นโยบายความเป็นส่วนตัว - Bangkok Aesthetic Clinic

AESTHETIC MEDICAL CLINIC

  • icon phone
  • icon bsl tel silom
  • icon bsl tel sukhumvit
  • icon enquiry

นโยบายความเป็นส่วนตัว

Privacy Policy

BSL Clinic Co., Ltd. (“the Company”) aims to provide medical services through a new type of online platform, in which case BSL Clinic Co., Ltd. may need to collect personal data of the data subject (“you”). BSL Clinic Co., Ltd. is responsible for protecting the security of personal data under the supervision of BSL Clinic Co., Ltd. and is committed to managing the data in a stable, secure, and reliable manner. Therefore, BSL Clinic Co., Ltd. has established this Privacy Policy (“Policy”), which explains how BSL Clinic Co., Ltd. handles your personal data and sensitive data such as collection, storage, use, disclosure, as well as your various rights, which shall be deemed part of the terms and conditions of service. BSL Clinic Co., Ltd. recommends that you understand this Policy before using the services, and each time you use the services, it shall be deemed that you have read and acknowledged the terms and details of this Policy.

1. Definitions

“Personal Data”
means information relating to a natural person which enables the identification of that person, whether directly or indirectly, but does not include information of a deceased person, information of a juristic person, business contact information that does not identify an individual, the name of BSL Clinic Co., Ltd., the address of BSL Clinic Co., Ltd., the corporate registration number of BSL Clinic Co., Ltd., office telephone number, work email address, group email address of BSL Clinic Co., Ltd., anonymous data, or pseudonymous data that, by technical means, can no longer be used to identify an individual.
“Sensitive Data”means data that is delicate and may be subject to unfair discrimination, such as race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health information, disability, labor union information, genetic data, biometric data, or any other information that similarly affects the data subject, as prescribed by the Personal Data Protection Committee.
“Data Subject”
means the individual who is the subject of the personal data, but does not mean that the individual owns the data or is the creator or collector of such data. The term “Data Subject” refers only to natural persons and does not include juristic persons established under the law, such as BSL Clinic Co., Ltd., associations, foundations, or any other organizations.
“Processing”means any operation performed on personal data, whether by automated means or not, such as collection, recording, organization, storage, alteration or modification, retrieval, consultation, use, disclosure (by transmission, transfer, dissemination, or otherwise making available or accessible), arrangement, combination, blocking or restriction, erasure, or destruction.
“Data Controller”
means a natural person or juristic person who has the authority and duty to make decisions regarding the collection, use, or disclosure of personal data.
“Data Processor”means a natural person or juristic person who carries out the collection, use, or disclosure of personal data on the instructions of, or on behalf of, the Data Controller.
“Cookies”
means small computer files that temporarily store necessary personal data on the data subject’s computer, for the purpose of convenience and speed in communication, which take effect only while accessing the website system.
“Data Protection Officer”means the person appointed by BSL Clinic Co., Ltd. to perform duties in accordance with the Personal Data Protection Act B.E. 2562 (2019).

2. Categories of Data Subjects

BSL Clinic Co., Ltd. processes personal data in accordance with each Privacy Notice, which is specified by the category of data subject and by the activities involving the processing of personal data, as follows:

