Privacy Policy

This Privacy Policy hereinafter referred to as the "Policy", first effective on May 1, 2023, with the following details:

Article  1 Definitions

Within this policy

(a) "Website" means a website named eyclinic.com and having a website address at https://www.eyclinic.com
(b) "data controller" means the service provider or owner of the website According to this policy, which is Everskin Medical Co., Ltd., juristic person registration number 0105563072991 The office is located at 152/2-3 Soi Saphan Yao, Si Phraya Road, Si Phraya Subdistrict, Bang Rak District, Bangkok 10500, contact 02-235-9659.
(c) "data processor" means a third party who processes data for the benefit of or on behalf of the data controller;
(d) "Information" means anything that conveys the meaning of facts, information or anything, regardless of whether such communication is possible by its nature or through any means; And whether it is prepared in the form of documents, files, reports, books, plans, maps, drawings, photographs, films, visual or audio recordings. recording by computer by electronic means or any other method to make the recording appear
(e) "personal data" means information about any natural person This makes it possible to identify that person either directly or indirectly.
(f) "Sensitive Personal Data" or "Sensitive Data" means personal data of Users relating to race, ethnicity, political opinion, religious, religious or philosophical beliefs sexual behavior Criminal records, health information, disability, genetics, biometric information, facial, iris or fingerprint information. union information or any other information which the Personal Data Protection Committee has declared to be sensitive personal data under the Personal Data Protection Act.
(g) "User" means you, visitor, user, member of the website. who is the owner of personal data in accordance with this policy

Article  2 Tracking of user behavior on the website

The user acknowledges, consents and agrees that the data controller may use the following systems and/or technologies to track user behavior on the website.
Meta Pixel, Meta Conversion API, Google Analytics API, LINE Tag
This is for the following purposes only.
To develop services and offer products and services to meet the needs of service users.

Article 3 Withdrawal of User Consent

‍The user acknowledges that the user has the right to withdraw any consent. which the user has provided to the data controller according to this policy at any time by doing the following:
not agree

Article 4 Rights of Users

In accessing the website in accordance with this policy and any consent according to this policy Users are well aware of their rights as data subjects in accordance with the Personal Data Protection Law. Including but not limited to the rights of the user as follows
(a) Users are entitled to disclosure from the data controller regarding the acquisition of their personal data or related to them for which they have not given their consent. If there is such a case
(b) Users may have the data controller send or transfer their personal data or related to them to another data controller. This includes obtaining the data sent or transferred directly from the data controller who sent or transferred that data.
(c) Users may object to the collection, use or disclosure of their personal data or those related to them in the following cases:
(1) The data controller collects, uses or discloses the user's personal data for the necessity of the legitimate interests of the data controller or other persons in which the user may prove that he has better rights than the controller. information
(2) The data controller collects, uses or discloses the user's personal data in order to comply with the data controller's laws where the user may prove that he has better rights than the data controller.
(3) The data controller collects, uses or discloses such personal data for direct marketing purposes.
(4) The data controller collects, uses or discloses such personal data for scientific research purposes. historical or statistical studies, where there is no need for research to be carried out in the public interest
(d) Users may require the data controller to delete, destroy or de-identify the data subjects. In the following cases
(1) When personal data is no longer necessary for retention in accordance with the purpose of collection, use or disclosure of such personal data
(2) When a user who is a personal data subject has withdrawn his consent to the collection, use or disclosure of such personal data and the data controller has no other legal power to collect, use or disclose that personal data. longer
(3) When users have lawfully objected to the collection, use or disclosure of such information
(4) When the personal data has been collected, used or disclosed illegally, rules, regulations, and regulations relating to the protection of personal data.
(e) Users may request the data controller to suspend the use of that personal data while retaining it. In the following cases
(1) The data controller is being investigated by an expert committee in accordance with the Personal Data Protection Act against which the User has requested such an investigation.
(2) Personal data has been collected, used or disclosed illegally, rules, regulations, and regulations relating to personal data protection.
(3) In the event that the user has a necessity for the data controller to keep their personal data for the benefit of the user's own claims, such as creating legal claims of the user. Compliance with or exercising legal claims or raising up against legal claims The user may have the data controller simply suspend the use of the data instead of deleting, destroying or de-identifying the data's owner.
(4) The data controller is in the process of verification or examination to deny an objection to the collection, use or dissemination of the user's personal data in accordance with the personal data protection laws that the user has lawfully objected to.
(f) Users may complain to a panel of experts in accordance with the Personal Data Protection Law in case of violation or non-compliance with laws, rules, regulations on the protection of personal data of the data controller.

