Privacy Notice for Personal & Health Data Protection
The platform operator of Dialysis Travel Thailand places the highest priority on protecting your personal data. As providing coordination services for hemodialysis session bookings in Thailand necessitates the use of “Sensitive Personal Data,” the platform operator must obtain your explicit consent prior to taking any action.
1. Types of Health Data Required for Collection
For the benefit of coordination and medical readiness assessment by the destination medical facility in Thailand, the platform operator must process the following data:
- Hemodialysis-related medical history and treatment records.
- Laboratory test results (Lab Results), including test results for blood-borne infectious diseases (e.g., HIV, Hepatitis B and C).
- Medical Prescriptions and the attending physician’s notes.
2. Purposes of Data Processing
The platform operator will collect, use, and disclose your data strictly for the following purposes:
- To contact, coordinate, and confirm hemodialysis appointment bookings with your selected network medical facility.
- To deliver to the physicians and staff of the destination medical facility for their consideration in accepting the patient and clinical preparation.
3. Data Retention
The platform operator will retain your health data for a period of 1 year from the date of service completion, for the purposes of transaction dispute resolution or auditing, under the basis of Legitimate Interest. Upon expiration of this period, your data will be deleted or subjected to Anonymization in accordance with legal standards.
4. Security & Cloud Storage
All data will be exclusively delivered to your selected medical facility in Thailand. Your data will be stored in highly secure systems, which may include international standard Cloud Computing systems, subject to advanced Encryption measures that strictly prohibit Third-Party Access, thereby preventing data leaks and unauthorized access.
5. Data Subject Rights
Under the Personal Data Protection Act (PDPA), you have the following rights regarding your data:
- Right to access, rectify, erase, object to, and restrict the processing of your personal data.
- Right to Data Portability: You have the right to receive your personal data provided to us in a format generally readable or usable by automated tools, and the right to request us to send or transfer such data to another data controller, unless technically unfeasible.
- Right to Lodge a Complaint: If you discover that our processing of personal data does not comply with the law, you have the right to lodge a complaint with the expert committee under the Personal Data Protection Committee (PDPC) at any time
6. Data Breach Notification Protocols
The platform operator maintains a cybersecurity monitoring process. In the event of a personal data breach, we affirm our responsibility to notify the Personal Data Protection Committee (PDPC) within 72 hours of becoming aware of it. If the breach poses a high risk to your rights and freedoms, we will notify you without delay and propose mitigation measures.
7. Cookie Policy
The platform may process behavioral data automatically collected via Cookies and Tracking Technologies on the website for visitation statistical analysis. We provide a consent mechanism via a Cookie Banner, allowing you the right to adjust settings or reject non-essential cookies at any time.
8. Right to Withdraw Consent
You have the right to withdraw this consent at any time. Note: Withdrawing consent may result in the platform operator being unable to continue providing hemodialysis booking coordination services to you, but it will not affect any data processing already conducted prior to the withdrawal.