Navella Anti-aging & Wellness (hereinafter referred to as the “Clinic” or “we”, as the case may be) is the company that is accredited to international standards with various specialists for medical treatments. We are a website and application platform provider who conducts services to facilitate website visitors and our patients. This privacy notice (the “Notice”) will cover these following websites: www.navellawellness.com
(hereinafter referred to as the “Website”), and the application named “Navella” (hereinafter referred to as the “Application”)
We are deeply aware of the importance of protecting personal data and right to privacy of yours as you are the user of the Website and Application, (hereinafter referred to as “User” or “you”). We, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), we therefore announce this Privacy Notice (the “Notice“) to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the Clinic.
We ensure that your personal data will be secured by a stringent security standard throughout the processing procedure. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.
“Personal Data” refers to any information that identifies or can be used to identify you, which is collected by the Clinic as specified in this Notice.
“Sensitive Data” refers to Personal Data classified as sensitive data under the Personal PDPA that the Clinic is permitted to collect, use, disclose and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.
- Personal Data Collected, Used and/or Disclosed by the Clinic
We will collect, use, and/or disclose your Personal Data which includes, but is not limited to, the following:
2.1 General Personal Data
1) Personal information, e.g., title, first name, middle name, last name, date of birth, gender, nationality, photograph, country of residence, Clinic number, national ID card number, and passport number.
2) Contact information, e.g., address, mobile phone number, home phone number, and email address.
3) Personal information for access of accounts (such as Line, Facebook, and WhatsApp), e.g., username and password.
4) Financial information, e.g., bank account, credit or debit card information.
5) Information relating to patient treatments which may include Sensitive Data, e.g., health data, data about illnesses to be consulted, disabilities, medication, drug allergy, health-related reports, laboratory test results, and diagnoses, photos, and videos for service operations.
We also collect your Personal Data from your registration and log-ins through third-party platforms such as Google, Facebook, Twitter and Apple. We may receive your additional Personal Data through these platforms as they are capable of verifying the authenticity of your identity and providing you with the option to disclose your certain Personal Data, e.g., your name, email address and social media accounts, to the Clinic if you have authorized their platforms to share your Personal Data with us.
2.2 Automatically Collected Data
We may automatically collect information about your use of service, e.g., access time, device ID, or other unique identifiers, IP address, mac address, overall usage data, usage history, settings, language information, device name and model, location and time zone, network provider, operating system information, and session length.
3. Source of Your Personal Data
We will receive your Personal Data from the main channels as follows:
3.1 From the process of creating a user account through registration via the Clinic’s Website or Application; and
3.2 From the Personal Data you voluntarily release to us to request our services, whether through filling out a service request form at the Clinic, contacting via social media accounts, phone calls, or other forms filled out through the Clinic’s Website and Application such as appointment forms, inquiry forms, product purchase or service request forms, and news subscription forms.
We may receive your Personal Data from other sources, e.g., your family members, intimate persons, or any other third party assigned by you to register and complete your service request form. We may also receive your Personal Data from the Clinics, representatives, or alliances that refer or introduce you to receive our services.
4. Purposes and Legal Bases
4.1 We will process your Personal Data based on legal bases as provided below:
1) We rely on contractual obligations to process your Personal Data, for instance:
- a) consider registration requests to create user accounts on the Website and Application;
- b) verify your identity when registering to create an account on the Website and Application;
- c) register new patients into the Clinic’s information system;
- d) proceed with the registration of service with the Clinic through online platforms such as Booking an Appointment, Pre-registration, Telemedicine, Tele-Consultation with Doctor, Refill Medicine and Healthcare at home;
- e) assist you in buying products and services from the Clinic through online platforms such as purchasing vouchers for health check-up programs and other medical treatment programs;
- f) collect payment for products and services, e.g., service packages, purchased products, etc. through the Website;
- g) estimate the cost of medical treatment and the service fee for consulting with a doctor; and
- h) facilitate the processing of hotel reservations in the vicinity of the Clinic.
2 We rely on legal obligations to process your Personal Data, for instance:
1) comply with the applicable laws to achieve the objectives relating to medical diagnosis, health services, medical treatment, compliance with professional ethics, health management, insurance proceedings, and welfare with regard to medical treatment for those who are legally entitled;
2) submit Personal Data to government agencies as required by law;
3) comply with court orders or orders of competent authorities as required by law;
4) pay legal fees; and
5) establish and exercise legal claim as permitted by law.
4.3 We rely on legitimate interest to process your Personal Data, for instance:
1) facilitate your access to the Website and Application;
2) allow you to access services through the Clinic’s online platforms reserved for members with user accounts;
3) manage bookings and appointments for medical treatments or consulting by a doctor;
4) contact you for service of Telemedicine, Tele-Consultation with Doctor, Refill Medicine, and Healthcare to your home via channels specified by the Clinic;
5) deliver doctor’s appointment notification messages or offer assistance;
6) provide assistance, answer questions, respond to inquiries, and accept the request with regard to services;
7) contact you due to your complaint or comments on the Clinic’s services that you want to improve;
8) track your use of services to improve the quality of the Clinic’s services;
9) develop and improve service quality, increase service efficiency, and facilitate the use of services through the Clinic’s systems to the User and customers;
10) disclose your Personal Data, where it is necessary, to investigate, prevent, or act in reprisal in the event of suspected illegality or fraud, or to safeguard the safety, rights, or property of the Clinic or of another person; and
11) disclose your Personal Data for the purpose of internal auditing.
