Privacy Policy
Phuket Provincial Administrative Organization Hospital
Phuket Provincial Administrative Organization Hospital (Phuket PAO Hospital), as a personal data controller, recognizes the importance of personal data protection and the rights of data subjects. As a user of the hospital's services, you are entitled to protection under the Personal Data Protection Act and related laws. The hospital has therefore prepared this Privacy Policy to explain how the hospital collects, uses, or discloses your personal data as a data subject, with the following details.
1. Collection of Personal Data
The hospital collects your personal data only as necessary. This includes cases where you provide data to the hospital directly, whether to request services through the hospital's website or any other channel — such as doctor appointments, online registration, or newsletter subscription — as well as offline transactions such as patient registration at the hospital's registration counter.
In addition, the hospital may receive your personal data from third parties, such as your family members or persons close to you, hospitals or agencies in the hospital's network — including the hospital's agents or service providers — or government agencies, in cases where you have given consent to such disclosure or where disclosure is required by law.
2. Personal Data Collected
The types of personal data the hospital collects depend on the purpose of collection. The personal data collected directly from you or from third parties includes the following:
- Identification data, such as name, surname, photograph, gender, date of birth, passport, national ID card number, or other identifying numbers
- Contact data, such as address, telephone number, and email
- Service data, such as doctor appointment information, personal data of relatives, room preferences, and other additional services
- Newsletter subscription and marketing activity data, such as seminar registration and promotion sign-ups
- Statistical data, such as patient numbers and website visits
- Data from your use of the hospital's website, such as IP address, cookies, and online doctor appointments
- Health data, reports relating to your physical and mental health, your healthcare, laboratory test results, and diagnoses
- Data relating to your medication use and drug allergies
- Opinions, feedback, and treatment outcomes you provide
2.1 Website Visit Statistics (Web Analytics)
When you visit the website, the system automatically records visit data for analysis and service improvement, including:
- The visitor's IP address
- Approximate location (country/province/city) derived from the IP address
- Pages visited, date and time of visit, referrer, and browser information (User-Agent)
- Pageviews and unique visitors
Legal basis: Legitimate interest, for statistical analysis and website improvement.
Disclosure to third parties: IP addresses are sent to an approximate geolocation service provider (ip-api.com) solely for conversion into geographic location data; no other personal data is transmitted.
Retention period and access: Visit logs are retained for no more than 180 days and are then deleted automatically. Anonymized summary statistics may be retained on an ongoing basis for statistical comparison. Access is restricted to authorized system administrators only.
3. Purposes of Collecting, Using, or Disclosing Personal Data
The hospital collects, uses, or discloses your personal data based on your consent, the performance of a contract between us, or otherwise for the hospital's legitimate interests, for the following purposes:
3.1 Medical service purposes, including:
- Providing or delivering the hospital's services and your access to services, whether online or offline
- Doctor appointments, sending news, and recommending hospital services
- Coordinating and transferring data to network hospitals and other healthcare facilities to expedite patient referrals
- Patient identity verification
- Sending doctor appointment reminders or offers of assistance from the hospital
- Accounting or financial purposes, such as payment verification, billing, and refunds
- Maintaining safety and security, including your safety during hospital stays
- Compliance with hospital regulations
- Compliance with laws, regulations, rules, or requests from government agencies
- Other purposes supporting the above, or as consented to by you from time to time
3.2 Public relations and communication purposes
Used/disclosed only after obtaining your consent, including:
- Offering benefits to members of hospital programs or clubs
- Public relations and communication with patients, such as sending information about promotions and services, including from cooperating agencies
- Satisfaction surveys, opinion research, and statistical analysis to improve or develop services
- Communicating with you and responding to questions or complaints relating to the use of services
4. Persons/Entities to Whom Personal Data May Be Disclosed
- Network hospitals and cooperating healthcare agencies
- The hospital's agents/service providers, such as information technology service providers
- Related organizations, such as insurance companies, loyalty programs, and entities involved in service provision
- Banks/payment service providers
- Security officers or security agencies
- Immigration/customs authorities
- Government and regulatory agencies as permitted or required by law
5. Retention Period of Personal Data
- Data is retained only as long as necessary to fulfill the purpose of each data type
- After that period, data will be deleted/destroyed according to the processes and timeframes set out in the hospital's policy and applicable laws
6. Rights of the Data Subject
To exercise your rights, please contact the Data Protection Officer under Section 8 to submit a request, as follows:
- Request access to, a copy of, or portability of your own personal data
- Object to or suspend processing
- Request correction of inaccurate/incomplete data, or deletion/destruction/disclosure of the data's source in certain cases
- Lodge a complaint with the Personal Data Protection Committee if data is used/disclosed contrary to your consent or the law
- Withdraw consent at any time while the data is held by the hospital (except where rights are restricted by law or contract)
Withdrawal of consent may result in insufficient data to provide the services you require and may affect your convenience in receiving services.
7. Security Measures
The hospital applies technical and organizational measures in accordance with personal data protection law, restricts access rights, and protects data against unauthorized loss, access, use, modification, alteration, or disclosure.
8. Contact
Telephone: +66 (0) 7635 8888
Postal address: Data Protection Officer
Phuket Provincial Administrative Organization Hospital
18, 20 Anuphas Phuket Karn Road, Talat Yai Subdistrict, Mueang Phuket District, Phuket 83000, Thailand
9. Changes to this Privacy Policy
This policy may be updated to reflect changes, such as changes in applicable law. Updates will be announced through appropriate channels.
This Privacy Policy takes effect from 1 June 2021 (B.E. 2564).