Article 5 Collection Use and/or disclose personal information in accordance with personal data protection laws.

The user acknowledges and agrees that the data controller may collect, use and/or disclose the user's information without the user's prior consent. However, as necessary and only insofar as it meets the objectives and in the following cases:

(a) to achieve the objectives related to the preparation of historical documents or archives for the public interest; or in relation to studies or statistics which provide appropriate safeguards to protect the rights and freedoms of users' personal data.
(b) to prevent or suppress a danger to the life, body or health of any person;
(c) It is necessary for the performance of the contract to which the user of the personal data is a party or for the purpose of processing the request of the user of the personal data before entering into such contract.
(d) it is necessary for the purpose of performing a duty in the public interest of the data controller or performing a duty in exercising the powers of the state entrusted to the data controller;
(e) it is necessary for the legitimate interests of the data controller or of another person where such interest takes precedence over the user's fundamental rights in personal data;
(f) Compliance with the data controller's laws.
In this regard, the data controller will primarily record the collection, use or disclosure of the user's personal data in accordance with the preceding paragraph.

Article 6 Collection Use and/or disclose sensitive personal data

The user acknowledges and agrees that The data controller may collect Use and/or disclose sensitive personal data of users without prior consent from users. However, as necessary and only insofar as it meets the objectives and in the following cases:
(a) to prevent or suppress danger to life, body or health of users of personal data subjects who are unable to give their consent for any reason
(b) is information publicly available with the explicit consent of the user of that personal information
(c) Necessary for establishment compliance The use or defense of legal claims
(d) it is necessary to comply with the law in order to achieve the objectives relating to
(1) preventive medicine or occupational medicine Assessment of employees' ability to work medical diagnosis Providing health or social services medical treatment health management or systems and services in social work
(2) Public interest in public health, such as health protection from dangerous communicable diseases or epidemics that may be contagious or spread into the Kingdom. or controlling the standard or quality of medicines, medical supplies or medical devices which has provided appropriate and specific measures to protect the rights and liberties of users who own personal data, especially the confidentiality of personal data according to their duties or professional ethics
(3) labor protection social security National Health Insurance Welfare relating to medical treatment of persons with legal rights Car accident victim protection or social protection The collection of personal data of users is necessary to fulfill the rights or obligations of the data controller or the data subject user. It has put in place appropriate measures to protect the fundamental rights and interests of users who own personal data.
(4) scientific research studies history or statistics or other public interests, however, by collecting, using and/or disclosing only as necessary and having provided appropriate measures to protect the fundamental rights and interests of the users who own that personal data as specified by the Protection Committee. Personal information is announced
(5) important public interest It has put in place appropriate measures to protect the fundamental rights and interests of users who own personal data.
In this regard, the data controller will primarily record the collection, use or disclosure of the user's personal data in accordance with the preceding paragraph.

Article 7 Use of the website by persons under the custody, guardianship or guardian of the user

The user warrants that he is not and will not allow any person of the following to visit, use or become a member of the website.
(a) an incompetent person who is under the guardianship of the user
(b) a quasi-incompetent person in the user's custody
In the event that the user consents to the aforementioned person to visit, use or be a member of the website. You agree that you have exercised parental, guardianship or guardianship of such person, as the case may be, in all agreements and consents to this policy for and on behalf of such person.

