Privacy Policy
Core Rhythm Heart Center
Last Updated: June 1, 2025
Core Rhythm Heart Center (hereinafter referred to as “the Center” or “we”) recognizes the importance of protecting the personal data of patients, relatives, and all service recipients. We have therefore established this Privacy Policy to clarify the collection, use, disclosure, and protection of your personal data, covering patients, relatives, service recipients, and visitors or users of the Center’s websites and various platforms.
This policy has been formulated in accordance with the Personal Data Protection Act B.E. 2562 (2019) and related laws.
ศูนย์หัวใจคอร์ริธึม (Core Rhythm Heart Center) (ต่อไปนี้จะเรียกว่า “ศูนย์/เรา”) ตระหนักถึงความสำคัญของการคุ้มครองข้อมูลส่วนบุคคลของผู้ป่วย ญาติ และผู้รับบริการทุกท่าน เราจึงได้จัดทำนโยบายการคุ้มครองข้อมูลส่วนบุคคลฉบับนี้ เพื่อชี้แจงการเก็บรวบรวม ใช้ เปิดเผย และคุ้มครองข้อมูลส่วนบุคคลของท่าน ซึ่งครอบคลุมถึงผู้ป่วย ญาติ ผู้รับบริการ และผู้เข้าชมหรือใช้งานเว็บไซต์และแพลตฟอร์มต่างๆ ของศูนย์
นโยบายฉบับนี้จัดทำขึ้นตามพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562 และกฎหมายที่เกี่ยวข้อง
Article 1. Personal Data Collected by the Center
The Center will collect personal data that can identify you, whether directly or indirectly, including data you provide directly through registration in both document form and online forms of the Center, as well as information provided on website systems, cookies, transaction data, and user experience through web pages or other platforms of the Center, with details as follows:
1.1 General Personal Data
- Personal Information: Name-surname, date of birth, age, gender, nationality, national identification number, marital status
- Contact Information: Address, telephone number, email, emergency contact information
- Insurance Information: Insurance company, policy number, treatment benefits
- Financial Information: Payment information, credit/debit cards, bank account information
1.2 Sensitive Personal Data
- Health Information: Medical history, examination results, medical photographs, surgical information
- Genetic Information: Genetic test results, family history
- Biometric Information: Fingerprints, facial features, voice (if applicable), religious information
1.3 Data from Website or Online Platform Usage
- Website Usage Data: IP Address, cookies
- Disease Screening Data
- Inquiry Data: Online consultation information
Article 2. Purposes of Data Collection
The Center will collect, use, and disclose your personal data only for the purposes specified under this Privacy Policy, with details as follows:
2.1 Medical Service Provision
- Medical treatment, disease diagnosis, surgery
- Treatment follow-up, rehabilitation
- Medical consultation
- Patient referral to specialist physicians
2.2 Administrative Management
- Appointments, treatment scheduling
- Issuance of certificates and medical documents
- Billing, insurance claims
- Communication, treatment result notifications
2.3 Legal Compliance
- Reporting to government agencies
- Compliance with medical regulations
- Infectious disease investigation, disease surveillance
2.4 Marketing, Public Relations, and Relationship Building
- To provide health information and treatment recommendations
- To send health news and beneficial medical articles
- To present information about treatment packages, promotions, and various benefits of the Center
- To conduct satisfaction surveys and use feedback to improve service quality
Should there be any future changes to these purposes, we will notify you or may request consent (if necessary) and maintain records of amendments as evidence.
We will not collect, use, or disclose your personal data for any other purposes beyond those notified to you before or during collection.
Article 3. Legal Basis for Data Processing
The Center will collect, use, and disclose your personal data by obtaining your consent first, except in cases where the law provides authority under the Personal Data Protection Act B.E. 2562 (2019) Section 24 or Section 26, with details as follows:
3.1 Contract Performance
- Service provision as agreed
- Fee collection
3.2 Legal Compliance
- Reporting under public health laws
- Medical record retention as required by law
3.3 Legitimate Interests
- Fraud prevention and detection
- Treatment quality improvement
3.4 Vital Interests
- Emergency medical treatment
- Emergency situation assistance
3.5 Consent
- Provision of health information, marketing, and various benefits
Article 4. Personal Data Disclosure
The Center will disclose your personal data only in accordance with the guidelines established under the Personal Data Protection Act B.E. 2562 (2019), adhering to the principle of disclosure only as necessary and maintaining confidentiality in compliance with the law, as follows:
4.1 Within the Center
- Physicians and related medical personnel
- Financial and administrative staff
- IT and security personnel
4.2 Outside the Center
- Other hospitals and medical facilities
- Laboratories, X-ray centers
- Insurance companies
- Related government agencies
- Technology service providers
4.3 Cross-Border Data Transfer
- Will be performed only when necessary, such as for overseas medical consultations
- Must have adequate data protection measures
- Patients will be notified in advance
Article 5. Data Retention
The Center will retain your data as long as necessary for the respective purposes, not exceeding the following periods, unless you exercise your right to request deletion or destruction before the expiration of such period:
5.1 Retention Periods
- Medical Data: As required by law, from the date the patient last received services
- Financial Data: As required by law
5.2 Data Destruction
- Data will be destroyed when no longer necessary
- Secure destruction methods that cannot be recovered will be used
- Records of data destruction will be maintained
Article 6. Security Measures
The Center recognizes the importance of your personal data security and has implemented security measures in accordance with the Personal Data Protection Act B.E. 2562 (2019) and other related laws.
