We're Winnergy Medical Public Company Limited and its subsidiary In this customer privacy notice ("Privacy Notice"), we call ourselves "we", "us" or "Company". We are committed to protecting your privacy. We want you to understand how we use personal data, and this Privacy Notice explains the way in which we collect, use, or disclose your personal data.

This Privacy Notice applies to personal data that is processed by us, including personal data collected through our customers' orders or services via online or offline channels, our websites, mobile applications and social networking pages/accounts, online communication channels and marketing you've signed up for, research, and other locations and our interactions with you where we collect your personal data.

This privacy notice does not apply to the processing of personal data by dealers, retail agents, suppliers including a personal and/or any stores which are independent business owners and independent data controllers. As a result, each dealer, retail agent, supplier including a personal and/or any store which are independent business owners is responsible for its own data protection compliance. Please contact them directly

Personal data means any data about you which can directly or indirectly identify you in accordance with Personal Data Protection Act. We may collect or obtain the following types of information which may include your personal data directly from you or indirectly from other sources, including through other companies, our affiliates Group of Companies, our business partners (including but not limited to vendors, research agencies, analytics service providers, survey agencies, marketing, advertising media, and communications agencies, payment service providers, and data analytics entities). The specific type of data collected will depend on the context of your interactions with us, and the services or transactions you need from or have with us.

  • Personal details, such as name, surname, age, gender, date of birth, occupation, place of work, national identification (ID) card details, driving license details, passport details, digital signature, picture/video via CCTV, and voice records;
  • Contact details, such as postal address, home/work address, postcode, billing address, telephone number(s), fax number, email address, contact information to return calls or answer/respond to customers' requests or inquiries, social media contact details, including your contact person detail such as telephone number, and contact data on other correspondence (e.g. written communication with you);
  • Order details, such as preferred language, order history, payment ID, order ID, order number, tracking ID, customer ID, user ID, tracking number, order date, delivery date, order source, order status, address type, landmark, special instruction, receipt information (e.g. date, and time of purchase);
  • Delivery details, such as customer profile (e.g. name, surname, phone numbers, address, email, date of birth), delivery details, location and direction to the given address, customer payment ID, order history;
  • Account details, such as username, password, creation date, name of account creator, profile details;
  • Financial details, such as bank account number, debit/credit card or relevant bank information, credit card type, name of card, expiry date, payment type and mode, and payment information and details including refunds, declined payments, and excess charges;
  • Social media account and details, such as Facebook, Instagram, Tik Tok, YouTube, LINE account, Google, Twitter, websites (for example, websites such as Pantip and your other accounts from social networking sites), and any data obtained from these details for customer monitoring. When you interact with our services through various social media networks, such as when you “Like” us on Facebook or when you follow us or share our content on Facebook, Twitter, Snapchat, LinkedIn, Instagram or other social networks, we may receive some information about you that you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network;
  • Marketing and communication details, such as your preference in receiving marketing from us, and your communication preferences, rating and feedback;
  • Feedback, such as survey responses and results, advice, inquiries, claims, complaints, comments, feedback, experiences, requests, recommendations, and date and time information were given/provided;
  • Sensitive Personal Data such as nationality, religious belief, sexual behavior, biometric information (e.g., fingerprints, facial recognition), health data, genetic information, medical certificates, and any other sensitive personal data related to the filling of or providing evidence for complaints, or any others information in accordance with Personal Data Protection Commission announced as well.

We also collect other information, such as internet browsing behavior and cookies (please see the Company's Cookies Policy), browsing type, browsing language, IP address, web page viewed and links clicked, your purchasing behavior and data supplied through the use of our products and services, and/or digital footfall/footprint. If it is possible to combine any information with your personal information, or if other information is used to build a profile of an individual, we will treat such other information and combined information as personal data.

We will only collect, use, or disclose sensitive personal data on the basis of your explicit consent or where permitted by law.

In some cases, we may use a third-party payment service to process certain parts of our services. In these cases, your personal data may be collected by this third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Notice. We have no control over, and are not responsible for, this third party’s use or disclosure of your Personal Information.

Our services may include hyperlinks to, or include on or in connection with the service (e.g. websites), locations, applications or services operated by third parties which may use their own cookies, web beacons, and other tracking technology to independently collect information about you and may solicit personal data from you.

