Privacy Policy

Samitivej Sriracha Company Limited (hereinafter referred to as the “Company”) recommends that you understand this Privacy Policy, as it explains how the Company handles your personal data, such as the collection, storage, use, and disclosure, including your rights, etc. In order to inform you of the Company’s personal data protection policy, the Company hereby announces the Privacy Policy as follows:

“Personal data” means information about an individual that enables the identification of that individual, whether directly or indirectly, but does not include data of deceased persons in particular.

The Company will collect personal data with lawful and fair purposes, scope, and methods. The Company will collect personal data only to the extent necessary for providing services or other electronic services under the Company’s purposes only. In this regard, the Company will ensure that the data subject is informed and provides consent electronically or in accordance with the Company’s procedures. The Company will collect data from you when you register on the Company’s website in order to place an order for the Company’s products. The data collected by the Company includes:
2.1 First name and last name
2.2 Address
2.3 Email
2.4 Phone number

The Company will collect or use your personal data for the benefit of the Company’s operations, such as ordering products and services, public relations and advertising, conducting Company activities, various communications and coordination, or to improve the quality of work, services, and the website to be more efficient, such as creating a database, analyzing and developing the Company’s operational processes, and for any other purposes not prohibited by law, and/or to comply with laws or regulations related to the Company’s operations. The Company will store and use such data only for as long as necessary for the purposes notified to the data subject or as required by law.
The Company will not take any action different from what is stated in the purposes of data collection, except that

1) The new purpose has been communicated to the data subject, and consent has been obtained from the data subject.
2) This is to comply with the Personal Data Protection Act or other relevant laws.

The Company will not disclose the data subject’s personal data to any person without consent and will disclose it only for the purposes that have been notified. However, for the benefit of the Company’s operations and the provision of services to the data subject, the Company may need to disclose the data subject’s personal data to affiliated companies or other persons both domestically and internationally, such as various service providers who must perform work related to personal data. In disclosing personal data to such persons, the Company will ensure that they keep the personal data confidential and do not use it for any purpose other than within the scope specified by the Company.

In addition, the Company may disclose the data subject’s personal data under the criteria prescribed by law, such as disclosure to government agencies, public sector agencies, regulatory authorities, including in cases where disclosure is requested under legal authority, such as requests for information for litigation or legal proceedings, or requests from private entities or other external persons involved in legal processes.

The Company will establish various measures, including personal data security measures, in accordance with laws, regulations, rules, and personal data protection guidelines/practices for the Company’s employees and other related persons. The Company will also support and encourage employees to have knowledge and awareness of their duties and responsibilities in collecting, storing, using, and disclosing data subjects’ personal data. The Company’s employees must comply with the policy and personal data protection guidelines as prescribed by the Company so that the Company can comply with the policy and personal data protection laws correctly and effectively.

Personal data owners (data subjects) have the right to take the following actions:

6.1 Right to withdraw consent to the processing of personal data previously given; however, the withdrawal of consent shall not affect the collection, use, or disclosure of personal data for which consent has already been given.

6.2 Right to access personal data and request a copy of personal data, including requesting disclosure of the acquisition of personal data obtained without consent

6.3 Right to rectify personal data to ensure accuracy

6.4 Right to erase personal data

6.5 Right to restrict the use of personal data

6.6 Right to data portability

6.7 Right to object to the processing of personal data
The data subject may exercise the above rights by submitting a request to the Company via the “Company contact channels” below. The Company will consider and notify the data subject of the result of the consideration of the request within 30 days from the date the Company receives such request. However, the Company may refuse the data subject’s request in cases where the law so provides.

The Company may update or amend this policy from time to time to comply with legal requirements, changes in the Company’s operations, as well as suggestions and opinions from various agencies. The Company will clearly announce any changes before implementing them.