Article 7. Rights of Patients and Data Subjects
Your rights in this section are rights under the Personal Data Protection Act B.E. 2562 (2019) and other related laws that you should be aware of. You may exercise various rights under the conditions of the law and policies established by the Center before, during, or that may be amended in the future, as well as criteria determined by the Center.
7.1 Right to Withdraw Consent
You have the right to withdraw consent at any time throughout the period your personal data is with the Center, except where such rights are limited by law or there are contracts that benefit you (whether consent given before or after the effective date of the Personal Data Protection Act).
7.2 Right to Access and Obtain Data or Copies
You have the right to access or obtain your personal data under the Center’s responsibility and request the Center to make copies of such data for you, including requesting disclosure of how personal data was obtained when you did not give consent.
7.3 Right to Object
You have the right to object to the collection, use, or disclosure of your personal data at any time, in cases where the law authorizes the Center to collect your data without requiring your prior consent.
7.4 Right to Rectification
You have the right to request correction of your personal data to be accurate, current, and not misleading.
7.5 Right to Erasure or Destruction
You have the right to request deletion or destruction of your personal data, or to make personal data non-identifiable, in the following cases:
- Your data is not necessary to retain for the purposes of collection, use, or disclosure
- When you have exercised the right to withdraw consent and the company has no legal authority to collect, use, or disclose your personal data
- When you exercise the right to object under Article 7.3 and the company cannot refuse the request under law
- When your data has been collected, used, or disclosed unlawfully
7.6 Right to Restrict Processing
You have the right to request the Center to suspend the use of your data in the following cases:
- When the Center is in the process of verification as you requested
- When it is personal data that must be deleted or destroyed, but you request suspension of use instead
- When your data is no longer necessary for retention according to the collection purposes, but you need to keep it for legal claims, legal compliance, or legal defense
7.7 Right to Data Portability
You have the right to request the Center to ensure your data is accurate, current, complete, and not misleading. If the Center cannot comply with the request, it will record your request along with reasons in the electronic system.
7.8 Right to Complaint
You have the right to file complaints with authorized persons under relevant laws if you believe that the collection, use, and/or disclosure of your personal data violates or fails to comply with relevant laws.
7.9 Limitations on Rights
The exercise of your aforementioned rights may be limited under relevant laws, and there may be necessary cases where the Center may refuse or cannot comply with your requests, such as legal compliance or court orders, or when exercising rights violates the rights or freedoms of others.
Response time: 30 days from receipt of request
Article 8. Use of Cookies
Cookies are files created by websites you visit that help make your online activities easier by saving browsing information. Websites use cookies to keep you signed in, remember website settings, and provide relevant content.
We collect website visit data from all visitors through cookies or similar technologies to improve platform usage efficiency and access to our services through the internet system, categorized as follows:
- Essential Cookies: For website functionality
- Analytics Cookies: For performance improvement
- Marketing Cookies: For relevant advertising (with consent)
If you do not wish to have user data collected through cookies, software, and measurement tools, you can delete or reject cookies or certain measurement software through your browser by adjusting your browser settings. However, if you remove cookies, you will be logged out of the website system and the system may delete your saved settings.
- Users can configure browsers to reject cookies
- Existing cookies can be deleted
- Rejecting cookies may affect website functionality
Article 9. Links to Third-Party Websites
The Center’s websites and online channels may contain links to third-party websites, such as partner hospitals or related government agencies, for the purpose of providing additional beneficial information.
The Center has measures to regularly verify the appropriateness and security of such websites before allowing them to appear on the Center’s websites and online channels. However, if you click links leading to third-party websites, please note that this Privacy Policy will not apply to such websites as they are beyond the Center’s control. We recommend that you study the privacy policies of such third-party websites (if any) to learn more about how they handle your personal data.
Article 10. Complaints
If you believe the Center processes your personal data in violation of the law, you may file a complaint at:
Core Rhythm Company Limited
Business Hours: Monday-Friday 8:00-17:00
Article 11. Policy Changes
The Center may update this Privacy Policy from time to time to align with changes in the Center’s services and operations, and feedback or opinions from you. The Center will clearly announce changes before implementing them or may send notifications on the website.
