Privacy Policy for HCPs
A. Menarini (Thailand) Co., Ltd. (“We”) understands the importance of protecting your Personal Data which we collect, use, disclose and process when you contact or make any transaction with us. Therefore, this Privacy Policy will inform you that the processing of your Personal Data.
1.Scope
This Privacy Policy applies to our customers, representatives, officials and contact persons of commercial partners or suppliers, visitors, employees, candidates and other persons who are necessary for our operation.
2.Personal Data that we collect, uses and/or discloses
We as well as our subsidiaries and affiliated companies need to collect, use and/or disclose your Personal Data which we have obtained from you or from authorized third parties (e.g., government agencies, regulatory authorities or public information sources). The types of Personal Data include, but are not limited to, as follows:
Category | Examples of Personal Data |
---|---|
Personal Details | Name-Surname, Date of Birth, ID Number, Passport Number, Patient ID, Gender, Age, Nationality, Photo, Autograph, Work position |
Contact Details | Address, Mobile / Telephone Number, Email Address, all Social Media Contact |
Financial Information | Bank Account Number |
Qualification Details | Medical specialty |
Employment Details | Education Records, Work Records, Licenses, Information Relating to Welfare and Benefits, Operation Information, Disciplinary Information, Social Security Information, Marriage status, Conscription records, government remittance order |
Sensitive Personal Data | Religion, Health-Related Information (Blood Type, Health Records, report on disease, Medicine allergy records, Congenital disease, Side effects from medication etc.), Biometric i.e. finger print, facial recognition, Criminal records |
Other | Behavior of website visitors, photos and video records in various activities |
3.Our activity, purpose and lawful basis of the collection, use and/or disclosure of your Personal Data
We as well as our subsidiaries and affiliated companies collect, use and/or disclose your Personal Data for the activities, purposes and lawful bases as follows:
Lawful bases | Activity/Purpose of collection, use and/or disclosure of Personal Data |
---|---|
Legal Obligation |
|
Performance of Contract |
|
Legitimate Interest |
|
Consent |
|
If you do not provide such Personal Data to us, this may cause a delay in our processes or we may not be able to process as you have requested.
4.Retention period
We will retain Personal Data as long as the purposes for which the Personal Data was collected are still being served and retention is necessary for our legal or business purposes, including to address dispute or establish our rights (whether such disputes or matters have arisen, or could arise in the future)
5.Information Disclosure
We may disclose or forward your Personal Data to third parties to process your Personal Data, or to other Data Controllers which are as follows:
(a) Third parties required by law – we may be required to disclose your Personal Data in order to comply with the law, including the orders of government agencies that issued under the law,
(b) Our internal groups – for internal management only as necessary,
(c) Service Providers of us – we may use third-party services to provide services for us, to assist in our operations such as internet service providers, software, website developers, digital media, transportations services providers, payments and financial systems providers, research and analytics providers, auditors, marketing and events providers, telecommunication services providers, storage and cloud services providers, printing service providers, attorneys, legal consultants, archiving and/or shredding providers and/or other professionals,
(d) Any other person involved in any dispute arising, including disputes related to transactions,
(e) Any person entrusted to manage any interest, intermediaries, contact person, and your representatives,
(f) Any person to whom we obtain an order from you to disclose your Personal Data.
6.Data Security
We will make a reasonable effort to protect Personal Data in our possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Notwithstanding the foregoing, please be aware that the Internet is not a completely secure.
7.Your rights
You have rights to your Personal Data under the PDPA, and we will respect your rights by taking actions in accordance with any laws, rules or regulations relating to the processing of your Personal Data. You may exercise the following rights of a Data Subject unless we have grounds to lawfully reject your request:
Right to withdraw consent – You have the right to withdraw your consent. The withdrawal of consent will not affect the lawfulness of the collection, use and/or disclosure of Your Personal Data based on your consent before it was withdrawn.
Right to access and obtain a copy – You have the right to access and obtain a copy of your Personal Data that is retained by us.
Right to data portability – You have the right to receive your Personal Data where we can arrange for such Personal Data to be in a readable or commonly used form, by way of automatic tools or equipment or format, and such Personal Data can be used or disclosed by automated means. In addition, you have the right to request us to send or transfer your Personal Data to a third party, or to receive your Personal Data which has been sent or transferred to a third party by us.
Right to object – You have the right to object to the collection, use and/or disclosure of your Personal Data where we proceed on a legitimate interest basis, or it is for a direct marketing purpose or for scientific, historical or statistical research purposes.
Right to erasure – You have the right to request us to delete, destroy or anonymize your Personal Data in the event that we do not need or has no legal right to keep such Personal Data.
Right to restrict – You have the right to request us to restrict the use of your Personal Data under certain circumstances when there is a pending examination process of us in accordance with your request to rectify your Personal Data or object to the collection, use and/or disclosure of your Personal Data, or your request to restrict the use of your Personal Data instead of to delete or destroy your Personal Data.
Right to rectification – You have the right to rectify your Personal Data that is inaccurate and to update your Personal Data to not cause any misunderstandings.
Right to lodge a complaint – You have the right to make a complaint with the Personal Data Protection Committee or their office where we do not comply with the PDPA.
You can exercise your right by contacting us with contact details in clause 9. We and/or our affiliates will consider and notify the result of your request within 30 days from the date of receipt of the request. We and our affiliates may decline to process the request of yours if required by the law.
8.Changes to this Policy
Please check this Privacy Policy periodically to inform yourself of any changes. Notice of any material changes to the Privacy Policy will be posted to our websites prior to the changes taking effect.
9.Contacting Us
If you have any questions about this Privacy Policy or would like to exercise your rights, please contact us via any of the methods provided below.
Data Controller: A. Menarini (Thailand) Co., Ltd.
195 One Bangkok Tower 4, 8th Floor, Witthayu
Road, Lumphini, Pathumwan, Bangkok, 10330
Tel: 02 696 8500
E-mail: tha_dpo@menariniapac.com
This Privacy Policy was issued on August 24, 2022 (Version 1.0).