Samitivej Sriracha Hospital
8 Soi Laem Ket, Choem Chomphon Road, Si Racha Subdistrict, Si Racha District, Chonburi 20110
Telephone: 0-3832-0300, 0-3303-0100 Fax: 0-3832-4123 E-mail: ssh.dpo@samitivej.co.th

When you visit our website, we use cookies to ensure that you have a good experience using our website. This cookie policy explains what cookies are, how they work, the reasons for using cookies, and how to delete cookies for your privacy. By visiting our website, you are deemed to have permitted us to use cookies in accordance with the cookie policy detailed below.

Cookies are small files used to store information, which are saved on your computer or communication device through the web browser you choose to use while you visit our website.

We use cookies to store your website visit identifier. This identifier allows us to more easily remember your website usage patterns, and this information will be used to improve our website to better meet your needs. For convenience and faster use of our website, in some cases we need to engage third parties to carry out such processing, which may require the use of Internet Protocol (IP) addresses and cookies to analyze, link data, and process it for marketing purposes.

These cookies are essential for the website, enabling you to access information and use our website. This type of cookie will be stored and deleted after you finish browsing the website.

These cookies help us measure performance by processing the number of pages you visit, as well as certain characteristics of visitor groups. Such information is used to analyze visitor behavior patterns. We will use the results to improve the website to better meet visitors' needs and usage. However, the information obtained and processed does not identify you by name or indicate your identity. No personal data is collected, such as name, email, etc., and it is used for statistical purposes only.

These cookies are used to remember various preferences you selected while using the website. The information stored will be used again when you return to visit our website. Your previous selections will be displayed so you do not need to select them again, for your convenience. The data collected and processed does not identify you by name or reveal your identity, such as your name or email, and is used for statistical purposes only.

These cookies remember the pages you visit and marketing policies that are appropriate to your needs.

If you do not wish to accept cookies, you can choose to refuse or block cookies by changing the settings in your browser. You can still visit the website, but some functions on the website may not be as convenient for you.

You can delete cookies by checking the Help menu in the browser you use. However, most web browsers usually store cookies automatically. Therefore, if you do not want cookies to be used, you will need to block or delete cookies at all times.

This cookie policy will be updated from time to time to comply with regulations. We recommend that you review it to ensure that you understand any changes to these terms.

* Last revised: 30 August 2020

Samitivej Sriracha Company Limited, address: 8 Soi Laemket, Jermjompol Road, Si Racha Subdistrict, Si Racha District, Chonburi Province 20110, website wsamitivejsriracha.itboxdemo.comThe Company is a medical facility providing medical examination, treatment, and healthcare services, and is a personal data controller under the Personal Data Protection Act B.E. 2562 (2019). The Company therefore provides this document to inform you of the reasons and methods by which the Company collects, uses, or discloses your personal data, and to inform you of your rights as a data subject.

We, Samitivej Sriracha Company Limited. Address : 8 Soi Leamket, Jermjompol Road,Sriracha, Chonburi, Website: samitivejsriracha.itboxdemo.com, a medical facility/hospital as a Data Controller pursuant to the Personal Data Protection Act B.E. 2562, provides this notice to inform you regarding information on our collection, use, and disclosure of your personal data that we collected and about your rights

The Company uses a CCTV system to record your video images in order to

We use CCTV to collect, use, disclose, or process your personal data for the following purposes:

((a) Protection of the life, body, health, personal safety, and property of individuals

(a) to protect individuals’ life, body, health and well-being, personal safety, and belongings;

((b) Protection and safeguarding of the company’s premises, facilities, and assets from damage, interference, destruction, and other crimes

(b) to protect and prevent our premises, facilities and assets from damage, disruption, vandalism, and other crimes;

((c) to support law enforcement agencies in the prevention, investigation, and prosecution of crimes, and to take actions to deter crime;

(c) to support law enforcement agencies in the prevention, detection, and prosecution of crimes and to act as a deterrent against crimes;

((d) Assistance in the effective resolution of disputes that arise in the course of disciplinary or grievance proceedings;

(d) to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;

((e) Assistance in investigations or proceedings relating to whistleblowing reports and inquiries;

(e) to assist in the investigation or proceedings concerning a whistleblowing complaint; and loment proceedings

The Company may collect, disclose, or process your personal data based on the following criteria or legal bases:

We may collect, use, disclose, or process your personal data base on any of the following legal basis:

(a) Vital interests basis The collection, use, disclosure, or processing of personal data is necessary to prevent or suppress a danger to a person’s life, body, or health.