2.1 Customers / Service RecipientsMeans persons who purchase products and/or use services from BSL Clinic Co., Ltd., persons who register as members, and includes related persons, representatives, or persons authorized to act on behalf of the customer.
Please see the Privacy Notice for Customers and Service Recipients.
2.2 Business PartnersMeans natural persons, representatives of juristic persons such as directors, authorized signatories, attorneys-in-fact, sub-attorneys, operators, employees, and staff of juristic persons who have entered into or will enter into various transactions with BSL Clinic Co., Ltd., as well as persons whose personal data appears in relevant documents. This also includes persons submitting quotations to sell products and/or provide services to BSL Clinic Co., Ltd., such as service providers, consultants, experts, academics, lecturers, participants in business projects, counterparties, or any other persons having similar relationships with BSL Clinic Co., Ltd.
Please see the Privacy Notice for Business Partners.
2.3 Company Personnel
Means employees or persons who work or perform any duties for BSL Clinic Co., Ltd. and receive salaries, wages, benefits, or compensation from BSL Clinic Co., Ltd., such as executives, managers, staff, personnel, or other similar persons. This also includes persons related to the company’s personnel whose personal data appears in documents related to the recruitment process, such as family members, parents, spouses, and children, emergency contacts, reference persons, or beneficiaries.
Please see the Privacy Notice for Employees.
2.4 Job ApplicantsMeans persons who have submitted job applications/internship applications, or any other persons who have provided personal background details to BSL Clinic Co., Ltd. for the purpose of applying for employment/internship, whether as permanent employees or contract employees. This also includes employees hired under outsourcing service providers, freelance workers who have not yet been selected by BSL Clinic Co., Ltd., as well as persons related to the applicants and persons whose personal data appears in documents related to the application, such as family members, reference persons, and emergency contacts.
Please see the Privacy Notice for Applicants.
2.5 Image SubjectsMeans models, presenters, persons hired or compensated for photography, personnel of BSL Clinic Co., Ltd., award or scholarship recipients, as well as individuals who consent to BSL Clinic Co., Ltd. recording still images or moving images during interviews, trainings, events, or group photographs.
Please see the Privacy Notice for Photography.
2.6 Event Participants
Means participants in activities or campaigns of BSL Clinic Co., Ltd., or activities organized by BSL Clinic Co., Ltd., including registrants, trainees, seminar participants, and other similar persons.
Please see the Privacy Notice for Events.
2.7 General PublicMeans any general individuals who have a legal relationship or contact with BSL Clinic Co., Ltd., such as users of the company’s website/application, persons contacting the Call Center, persons contacting the company to request information, respondents to surveys regarding the company’s products and/or services, or any other persons apart from those specified in categories 2.1–2.8 above.
Please see the Privacy Notice for the General Public.
2.8 CookiesBSL Clinic Co., Ltd. may use automated technologies to collect personal data when you access the company’s website or application via computer or mobile devices, including IP address, browser type, operating system, pages visited, and referring websites. Such automated technologies may include the use of cookies or other similar technologies.
Please see the Cookie Policy.

3. Privacy Protection

To comply with personal data protection laws, BSL Clinic Co., Ltd. will issue a Privacy Notice specifying the collection of personal data. Such notice will inform data subjects of the details of personal data collection via electronic means, SMS, or by any other methods determined by BSL Clinic Co., Ltd. The Company will provide this notice to the data subject before or at the time of collection, covering at least the following details, unless the data subject is already aware of them:

  • 3.1 Specify the categories of data subjects whose personal data is collected by BSL Clinic Co., Ltd.
  • 3.2 Explain the purposes and methods of collecting the personal data of data subjects.
  • 3.3 Identify the types of personal data collected.
  • 3.4 Specify the retention period of personal data, at least five years or as appropriate for the benefit of your data, starting from June 2022 until May 2027 (the Company will retain your data for five years from the date of contract termination).
  • 3.5 Specify all rights of the data subject.
  • 3.6 Specify how the data subject may exercise their rights and withdraw consent for the collection of personal data.
  • 3.7 Specify the measures implemented to protect the personal data of data subjects.
  • 3.8 Specify the contact channels of the Data Controller or the Data Protection Officer so that data subjects can make contact, inquire further, or exercise their rights as data subjects.
  • 3.9 Specify the types of persons or external entities that may use the personal data.