4.4 In the event that you have given your explicit consent, we will collect, use, disclose and/or transfer your Personal Data for the purposes set forth in each of the following consent:
1) Delivery of news, advertisements, notifications, benefits and promotions of products and services, beneficial campaigns or invitations to the Clinic’s activities via all communication channels that you have provided to the Clinic.
5. Disclosure of Your Personal Data
We will not disclose your Personal Data for purpose other than purposes specified herein, unless having been consented to do so.
The Personal Data that you have provided to us may be transferred outside Thailand and disclosed to our international agents or partners that you have contacted for our services. We will endeavor to ensure that your right to privacy is protected by security protection measures of our standard.
We may disclose your Personal Data to our group companies and affiliates, vendors, business partners, or third parties, e.g., insurance companies, financial institutions, primary doctors, medical professionals, medical specialists, and/or medical practitioners, medical technology clinic, manufacturers or distributors of medicines and medical supplies, embassy, person who handle international travel, customer service provider, marketing, advertising and communication service providers, information system providers, cloud service provider, nearby hotels that are alliance with us, transport service providers, document storage service providers, debt collection service providers, accounting and legal consultants, external auditors, internal auditors, financial auditors, and your family, relatives, intimate persons, agencies or employers. We may proceed any other actions to complete the purposes specified in this Notice in order to benefit our services.
We will endeavor to ensure that these individuals and organizations will process your Personal Data strictly in accordance with this Notice and as permitted by law.
Where it is necessary to disclose your Personal Data in order to comply with the law, court orders, or orders of any governmental or regulatory agency such as the Embassy and Immigration Office, or to relevant agencies in order to verify your Personal Data to prevent fraud or corruption, we reserve the right to do so without your prior consent.
- Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons
In the event that we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them.
If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
If we become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, we will delete or destroy such data from the Clinic’s system immediately.
We may place cookies on your device and use them to automatically collect your Personal Data when you visit the Website.
Cookies are small pieces of data sent from a website that are stored on your computer. They help record the User’s browsing activities conducted on the Clinic’s website, such as preferred languages, list of favorites, most common use, and other settings, to customize the Website to fit your preference and make internet browsing faster and easier.
We reserve the right to place cookies on your devices for the purpose of collecting your Personal Data.
8. Retention Periods and Security Protection Measures
8.1 We will retain your Personal Data for as long as it is necessary to fulfil the purposes specified in this Notice and may retain your Personal Data as long as agreed on in the contract, or in accordance with accounting standard, prescription periods, legal obligations, or establishment or exercise of legal claim as permitted by the law.
8.2 We have provided an examination system for deletion or destruction of Personal Data in the event of the expiration of the retention period, or if such Personal Data is unrelated to or beyond the necessity for the purpose of collecting specified by this Notice.
8.3 We will retain your Personal Data in the form of documents, electronic files, computer systems, or other means with appropriate Personal Data security protection measures against loss, and unauthorized or unlawful access, use, change, modification and disclosure.
8.4 We have limited access of your Personal Data and adopted technology to secure your data from cyber-attacks, unauthorized access to our computer and electronic systems. We further ensure that any processing of your Personal Data by data processors or other third parties will take place under appropriate monitoring.
- User’s Right as the Data Subject
9.1 Under the PDPA you, as the Data Subject, are entitled to
1) Request access to, or copies of, your Personal Data collected, used and disclosed by the Clinic.
2) Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the Clinic reserves the right to charge you a fee, the amount of which is at our discretion.)
3) Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
4) Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
5) Sequester your Personal Data from further use by any method unless the law provides otherwise.
6) Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
7) File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA.
9.2 We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.
9.3 The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.
9.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason accordingly.
- Notifications, Reminders, and Location Settings
The Clinic may deliver a notification or reminder to your device. You can opt out of receiving these messages at any time by setting up notifications on your device or by adjusting the notification settings on the Application or by changing the notification settings on your mobile in the notification setting and in the Application.
- Links To Third Parties
Some of the Clinic’s online services may contain links to third-party applications or websites. Access to and usage of such applications or websites shall be governed by the privacy notice of such third party. We refuse to be held liable to the User if such applications or websites do not comply with or operate in accordance with a third party’s privacy notice.
We reserve the right to alter, adjust, and/or modify this Notice in order to comply with applicable guidelines, laws, and regulations. The amended, adjusted, or modified notice shall be announced to you as soon as it becomes effective. Your use of the service after such amendment, adjustment, or modification is posted shall constitute your acceptance of the new notice.
- Contact Us
Should you wish to exercise any legal rights as specified above or have any questions, concerns, suggestions or complaints with regard to our privacy notice, you can contact us via the following channels: