Privacy Policy

DrStemCellsThailand‘s Anti-Aging and Regenerative Medicine Center of Thailand PRIVACY DISCLOSURE STATEMENT

I. PREAMBLE

DrStemCellsThailand‘s Anti-Aging and Regenerative Medicine Center of Thailand (hereinafter, “the Establishment”), in the discharge of its operational responsibilities, is firmly committed to the preservation of individual privacy rights. This Privacy Disclosure Statement (hereinafter, “the Statement”) explicates the methodologies employed in the collection, utilization, and protection of personal data obtained through interactions with the Establishment’s digital interface and service offerings. By accessing or utilizing the aforementioned digital interface, the user (hereinafter, “the Data Subject”) affirmatively acknowledges and consents to the practices as articulated herein.

II. CATEGORIES OF INFORMATION ACQUIRED

The Establishment undertakes the collection and processing of disparate data classifications, encompassing but not limited to:

A. Information Provided Voluntarily by the Data Subject:

i. Personally Identifiable Information (PII): Including, but not limited to, the Data Subject’s legal name, electronic mail address, telephone contact number, and the substance of medical inquiries submitted through designated channels for communication.

ii. Supplemental Data: Information furnished through digital or physical forms, electronic mail communications, telephonic interactions, or other modalities of conveyance.

B. Automatically Generated Information:

i. Technical Metadata: Including the Data Subject’s Internet Protocol (IP) address, browser specifications, operating system configurations, and device identification particulars.

ii. Website Interactional Data: Details concerning the Data Subject’s engagement with the Establishment’s digital interface, encompassing, but not limited to, frequented pages, interactional clicks, and referral Uniform Resource Locators (URLs).

iii. Logistical Metadata: Data generated for the express purposes of analytics, iterative site refinement, and maintenance of security protocols.

C. Information Sourced from Third-Party Entities:

i. Extracted Data: Information acquired from commercial partners, contractual subcontractors, analytics service providers, and financial transaction processors.

III. JUSTIFICATION FOR DATA PROCESSING ACTIONS

The Establishment undertakes the processing of personal data predicated upon the following legally recognized bases:

A. Explicit Consent: Processing actions undertaken pursuant to the express and unequivocal authorization of the Data Subject for specified and delineated purposes.

B. Contractual Fulfillment: Processing actions deemed necessary to the proper execution of the Establishment’s contractual obligations to the Data Subject.

C. Legal Mandate: Processing actions implemented to ensure scrupulous compliance with extant statutes and regulatory strictures promulgated by duly authorized governmental entities.

D. Legitimate Interests: Processing actions undertaken in furtherance of the Establishment’s operational necessities, wherein such actions are not reasonably anticipated to contravene the Data Subject’s fundamental rights and freedoms.

The Establishment reserves the right to utilize the Data Subject’s information for the following enumerated purposes:

A. Responsive Communications and Service Provision: To facilitate responses to submitted inquiries and effectuate the provision of duly requested services.

B. Digital Interface Optimization: To iteratively refine the performance characteristics of the digital interface and augment the Data Subject’s user experience.

C. Dissemination of Informational Content: To transmit periodic updates, promotional material, and medically pertinent data (subject to the Data Subject’s exercise of established opt-out mechanisms).

D. Regulatory Adherence and Security Maintenance: To ensure scrupulous adherence to established medical protocols, legal mandates, and data security standards.

E. Research and Analytical Activities: To conduct research, undertake statistical analyses, and implement measures for the prevention of fraudulent activities.

IV. MODALITIES OF DATA DISSEMINATION AND THIRD-PARTY ACCESS PARAMETERS

The Establishment maintains a strict policy prohibiting the sale or exchange of personal data for pecuniary gain. However, the Establishment reserves the right to disseminate Data Subject information to the following classes of entities:

A. Service Provision Entities: External entities providing support in the functional domains of digital interface maintenance, customer support operations, and information technology security.