4. Collection of Personal Data

In collecting personal data, BSL Clinic Co., Ltd. establishes appropriate measures to ensure the security and confidentiality of your personal data, in order to prevent unauthorized loss, access, destruction, misuse, alteration, or disclosure. BSL Clinic Co., Ltd. and any external parties assigned by the Company will collect your personal data under the following conditions:

  • 4.1 BSL Clinic Co., Ltd. will process personal data you provide with restricted access rights and in a lawful and fair manner, collecting data only for the purposes specified by the Company. Prior to such processing, the Company will notify you and obtain your consent electronically, via SMS, or by other methods as determined by the Company.
  • 4.2 BSL Clinic Co., Ltd. will process personal data only as necessary for lawful purposes that have been notified to you before or at the time of collection. The Company will obtain explicit consent from you unless one of the following exceptions applies, in which case the Company may collect personal data without consent:
    • 4.2.1 To achieve objectives relating to historical or archival records, public interest, research, or statistics, provided that appropriate safeguards are in place to protect your rights and freedoms.
    • 4.2.2 To prevent or suppress danger to a person’s life, body, or health.
    • 4.2.3 Where it is necessary to perform a contract to which you are a party, or to take steps at your request before entering into a contract.
    • 4.2.4 Where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to BSL Clinic Co., Ltd.
    • 4.2.5 Where it is necessary for the legitimate interests of BSL Clinic Co., Ltd. or another person or juristic person, except where such interests are overridden by your fundamental rights in personal data.
    • 4.2.6 Where it is necessary for compliance with the law.
  • 4.3 For the collection of sensitive personal data, BSL Clinic Co., Ltd. must obtain your explicit consent prior to or at the time of collection, in accordance with lawful requirements. The Company may collect sensitive personal data for certain services only with your explicit consent, when you voluntarily disclose it to the public, or when permitted under the Personal Data Protection Act, based on at least one lawful basis as follows:
    • 4.3.1 With your explicit consent.
    • 4.3.2 To prevent or suppress danger to life, body, or health, where you are unable to give consent.
    • 4.3.3 For legitimate activities of foundations, associations, or non-profit organizations with purposes relating to politics, religion, philosophy, or labor unions, provided that appropriate safeguards are in place.
    • 4.3.4 Where the data is publicly disclosed with your explicit consent.
    • 4.3.5 Where necessary for the establishment, compliance, or exercise of legal claims, or for defense of legal claims.
    • 4.3.6 Where necessary for compliance with the law to achieve objectives in preventive or occupational medicine, assessment of an employee’s work capacity, public health benefits, labor protection, social security, national health insurance, welfare related to medical treatment, scientific or historical research, statistics, or other substantial public interest.
  • 4.4 In the event that BSL Clinic Co., Ltd. processes your personal data in a manner and/or for purposes inconsistent with those originally specified, the Company will issue additional personal data protection policies or notices and/or provide written notification to explain such processing. You should read such additional policies or notices together with this Policy and/or the relevant written notification, as the case may be.

5. Collection of Personal Data of Minors, Incompetent Persons, or Quasi-Incompetent Persons

In cases where BSL Clinic Co., Ltd. needs to process the personal data of minors (under 18 years old), incompetent persons, or quasi-incompetent persons, the Company will proceed as follows:

