1. Introduction
Enserv Holding Co., Ltd. (registration number 0135555008651) and Ensif Encare Co., Ltd. (registration number 0135555008723) are companies engaged in the healthcare and health technology business. We uphold ethical business practices and respect our customers’ privacy. Therefore, we have established this Privacy Notice for Encare Application Services (“Privacy Notice”) to inform our customers (“you”) about our practices regarding your personal data. This Notice explains why we collect, use, and disclose your personal data, the types of personal data we collect, the purposes for processing, disclosures to third parties, details of our security measures to protect your personal data, data retention periods, and your rights as a data subject under the Personal Data Protection Act B.E. 2562 (2019), including applicable laws and regulations (“Personal Data Protection Law”).
This Privacy Notice applies to personal data we collect as a data controller for Encare Application Services (“Services”) through the Encare application, our official LINE for Business account (@encare) (“Application”), our website (“Website”), and our service points located at various locations (“Service Points”).
You acknowledge and agree that Ensif Encare is solely responsible for the services provided by the Encare Application business operator as required by law. Enserv Holding Co., Ltd. has no involvement in the provision of such services.
2. Contact Us
If you have any questions or require further information regarding this Privacy Notice, please contact our Data Protection Officer.
Contact Channels:
- LINE: @encare ( [Insert LINE Official Account link] )
- Phone: [Insert phone number]
- Email: [Insert email address]
- Address: Enserv Encare Co., Ltd. 1339 Pracharat 1 Road Wong Sawang Subdistrict, Bang Sue District Bangkok, Thailand
3. Purpose of Collecting, Using, and Disclosing Personal Data
We will collect, use, and disclose (collectively referred to as “process”) your personal data only to the extent necessary and lawful. We will process your personal data only when there is a legal basis that permits us to do so. This includes processing your personal data to fulfill a contract we have with you, comply with our legal obligations, serve our legitimate interests, prevent or mitigate harm to the life, body, or health of you or others, perform duties for public interest purposes of the company, exercise state authority, act based on your consent, and/or under other legal bases as specified by data protection laws.
In addition, the law prohibits us from collecting sensitive personal data, including but not limited to information about race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, union membership, genetic data, biometric data, or other similar data that could affect you in a comparable way. Unless we obtain your explicit consent, we will not collect or use such data without your explicit consent, except where permitted by data protection laws.
3.1 To Fulfill the Contract We Have with You
We will process your personal data to provide the services you have registered for, requested, and/or to fulfill the agreements or contracts you have entered into with us. This includes, but is not limited to, the following purposes:
- To register and log in to our services.
- To verify registration, confirm and authenticate your identity, and validate your contact channels.
- To deliver the services you have registered for, cater to your preferences and interests, provide requested services, and/or fulfill the contracts made with us.
- To communicate information about related products and services, including sending service invoices, purchase orders, payment reminders, and receipts.
- To process payments for services and associated fees.
- To provide compensation, rewards, and other benefits.
- To address inquiries, provide support, deliver information, handle complaints, and resolve issues.
- To support the company’s business operations, such as analysis, surveys, performance measurement, and improving and maintaining existing services to ensure smooth operation.
- To compensate you for any damages incurred.
- To inform you of changes to our services and service agreements.
3.2 Legal Obligations the Company Must Comply With
As we are obligated to comply with applicable laws and orders from authorized legal entities, we are required to collect, use, and disclose your personal data for various purposes, including but not limited to the following:
- To comply with personal data protection laws and other relevant laws.
- To comply with healthcare facility laws and other related regulations.
- To comply with other laws (e.g., the Computer-Related Crime Act, the Electronic Transactions Act, the Consumer Protection Act, and other laws we are required to follow).
- To comply with regulations and/or orders from authorized legal entities (e.g., court orders, directives from government agencies, or orders from authorized officials).
3.3 For the Legitimate Interests of Ourselves and Third Parties
We will process your personal data to serve our legitimate interests while balancing our benefits or those of other individuals or entities with your fundamental rights concerning personal data. This includes, but is not limited to, the following purposes:
- To prevent fraud and corruption, enforce our terms, conditions, and policies, and/or exercise legal claims as permitted by applicable laws.
- To maintain the security of our data and service networks and notify you of suspicious activities, such as unusual login attempts to your account.
- To study how our customers use our products and services to improve service standards, plan and monitor marketing campaigns, analyze, and enhance the services you use to better meet your needs.
- To develop new products that suit customer needs and define customer segments for new products or services.
- To present our products, services, and benefits to you based on your preferences and information. If you do not wish to receive these offers via email, you can opt-out by clicking the “Unsubscribe” button included in the email or by notifying us through other channels, such as emailing Enservencare@gmail.com.
- To facilitate communication, record images, or audio during meetings, training, recreational events, or exhibitions.
- To anonymize personal data to make it unidentifiable.
3.4 Actions Based on Your Consent
In certain cases, the processing of personal data requires your consent as mandated by personal data protection laws. These purposes include, but are not limited to, the following:
- The necessity to collect sensitive personal data.
- To send updates, deals, and promotions from our business partners and to advertise content based on your information and interests.
- To transfer or transmit your personal data to another country that may not have adequate personal data protection standards (unless permitted by personal data protection laws without requiring consent).