B. Medical Consultative Entities: Licensed medical professionals engaged for the express purpose of interprofessional consultation as necessitated by the Data Subject’s specific circumstances.

C. Regulatory Enforcement Entities: Governmental or quasi-governmental authorities when such dissemination is legally mandated or deemed necessary to ensure compliance with applicable security protocols.

D. Marketing Facilitation Entities: Affiliated entities engaged for the express purpose of disseminating promotional materials to Data Subjects who have affirmatively elected to receive such material.

All external entities receiving personal data are contractually obligated to adhere to rigorous confidentiality provisions that at least meet prevailing industry standards.

V. DATA SECURITY PROTOCOLS

The Establishment has instituted a multi-layered data security architecture encompassing the following components:

A. Cryptographic Mechanisms: Implementation of industry-standard encryption protocols and firewall technologies to safeguard data traversing network boundaries.

B. Access Control Mechanisms: Restriction of access to personal data to specifically authorized personnel whose functional responsibilities necessitate such access.

C. Compliance Mandates: Adherence to globally recognized data security standards governing online transactions and data storage.

VI. UTILIZATION OF COOKIES

Cookies, which are small digital artifacts stored on the Data Subject’s local computing device, are deployed to augment the user’s browsing experience by facilitating essential digital interface functionalities. While the Data Subject retains the prerogative to disable cookies via browser settings, it is hereby stipulated that such actions may result in the degradation or non-functionality of certain digital interface features. The cookies deployed by the Establishment do not, under any circumstances, collect Personally Identifiable Information (PII).

VII. DATA SUBJECT RIGHTS

The Data Subject is hereby recognized as possessing the following legally enforceable rights pertaining to their personal data:

A. Right of Access: The Data Subject is entitled to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information

B. Right to Rectification: Data Subjects have the right to have inaccurate personal data rectified, or completed if it is incomplete.

C. Right to Erasure: Data Subjects have the right to have their personal data erased, and the data controller must erase the data without undue delay if specific conditions are met.

D. Right to Restriction of Processing: Data Subjects have the right to restrict the processing of their personal data in certain circumstances.

E. Right to Object: Data Subjects have the right to object to the processing of their personal data, including direct marketing, profiling, and scientific or historical research.

F. Right to Data Portability: Data Subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit the data to another controller without hindrance.

G. Right to Withdraw Consent: The Data Subject retains the unqualified and unconditional right to withdraw previously granted consent to specific data processing activities at any time.

H. Right to Redress: The Data Subject maintains the right to lodge complaints with duly constituted data protection authorities should they believe that the Establishment’s data processing activities contravene applicable legal mandates.

Requests to exercise the aforementioned rights may be transmitted to the Establishment via the contact information delineated infra.

VIII. TRANSBORDER DATA TRANSFERS

It is hereby stipulated that the Data Subject’s personal data may, under specific circumstances, be processed outside the territorial jurisdiction of the European Economic Area (EEA). In all such instances, the Establishment affirms its unwavering commitment to ensuring scrupulous adherence to all applicable regulations and the deployment of industry-best-practice data security mechanisms.

IX. AMENDMENTS TO THIS STATEMENT

The Establishment reserves the right to effectuate periodic modifications to this Statement to ensure its continuing alignment with prevailing legal standards and enhancements to its service offerings. The Data Subject is strongly encouraged to undertake regular reviews of this Statement to remain fully apprised of any and all revisions.

X. POINTS OF CONTACT

Inquiries, clarifications, or expressions of concern pertaining to this Privacy Disclosure Statement may be directed to the following points of contact:

DrStemCellsThailand‘s Anti-Aging and Regenerative Medicine Center of Thailand
Bangkok, Thailand
Electronic Mail: [email protected]
Telephonic Contact: +66 98-828-1773

By continuing to access or utilize this digital interface, the Data Subject acknowledges and affirmatively attests to their comprehension of, and unqualified agreement with, the terms and conditions as set forth in this Privacy Disclosure Statement.