  • 5.1 Where the data subject is a minor, an incompetent person, or a quasi-incompetent person who must obtain consent from a parent, guardian, custodian, or curator (as the case may be) — unless otherwise permitted by law without consent — BSL Clinic Co., Ltd. may process such data for the benefit of the data subject in using the services as consented. The Company will process such personal data in compliance with the Personal Data Protection Act, giving the highest regard to the protection of personal data, under the following conditions:
    • 5.1.1 Minor means a person under 18 years old who has not yet reached legal age but may perform certain acts appropriate to their status by themselves, such as matters related to education, applying for additional courses for self-development, employment under a labor contract, business-related dealings, or activities legally permitted for minors or deemed as if the minor has legal capacity. In giving any consent, a data subject deemed to have the same status as a person of legal age may give consent on their own, except where the law requires certain types of consent to also be given by the legal guardian. For minors under 18 years of age, consent must be obtained directly from the legal guardian.
    • 5.1.2 Quasi-incompetent person means a person declared by the court to be quasi-incompetent due to physical disability, mental instability, habitual extravagance, chronic intoxication, or other similar reasons, resulting in the inability to manage their own affairs or in a way that may cause detriment to their own or their family’s assets. In such cases, consent must be obtained from the curator authorized to act on behalf of the quasi-incompetent person, unless otherwise provided by law.
    • 5.1.3 Incompetent person means a person declared by the court to be incompetent due to insanity. In such cases, consent must be obtained from the guardian authorized to act on behalf of the incompetent person.
  • 5.2 In cases where consent must be obtained from a parent, guardian, custodian, or curator (as the case may be), BSL Clinic Co., Ltd. will obtain such consent directly from the authorized person, and only such authorized persons will act on behalf of the data subject. The Company relies in good faith that the information received from these authorized persons is information that the Company has the right to process, and that such persons have the authority to disclose the information to the Company. The Company will process such personal data in accordance with the procedures specified in the relevant Privacy Notice for each type of activity.

6. Use and Disclosure of Personal Data

  • 6.1 BSL Clinic Co., Ltd. will use personal data only for the purposes notified to the data subject. In any case where the Company intends to collect, use, or disclose additional personal data, or change the purpose of such collection, use, or disclosure, the Company will notify the data subject prior to processing such personal data, unless otherwise required or permitted by law.
  • 6.2 BSL Clinic Co., Ltd. will use personal data appropriately. In cases where the Company uses information services from external service providers, the Company will implement security measures and controls over access, use, and disclosure of personal data. The Company will oversee its employees, service providers, officers, or operators to ensure that they do not use or disclose your personal data beyond the purposes specified by the Company or disclose it to third parties without authorization.
  • 6.3 BSL Clinic Co., Ltd. may disclose your personal data currently collected and to be collected in the future to BSL Clinic Co., Ltd. group companies as listed on the website www.bslclinic.com, as well as to partners, business counterparts, individuals, or other juristic persons within the scope of agreed terms and as reasonably expected.

7. Principles of Personal Data Processing

  • 7.1 BSL Clinic Co., Ltd. will process personal data, whether as a Data Controller or as a Data Processor, lawfully, fairly, transparently, and with regard to the accuracy of personal data. The scope, purposes of processing, and retention period will be limited to what is necessary, in line with lawful purposes and the business operations of BSL Clinic Co., Ltd.
  • 7.2 BSL Clinic Co., Ltd. will establish processes and controls to manage personal data at every stage, in compliance with applicable laws and the Company’s Personal Data Protection Policy.
  • 7.3 BSL Clinic Co., Ltd. will create and maintain Records of Processing Activities (ROPA) to record all items and activities related to personal data processing in compliance with the law, and will update such records when there are changes in items or activities.
  • 7.4 BSL Clinic Co., Ltd. will establish clear processes to ensure that the purposes of collection and details of personal data processing (Privacy Notices), as well as requests for consent from data subjects, comply with the law, and will implement measures for oversight and verification in this regard.
  • 7.5 BSL Clinic Co., Ltd. will adopt measures to allow access to personal data only by persons who need to know and access such data, so that the Company can perform its duties according to written instructions from the employer or within the scope of work contracted. In cases where BSL Clinic Co., Ltd. acts as a Data Processor, the Company will process personal data only according to written instructions as specified in the contract and within the scope of the contracted work, and will comply with data protection laws relating to the duties of a Data Processor.
  • 7.6 In cases where BSL Clinic Co., Ltd. transfers or permits others to use personal data, the Company will establish agreements on the use of such data to define rights and obligations in compliance with applicable laws and the Company’s Personal Data Protection Policy.
  • 7.7 In cases where BSL Clinic Co., Ltd. transfers personal data abroad, the Company will comply with applicable laws.
  • 7.8 BSL Clinic Co., Ltd. will destroy personal data upon the expiration of the retention period, in compliance with applicable laws and the Company’s business practices.
  • 7.9 BSL Clinic Co., Ltd. will assess risks and establish measures to mitigate risks and reduce impacts arising from personal data processing.
  • 7.10 BSL Clinic Co., Ltd. will regularly review and update its policies, standards, guidelines, procedures, and other documents related to personal data protection, to ensure they are up-to-date and consistent with applicable laws and prevailing circumstances.