(a) Vital Interest. The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a person’s life, body, or health.

(b) Legitimate Interest The collection, use, disclosure, or processing of your personal data is carried out for the Company’s legitimate interests in order to achieve one or more of the purposes stated above.

(b) Legitimate Interest. It is in our legitimate interest to collect, use, disclose, or process, your personal data to achieve any of the purposes described above.

(c) Legal basis The Company is required to comply with obligations imposed by applicable law, including but not limited to workplace safety and environmental laws. The Company considers the use of CCTV to be an important measure that helps the Company comply with these obligations.

(c) Legal Obligations. We owe a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace. We consider the use of CCTV as a necessary measure to enable us to meet those obligations.

- There are 403 CCTV cameras.

There are 403 CCTV cameras on our premises.

- The company has installed appropriate signs in areas under surveillance to inform you about the use of CCTV and the

We place appropriate signage in the monitored areas to alert you that a CCTV operation is in use and your personal data is recorded.

The Company may retain your personal data for no longer than 30 days, or as necessary to achieve the purposes specified in this notice, or as required by applicable law. The Company may also need to retain your personal data for as long as necessary to manage disputes or legal and court proceedings that may arise.

We may retain your personal data no longer than 30 days or as is necessary to achieve the purposes described in this notice or as is required by applicable laws. We may need to retain your personal data for so long as it is necessary for any disputes or legal proceedings that may arise.

The CCTV system records video footage of individuals who enter the camera's field of view 24 hours a day.

Our CCTV will record the movement of all persons within the proximity of the CCTV cameras on our premises at all times (24 hours).

If the Company no longer needs to retain your personal data, the Company may destroy, delete, remove it from the system, or render your personal data anonymous so that it can no longer identify the data subject.

If we no longer need to retain your personal data, we may destroy, delete, remove or anonymize your personal data.

The Company will store personal data using organizational and technical measures at least to the level required by law and with appropriate systems to prevent and safeguard the security of such personal data, and will store it in a location with restricted access controls.

In cases where any officer or department wishes to review footage or request information from the CCTV system, the following procedures must be followed:

- Complete the request form to obtain information from the CCTV system.

- Submit the form to the Security Supervisor to be presented to the supervisor/manager for approval according to the procedure.

- The security officer stationed in the CCTV control room shall be informed of the request to view or obtain information from the CCTV system by the Security Supervisor.

- If permission to view the information is granted, the Security Supervisor and the security officer stationed in the CCTV control room must be present while the requester views the CCTV information.

- Record the information of the person(s) requesting to view the data and the verification results in the request form for viewing or requesting CCTV footage, and forward the form to the department head or manager responsible for security operations for acknowledgment.

- In the case of a request for information from the police, written approval must be obtained from the Company Director.

The Company may share CCTV data with government officials, for example only where there is a written request and such request is for the purpose of an investigation by government officials or for legal proceedings in court.

The Company may allow the CCTV vendor to access the data for system maintenance only in cases where permission has been granted by the Company, and the vendor must have personal data security measures approved by the Company in order to access personal data in the CCTV system.

You have the following rights under the law:

You have the following rights pursuant to the laws:

(a) Right of access You have the right to access and request a copy of your personal data, or to request disclosure of your personal data. Such request must be made in writing and submitted via the channels specified in the “Contacting the Company” section. Your request will be processed within the period prescribed by law. The Company may refuse to comply with your request where the request may affect the rights and freedoms of other persons, to the extent permitted by law or a court order.