- If you are a minor, an incompetent person, or a quasi-incompetent person, consent must be obtained from your parent, guardian, custodian, or legal representative, as applicable (unless personal data protection laws allow such processing without consent).
4. Personal Data We Collect
We collect various types of personal data. The collection, use, and disclosure of your personal data may vary depending on the products and/or services you use or have used in each country. To provide an overview of the data we collect, we have categorized it as follows:
Personal Information
- Title
- First name, Last name
- Gender
- Age
- Date of birth
- Religion
Identification Information
- National ID number
- Passport number
- Copy or photo of your national ID card or passport
- Facial photograph
- Other identification numbers
Contact Information
- Mailing address
- Email address
- Phone number
Location Information
- GPS data, geographical location
Social Media Account Information
- Social media account details
- Social media platforms (e.g., LINE, Facebook)
- Your profile data
- Social media interactions with us
Service Information
- Appointment details
- Static/dynamic images for security purposes
- CCTV recordings
- Conversation recordings
- Voice recordings
- Photographs, videos
Health Information
- Medical records
- History of drug/food allergies
- Physical examination results, treatment outcomes, diagnoses
- Laboratory test results
- Radiographic images
- Photos/videos/audio from medical procedures
- Medical certificates
- Body composition data (e.g., body fat mass, visceral fat, bone mass)
- Other personal health information (e.g., weight, height, blood type, heart rate, blood pressure, glucose levels, drug allergies)
Financial Information
- Payment and payment verification details
Biometric Data
- Facial scan data for electronic identity verification
- Fingerprints for signature purposes
Device, Software, and Technical Details
- IP address
- Device identification numbers or other device-specific identifiers
- Technical specifications and unique identifiers, such as logs, device IDs, device types, network usage, connection details, access data, access date and time, session duration, cookies, search history, browsing history, and other unique device identifiers
Market Research Data
- Customer survey responses
Other Information
- Any information you provide to us through any channel
5. Sources of Personal Data
We collect personal data directly from you when you provide it to us and automatically when you access our website, application, or interact with us.
Additionally, we may receive your personal data from our partners and other sources. This is conducted in accordance with legal procedures and only in cases permitted by law. The details are as follows:
(1) Sources of Personal Data Provided Directly by You
- Registration and Identity Verification: When you register for services, verify your identity, update your personal information, or make specific requests related to our services at our healthcare facilities, physical locations, websites, or applications.
- Medical Services: When you receive medical services at our healthcare facilities or through telemedicine services provided by us.
- Communication: When you interact with us at our healthcare facilities, physical locations, websites, applications, email, phone, or through our social media channels.
- Surveys and Marketing Campaigns: When you participate in our surveys or promotional activities.
- Payment for Goods and Services: We collect payment-related information when you make transactions for our goods and services.
(2) Sources of Personal Data Collected Automatically
We collect personal data automatically when you interact with us, access our services, or visit our healthcare facilities, physical locations, websites, applications, or online systems. This includes:
- Your service usage data.
- Your communication data with us.
- Information related to your devices used to interact with us.
- Static or motion images captured by closed-circuit television (CCTV).
(3) Sources of Personal Data Not Collected Directly from You
We may receive your personal data from the following sources:
- Close Relations: Such as relatives, spouses, or legal guardians.
- Authorized Representatives: Individuals authorized by you to act on your behalf in communicating with us.
- Network Healthcare Facilities: In cases where you have consented for network facilities to disclose your personal data to us.
- Entities Involved in Your Service Usage: Individuals, legal entities, or organizations, whether governmental, private, or state enterprises, who have referred you for medical services, paid for your services, or invited you to participate in our services or activities.
Additionally, we may verify the accuracy of information provided by you during registration with third parties for security and fraud prevention purposes.
6. Sharing and Disclosure of Personal Data
We may share your personal data with external individuals or organizations for the purposes outlined in this Privacy Notice. The categories of entities with whom we may share your personal data include:
- Healthcare professionals or health consultants providing services within this program.
- Government agencies, authorized entities, or individuals as required or authorized by law, including compliance with court orders.
- Individuals or legal entities with whom we need to comply with contractual obligations or act in your best interests as the data subject. These entities are required to maintain confidentiality and protect your personal data according to data protection laws. Such entities may include, but are not limited to:
- Affiliated medical facilities, as necessary for providing medical examinations and healthcare services. We disclose only the necessary personal data and ensure its confidentiality in compliance with applicable laws, such as the Medical Facility Act B.E. 2541, the National Health Act B.E. 2550, and the Medical Profession Act B.E. 2525.
- Insurance companies or their claim management service providers.
- Referring parties who arrange for your medical examinations or services at our facilities or pay for your services.
- Personal data processors essential to our operations, such as contractors or service providers for identity verification, laboratory tests, logistics, data compilation and analysis, telecommunications, computer systems, payment processing, or technology outsourcing services.
- Cloud computing systems, using third-party providers located in Thailand or abroad. We carefully select and contract with these providers, considering their data security systems to safeguard your personal data.
7. Transfer or Transmission of Personal Data to Other Countries
We may transfer or transmit your personal data from the country where you reside and use our products and/or services to another country where you choose to access and/or subscribe to our products and/or services. In such cases, if we transfer or transmit your personal data to another country, we will comply with applicable laws and obligations related to the processing of your personal data. We will ensure appropriate security standards are in place to guarantee that the company maintains adequate personal data protection standards.