8. Retention Period of Personal Data

BSL Clinic Co., Ltd. will retain personal data of data subjects according to the type of activity and the purposes of personal data processing as specified in the Privacy Notices published on the Company’s website. After the expiration of such retention period, BSL Clinic Co., Ltd. will delete or destroy the personal data from its systems and from the systems of any third-party service providers engaged by the Company (if any), or render the data unidentifiable, or take any other actions as required under the Personal Data Protection Act to ensure effective protection of personal data. Unless otherwise permitted by the Personal Data Protection Act or other applicable laws, the Company shall not retain personal data beyond the specified period.

However, BSL Clinic Co., Ltd. may retain personal data for a period longer than the specified retention period if permitted by law, or if such retention is necessary for the establishment of legal claims by the Company, for compliance with applicable laws, or for compliance with lawful orders of officials or government authorities, or for legitimate business purposes.

9. Rights of Data Subjects

BSL Clinic Co., Ltd. grants data subjects the rights prescribed under the Personal Data Protection Act, as follows:

  • 9.1 The right to withdraw consent for the processing of personal data at any time during which the Company holds such personal data.
  • 9.2 The right to access and obtain a copy of personal data, and the right to request disclosure of the source of personal data.
  • 9.3 The right to receive personal data in a commonly used, machine-readable format.
  • 9.4 The right to object to the processing of personal data at any time.
  • 9.5 The right to request BSL Clinic Co., Ltd. to delete, destroy, or anonymize personal data so that it can no longer identify the data subject.
  • 9.6 The right to request BSL Clinic Co., Ltd. to suspend the use of personal data.
  • 9.7 The right to request BSL Clinic Co., Ltd. to ensure that personal data is accurate, up-to-date, complete, and not misleading.
  • 9.8 The right to file a complaint in the event that BSL Clinic Co., Ltd., its employees, or contractors violate or fail to comply with the Personal Data Protection Act, by submitting a complaint through the Data Processing Complaint Form.

BSL Clinic Co., Ltd. respects your privacy rights and provides you with options to control how the Company communicates with you. The Company will comply with your requests in order to enhance transparency, data quality, and accuracy. Any request to exercise your rights under the law must be made in writing through the electronic system provided on the Company’s website. If you wish to withdraw your consent, you may do so by adjusting the settings in the application in which you are registered, or by submitting the Data Subject Rights Request Form. In the case of consent withdrawal, you may also submit the Consent Withdrawal Form.

10. Security of Personal Data

BSL Clinic Co., Ltd. recognizes the importance of safeguarding your personal data. The Company has therefore established appropriate measures to prevent unlawful loss, access, destruction, use, alteration, modification, or disclosure of personal data, and has implemented policies, rules, guidelines, and procedures as follows:

  • 10.1 Establish clear policies and procedures for the protection of personal data and for managing data securely in compliance with applicable laws.
  • 10.2 Prohibit the sale of your personal data under any circumstances and prohibit the transfer of your personal data to any third party who is not a data processor of BSL Clinic Co., Ltd.
  • 10.3 Restrict employees’ rights to access personal data and define access rights or usage rights to maintain confidentiality and security of the data.
  • 10.4 Prevent unauthorized access and use of personal data by implementing data encryption, authentication, and antivirus technologies, as necessary.
  • 10.5 Conduct due diligence on the status of business partners and require that business partners comply with applicable personal data protection laws, regulations, and restrictions on the use of personal data.
  • 10.6 Monitor and review the Company’s website through entities with expertise in data protection and security.
  • 10.7 Require employees of BSL Clinic Co., Ltd. to undergo training on personal data protection and data security.
  • 10.8 Assess personal data protection practices, including the management and safeguarding of data through appropriate technical, physical, and administrative measures, and review security measures when necessary or when technology changes.
  • 10.9 Implement audit systems to delete or destroy personal data once the retention period has expired, or when the data is irrelevant or no longer necessary for the purposes of collection.
  • 10.10 Implement a system to report personal data breaches to the Office of the Personal Data Protection Committee within 72 hours of becoming aware of the breach, to the extent possible, unless such breach poses no risk of affecting the rights of data subjects.

