We're Winnergy Medical Public Company Limited and its subsidiary In this customer privacy notice ("Privacy Notice"), we call ourselves "we", "us" or "Company". We are committed to protecting your privacy. We want you to understand how we use personal data, and this Privacy Notice explains the way in which we collect, use, or disclose your personal data.
This Privacy Notice applies to personal data that is processed by us, including personal data collected through our customers' orders or services via online or offline channels, our websites, mobile applications and social networking pages/accounts, online communication channels and marketing you've signed up for, research, and other locations and our interactions with you where we collect your personal data.
This privacy notice does not apply to the processing of personal data by dealers, retail agents, suppliers including a personal and/or any stores which are independent business owners and independent data controllers. As a result, each dealer, retail agent, supplier including a personal and/or any store which are independent business owners is responsible for its own data protection compliance. Please contact them directly
Personal data means any data about you which can directly or indirectly identify you in accordance with Personal Data Protection Act. We may collect or obtain the following types of information which may include your personal data directly from you or indirectly from other sources, including through other companies, our affiliates Group of Companies, our business partners (including but not limited to vendors, research agencies, analytics service providers, survey agencies, marketing, advertising media, and communications agencies, payment service providers, and data analytics entities). The specific type of data collected will depend on the context of your interactions with us, and the services or transactions you need from or have with us.
We also collect other information, such as internet browsing behavior and cookies (please see the Company's Cookies Policy), browsing type, browsing language, IP address, web page viewed and links clicked, your purchasing behavior and data supplied through the use of our products and services, and/or digital footfall/footprint. If it is possible to combine any information with your personal information, or if other information is used to build a profile of an individual, we will treat such other information and combined information as personal data.
We will only collect, use, or disclose sensitive personal data on the basis of your explicit consent or where permitted by law.
In some cases, we may use a third-party payment service to process certain parts of our services. In these cases, your personal data may be collected by this third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Notice. We have no control over, and are not responsible for, this third party’s use or disclosure of your Personal Information.
Our services may include hyperlinks to, or include on or in connection with the service (e.g. websites), locations, applications or services operated by third parties which may use their own cookies, web beacons, and other tracking technology to independently collect information about you and may solicit personal data from you.
We process your personal data in accordance with the law. We generally seek to obtain your consent before processing your personal data, and will process your personal data in accordance with such consent, and in accordance with the provisions of this Privacy Notice. However, in the event that we can use a lawful basis other than consent to process your personal data, we may process your personal data where one or more of the following legal bases are applicable:
We may collect, use, or disclose your personal data for, amongst others, the following purposes:
Where we need to collect your personal data as required by law, or for entering into or performing the contract we have with you and you fail to provide that data when requested, we may not be able to fulfil the relevant purposes as listed above.
Where consent is required for certain activities of collection, use or disclosure of your personal data, we will request and obtain your consent for such activities separately.
Notwithstanding the generality of the purposes listed above, the following table sets out how we may process your Personal Data, and the lawful bases upon which such processing may be done. We emphasis that the table below is non-exhaustive. Depending on the exact circumstances at hand, there may be other purposes and/or legal bases for the processing of your personal data that are not listed in the table below.
Category of personal information |
How we may use it |
Legal basis for the processing |
a) Profile information such as your name, phone number, birth date and profile picture. |
We may use this information to set up and authenticate your account on the service. |
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you. |
We may use this information to communicate with you, including sending service- related communications. |
The processing is necessary for the performance of a contract with you. |
|
We may use this information to send you marketing communication in accordance with your preferences. |
We will only use your personal information in this way to the extent you have given us consent to do so. |
|
We may use this information to deal with enquiries and complaints made by or about you relating to the service. |
The processing is necessary for our legitimate interests, namely administering the service, and for communicating with you effectively to responds to you queries or complaints. |
|
We may use this information to verify the user. |
The processing is necessary for legal obligation to verify the user. |
|
b) Payment and transaction information including payment information (such as your credit or debit card detail or your bank account details), and time, date and value of transaction. |
We use this information to facilitate transactions and provide you with the service. |
The processing is necessary for the performance of a contract with you. |
We use this information to provide customer support. |
The processing is necessary for the performance of a contract with you. |
|
We use this information to detect and prevent fraud. |
The processing is necessary for our legitimate interests, namely the deletion and prevention of fraud. |
|
c) Location and Date |
We use GPS technology to determine your current location in order to provide you with relevant content and to show where you have made such content. |
The processing is necessary for our legitimate interests, namely administering the service. |
We will only use your personal information in this way to the extent you have given us consent to do so. |
||
d) Comment, chat and opinions |
When you contact us directly (e.g. by email, phone, mail or by completing an online form or participating in online chat, we may record your comments and opinions. |
The processing is necessary for our legitimate interests, namely to respond to your question or comment, to evaluate and improve our products and services and to inform our marketing and advertising. |
e) Information received from third parties, such as social networks. If you interact with the service through a social network such as your name, profile information, and any other information you permit the social network to share with third parties. The data we receive is dependent on your privacy setting with the social network. |
We may use this information to authenticate you and allow you to access the service. |
The processing is necessary for the performance of a contract with you. |
We may use this information tailor the way this is displayed to you (such as the language in which it is presented to you). |
The processing is necessary for our legitimate interests, namely tailoring the service so that it is more relevant to our users. |
|
f) Usage information, such as the time for which you use our products, your results when you use our products, any issues experienced when you use our products and any other information generated by the products about how you use our products |