Article 8 Sending or Transferring Personal Data Overseas

The data controller may send or transfer the user's personal data abroad in the following cases:
(a) The destination country or international organization that receives personal data has adequate personal data protection standards in accordance with laws, rules, regulations on personal data protection.
(b) obtaining consent from the subject of personal data Where the user, the owner of the personal data, has been informed and aware of the inadequate personal data protection standards of the destination country or international organization receiving the data.
(c) Compliance with the law
(d) it is necessary for the performance of a contract to which the user of the personal data subject is a party or for the purpose of processing the request of the user of the personal data subject before entering into the contract;
(e) is the performance of a contract between the data controller and another person for the benefit of the user who owns that personal data
(f) to prevent or suppress a danger to life, body or health of the user, the subject of such personal data or any person; When the subject of personal data is unable to give consent at that time
(g) It is necessary for the performance of important public interest missions.

Article 9 Notification of personal data breach

In the event that the data controller becomes aware of a personal data breach, irrespective of the breach by any person. The data controller will do the following:
(a) where there is a risk of affecting the rights or liberties of any person; The data controller will report such personal data breach to the Office of the Personal Data Protection Commission. without delay as much as can be done within 72 (seventy-two) hours from the date of knowledge of the incident
(b) where there is a risk of having a high impact on the rights or liberties of any person The data controller will notify the incident of such personal data breach and remedies to the Office of the Personal Data Protection Commission and to the users of such personal data. without delay as much as can be done within 72 (seventy-two) hours from the date of knowledge of the incident

Article 10 Complaints and Reports of Problems with Personal Data

Users may complain and report issues with their personal information. including but not limited to requesting the data controller to update and/or correct the information; objection to data collection or suspend the use of information at the following channels 02-235-9659

Article 11 Recording important items

Unless the Personal Data Protection Law stipulates the data controller's rights otherwise. The data controller will record important items regarding storage. The use or disclosure of information in writing or electronic systems for verification by the user, the owner of the information or from the government agency. including but not limited to the following items
(a) Personal Data Collected
(b) Purpose of collection of each type of Personal Data
(c) Information about the data controller
(d) Period of retention of personal data
(e) Rights and means of access to personal data including conditions relating to persons who have access to personal data and conditions for accessing such personal data
(f) Collection, use or disclosure of personal data that is exempt from the consent of the data subject user.
(g) Rejection of requests and objections.
(h) details about security measures in personal data

Article 12 Amendments to the Policy

The data controller may amend and change the text of this policy. at any time and whether in whole or in part The data controller will notify the user of changes from time to time so that the user can consider and take action to accept them by electronic means or by any other means. And if the user has already taken steps to accept it, such amended policy shall be deemed to be part of this policy.
In addition, users may access the latest revised and amended Privacy Policy from the sources provided by the data controller through the following channels: https://www.eyclinic.com/privacypolicy

Article 13 Relationship of the Parties

Whereas both parties understand and know that Entering into this policy does not make the parties and their employees have any relationship as employees under the labor law or partners under the partnership and company law in any way.

Article 14 Transfer of Rights

Unless expressly stated otherwise in this policy. The parties agree not to transfer their rights, duties and/or liabilities under this Policy to any person without the prior written consent of the other party.

Article 15 Waiver

The data controller's failure to exercise or delay the right in any matter or at any time It shall not be deemed that the data controller has waived its rights in such matters. and the data controller exercising his rights only in part or waiving rights in any matter or at any time It shall not be considered a waiver of rights in other matters or at other times as well.

Article 16 Separation of the Policy

If any statement or term in this policy is invalid, invalid or unenforceable, For whatever reason, the parties agree that the text and other agreements Any invalid, invalid or unenforceable portion of this Policy remains valid and binding on the parties as if no void, invalid or unenforceable part is contained in this Policy.

Article 17 Governing Law

This policy shall be governed by the laws of Thailand.

Article 18 Dispute Resolution

If there is a dispute any conflict Occurs as a result of this policy. If the parties are unable to agree The parties agree to bring such dispute to court in Thailand.