11. Links to Third-Party Websites and Services

The website of BSL Clinic Co., Ltd. may contain links to third-party websites, which may collect certain information regarding your usage and personal data. BSL Clinic Co., Ltd. cannot be held responsible for the security or privacy of any data collected by such third-party websites. Data subjects should exercise caution and carefully review the privacy policies of those third-party websites before using their services, as follows:

  • 11.1 BSL Clinic Co., Ltd. provides options for users to export their data to third-party applications and websites, including but not limited to social networking sites such as Facebook, Twitter, or LinkedIn. By exporting such data, users may be disclosing their information to other persons or organizations responsible for operating and maintaining those third-party applications and sites. Others who access or use such applications or sites may also gain access to the users’ data.
    BSL Clinic Co., Ltd. does not own or manage the applications or websites to which users connect. Therefore, the Company advises users to be cautious about disclosing personal information in this manner and to review the privacy policies of those websites to ensure they are satisfied with how their information will be used.
  • 11.2 BSL Clinic Co., Ltd. uses Google Analytics to view user activity data, including but not limited to browser information, device information, and country of origin, for the purpose of improving platform user experience, as well as for tailoring and advertising products and services to individual users. Such data is not disclosed to anyone outside BSL Clinic Co., Ltd. If users do not want Google Analytics to access their usage data, they may opt out by disabling tracking via Google’s tool at https://tools.google.com/dlpage/gaoptout/
  • 11.3 BSL Clinic Co., Ltd. uses Hotjar to better understand user needs and to improve service experiences by recording platform usage behavior, such as the duration of page views, link clicks, button clicks, or screen recordings during usage. Hotjar uses cookies and other technologies to record user data, including device type, device size, device IP address, browser information, country, and language settings. Hotjar does not collect sensitive personal information such as phone numbers or credit card numbers, nor does it sell such data to third parties. More information about Hotjar can be found at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.

12. Use of Personal Data for Original Purposes

In cases where BSL Clinic Co., Ltd. collected your personal data before the effective date of the Personal Data Protection Act with respect to the collection, use, or disclosure of personal data, the Company will continue to collect and use your personal data in accordance with the original purposes. You have the right to withdraw your consent at any time by contacting BSL Clinic Co., Ltd. through the Consent Withdrawal Form, or by managing your consent settings in the personal data management section of the BSL Clinic Co., Ltd. application in which you are a member.

13. Contact Channels

BSL Clinic Co., Ltd. is the coordinator responsible for the Company’s personal data protection matters. If a data subject has any questions or wishes to exercise the rights set out in this Policy, please contact us via the following channels:
Matters related to personal data: Contact the Data Protection Officer (DPO)

  • Email: [email protected] and please complete the form Link
  • Address: 30/8 Saladaeng Road, Silom Subdistrict, Bangrak District, Bangkok 10500
  • Telephone: 099-343-8666
  • Business hours: Daily, 10:00 a.m. – 8:00 p.m.

14. Policy Review

BSL Clinic Co., Ltd. may revise, amend, or update this Privacy Policy from time to time in order to comply with legal requirements. The Company will announce any changes through its website and/or other platforms of BSL Clinic Co., Ltd.

Announced on May 31, 2022

icon tel icon enquiry icon line icon email
-->
icon email