We may use this information to analyze how the service perform, to fix issues with the service, to improve the service and develop new products and services. |
The processing is necessary for our legitimate interests, namely improving our products and service, dealing with any errors in our products and services and developing new products and service. |
We may use this information to develop new products and feature available through the or otherwise improve the service. |
The processing is necessary for our legitimate interests, namely developing and improving the service. |
|
g) All personal information set out above at rows a) – f) |
We may use all the personal information we collect to operate, maintain and provide to you the feature and functionally of the service, to communicate with you, to monitor and improve the service and business, and to help us develop new products and services. |
The processing is necessary for our legitimate interests, namely administer and improving the service. |
h) Information about how you access and use the service. For example, how frequently you access the service, the time you access the service and how long you access the service from, whether you access the service from multiple devices, and other actions you take on the service. |
We may use the information about how you use and connect to the service to present the service to you on your device. |
The processing is necessary for our legitimate interests, namely too tailor the service to the user. |
We may use this information to determine products and service that may be of interest to you for marketing purposes. |
The processing is necessary for our legitimate interests, namely to inform our direct marketing. |
|
We may use this information to monitor and improve the service and business, resolve issue and to inform the development of new products and services. |
The processing is necessary for our legitimate interests, namely to monitor and resolve issue with the service and to improve the service generally. |
|
i) Log files and information about your device. We also collect information about the tablet, smartphone, or other electronic device you use to connect to the service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the service through the device, you mobile network, your IP address and your device’s telephone number (if it has one) . |
We may use this information about how you use and connect to the service to present the service to you on your device. |
The processing is necessary for our legitimate interest, namely to tailor the service to the user. |
We may use this information to determine products and service that may be of interest to you for marketing purposes. |
The processing is necessary for our legitimate interest, namely to inform our direct marketing. |
|
We may use this information to monitor and improve the service and business, fraud prevention and detection, resolve issue and to inform the development of new products and services. |
The processing is necessary for our legitimate interest, namely to monitor and resolve issue with the service and to improve the service generally. |
|
We may retain this information to comply with legal obligation under applicable laws. |
The processing is necessary for legal obligation to retain the log data. |
We may have to share your personal data with other parties for all the reasons described above, such as our affiliates, Group of Companies, our business partners, and third party service providers engaged by us (e.g., IT service providers, logistic service providers, campaign and event organizers, data storage and cloud service providers).
In some cases, we may need to disclose your personal data to any government authority, law enforcement agency, court, regulator, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individual’s personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
We may transfer your personal data outside of Thailand, such as when we store your personal data on cloud platforms or servers located outside Thailand for IT system support. Some recipients of your personal data may be located in countries which may not have been declared as having an adequate data protection standard by the Personal Data Protection Committee under the Thai Personal Data Protection Act B.E. 2562.
When it is necessary to transfer your personal data to a third country with a level of data protection standards lower than in Thailand, we will ensure an adequate degree of protection is afforded to the transferred personal data, or that the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred personal data that such data will be protected by data protection standards which are equivalent to those required in Thailand.
If you wish to seek further information about how we protect your personal data when it is transferred outside Thailand, please contact us at the address in “Our Contact Details” section below.
We retain your personal data for as long as it is reasonably necessary to fulfil the purposes for which we obtained it for and to comply with our legal and regulatory obligations. We may need to retain your personal data for a longer duration, as required and/or permitted by applicable law.
The rights listed in this section are your legal rights, where you may request to exercise these rights under the conditions prescribed by law and our right management procedures. These rights are as follows:
To exercise any of these rights in this section, you may contact us at the address in “Our Contact Details” section below.
Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request; for example, due to our legal obligation or a court order. If we decline your request, we will notify you of our reason.
If you believe our collection, use or, disclosure of your personal data is in violation of the applicable data protection law, you have the right to lodge a complaint to the competent data protection authority, where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.
We only collect the Personal data of minors, quasi-incompetent persons, and incompetent persons where their parents or guardians have given their consent. We do not knowingly collect information from minors (i.e., customers under the age of 20) without their parental consent or legal guardian’s consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. In the event we learn that we have unintentionally collected personal information from minors without parental consent or legal guardian’s consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent, we will delete it in a timely manner or process it only if we can rely on other legal bases apart from consent.
By using our Services, you represent and warrant that you have the legal capacity required for using our Services. If you are a minor, quasi-incompetent person, or incompetent person you represent and warrant that you are using our Services with the consent of your parents or guardian. We may impose restrictions on certain Services in cases where we are unable to confirm that you are of a certain age.
If you believe that we have collected Personal Data from a minor, quasi-incompetent person, or incompetent person, without the consent of the parent and/or guardian, please let us know via the Data Subject Rights Request Form. If we have inadvertently collected Personal Data without the requisite legal consent, we will deactivate the relevant Account(s) and will take reasonable measures to stop processing such Personal Data and/or to promptly delete such Personal Data from our records.
We may amend or update this Privacy Notice from time to time as our data protection practices change due to various reasons, such as technological changes, changes in law, etc. The amendments or updates to this Privacy Notice will be effective upon being published by us on https://www.winmed.com/en/privacy-policy
If you have any questions about our practices or activities relating to your personal data, you can contact us per the details below. We will be happy to help with requests for information, suggestions, or complaints:
Data Protection Officer: DPO
Winnergy Medical Public Company Limited, Address No. 634/4 Soi Ramkhamhaeng 39 (Theplila 1) Pracha Uthit Road, Wang Thong Lang Sub-District, Wang Thong Lang District, Bangkok, Thailand 10310