(a) Right of Access. You have the right to access and obtain a copy of your personal data or request to disclose your personal data. The request must be in writing and sent to the channel provided in the “CONTACT US” section. Your request will be processed within the period required by law. We may, to the extent permitted by law or a court order, refuse to act on your request where such request could affect the rights and freedom of another person.

(b) Right to Rectification You have the right to request that the Company rectify the personal data it has processed about you so that it is complete, accurate, not misleading, or up to date.

(b) Right to Rectification. You have the right to have incomplete, inaccurate, misleading, or not up-to-date personal data that we process about you rectified.

(c) Right to Data Portability You may have the right to obtain your personal data that the company holds in a structured electronic format and to transmit such personal data to another personal data controller, provided that (1) it is personal data that you have provided to the company, and (2) the company processes such data on the basis of your consent.

(c) Right to Data Portability. You may have the right to obtain your personal data we hold, in a structured, electronic format, and transmit such data to another data controller, where this is (1) personal information which you have provided to us, and (2) if we are processing that data on the basis of your consent.

(d) Right to Object You have the right to object to the collection, use, or disclosure of your personal data where such processing is carried out for the purposes of the Company’s (or another person’s) legitimate interests. The Company may refuse to comply with your request if the Company can demonstrate compelling legitimate grounds for the collection, use, or disclosure of such personal data that override your interests, or if the collection, use, or disclosure of such personal data is for the establishment of legal claims, the exercise or defense of legal claims, or compliance with legal claims.

(d) Right to Object. You have the right to object to the collection, use, or disclosure of your personal data for the purposes of achieving our legitimate interest (or that of other persons). We may refuse to comply with your request if we can demonstrate compelling legitimate grounds for such collection, use, or disclosure, which may override your own interests or if such collection, use, or disclosure is for the purposes of establishment, compliance, exercise or defense of legal claims.

(d) Right to erasure or destruction of data You have the right to request that the Company erase or destroy your personal data, or make your personal data anonymous such that it can no longer identify you as the data subject, if you believe that (1) such personal data is no longer necessary for the purposes specified in this notice, or (2) your personal data has been collected, used, or disclosed unlawfully. However, the Company may refuse to comply with your request to erase or destroy your personal data for the establishment of legal claims, compliance with or exercise of legal claims, defense against legal claims, or compliance with the law.

(e) Right of Erasure. You have the right to request us to erase or destroy your personal data or to anonymize your personal data if you believe that (1) the personal data is no longer needed for the purposes described in this notice or (2) the collection, use, or disclosure of your personal data is unlawful. We may refuse to comply with your request for erasure or destruction for the purposes of establishment, compliance, exercise or defense of legal claims, or compliance with laws.

(f) Right to Restriction of Processing You have the right to request the Company to suspend the use of your personal data if you believe that the Company no longer needs to retain such personal data for the purposes stated in this notice, but you still want the Company to retain such personal data for the establishment of legal claims, compliance with or exercise of legal claims, defense against legal claims, or compliance with the law.

(f) Right to Restriction of Processing. You have the right to request us to suspend the use of your personal data if you believe that we no longer need to retain the personal data for the purposes described in this notice, but you still require the retention for the purposes of establishment, compliance, exercise or defense of legal claims, or compliance with laws.

(g) Right to Withdraw Consent If you have consented to the Company collecting, using, or disclosing your personal data, you have the right to withdraw that consent at any time.

(g) Right to Withdraw Consent. If you have consented to our collection, use, or disclosure of your personal data, you have the right to withdraw that consent at any time.

You can contact the Company's Data Protection Officer (Data Protection Officer: DPO) to submit a request to exercise the above rights at E-mail: ssh.dpo@samitivej.co.th

You can contact our Data Protection Officer (DPO) to exercise your rights or for any inquiries related to this notice at E-mail: ssh.dpo@samitivej.co.th.