaphakdi Building (Building
B), 7th Floor, Chaengwattana Road, Thung Song Hong,
Lak Si, Bangkok 10210

14. Company contact channels

         If you have any suggestions or would like to inquire about details of the collection, use, and disclosure of your personal data as well as requesting to exercise rights according to this privacy notice, you can contact the company through the following channels:

            Data Protection Officer (DPO)

Electronic mail (Email)[ hsccontactcenter@healthscape.co.th ]
Website[ www.healthscape.co.th ]
Post address Healthscape Company Limited
141 Soi Sukhumvit 63 (Ekkamai) Sukhumvit Road
Khlong Tan Nuea, Watthana, Bangkok

You may change and amend your Personal Data or withdraw your consent at any time
by sending your request to the e-mail: hsccontactcenter@healthscape.co.th