We process your personal data in accordance with the law. We generally seek to obtain your consent before processing your personal data, and will process your personal data in accordance with such consent, and in accordance with the provisions of this Privacy Notice. However, in the event that we can use a lawful basis other than consent to process your personal data, we may process your personal data where one or more of the following legal bases are applicable:

  1. contractual basis, for our performance of services or transactions to you;
  2. legal obligation, for the fulfilment of our legal obligations;
  3. legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties;
  4. vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or
  5. public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities or duties.

We may collect, use, or disclose your personal data for, amongst others, the following purposes:

  • To provide services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services; to complete financial transactions and services related to the payments including transaction checks, verification, and cancellation or voiding; to process your orders, delivery and confirmation, and collections and refunds; to provide updates on the delivery of the products; to provide after sale support such as handling complaints, requests, feedback, and follow up on customer initiated contact; to improve product and service quality. We see good customer service as a necessary part of the customer experience;
  • Promotions, special offers, loyalty programs, prize draws, and other offers/promotions: To allow you to participate in promotions, special offers, loyalty programs, prize draws, and other offers/promotions, events and collaborative/partnership events, and all related advertising services. We may use your personal data to promote our delicious recipes and let you know about our marketing, communications, sales, notices, news, and information about other products and services including advertising services and rewards, from our business partners. This includes to process and administer your account registration, event registration; to process points earning, and redemption, of points/loyalty rewards; to examine your entire user history, both online and offline; to provide and issue coupons, gift vouchers, and invoices; all other relevant marketing communication via agencies;
  • Recommendations and Personalization: We store information about your preferences, like whether you've decided to opt-in to marketing communications and what types of products you seem to be interested in to further our interest in providing you the most relevant advertising and recommend you the products and services that might be of interest, and personalize your experience. We also use social media services to show you advertising and special offers via social media, which, in some cases, will be targeted to you based on your interests and online browsing (including our website);
  • Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
  • To manage our relationship with you: To communicate with you in relation to the services you obtain from us, and from our business partners; to handle customer service-related queries; requests, feedback, complaints, conveniences, claims, disputes or indemnity including monitoring of the customer experience processes; to provide technical assistance and deal with technical issues; to process and update your information as our member; to facilitate your use of the services;
  • Data analytics: To measure your engagement with the products and services, undertake data analytics, market research, surveys, assessments, to know you better, improve business performance within our Company, including our business partners, better adapt our services and content to the identified preferences of our customers, determine the effectiveness of our promotional campaigns, identify and resolve of issues with existing products and services, and develop qualitative information;
  • Functioning of our sites, mobile application, and platform: To administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to log in and access our available systems and provide technical assistance;
  • IT Management: For our own business management purposes, including for our IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
  • Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities' orders which may include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe that we are legally required to do so, and when disclosing your personal data is strictly necessary to comply with the said legal obligations, proceedings, or government orders;
  • Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so; for example, to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to prevent or suppress a danger to a person’s life, body, or health; to secure the compliance of our terms and conditions; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation; and
  • Corporate transactions: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction.

Where we need to collect your personal data as required by law, or for entering into or performing the contract we have with you and you fail to provide that data when requested, we may not be able to fulfil the relevant purposes as listed above.

Where consent is required for certain activities of collection, use or disclosure of your personal data, we will request and obtain your consent for such activities separately.

Notwithstanding the generality of the purposes listed above, the following table sets out how we may process your Personal Data, and the lawful bases upon which such processing may be done. We emphasis that the table below is non-exhaustive. Depending on the exact circumstances at hand, there may be other purposes and/or legal bases for the processing of your personal data that are not listed in the table below.

Category of personal information

How we may use it

Legal basis for the processing

a) Profile information such as your name, phone number, birth date and profile picture.

We may use this information to set up and authenticate your account on the service.

The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you.

We may use this information to communicate with you, including sending service- related communications.

The processing is necessary for the performance of a contract with you.

We may use this information to send you marketing communication in accordance with your preferences.

We will only use your personal information in this way to the extent you have given us consent to do so.

We may use this information to deal with enquiries and complaints made by or about you relating to the service.

The processing is necessary for our legitimate interests, namely administering the service, and for communicating with you effectively to responds to you queries or complaints.

We may use this information to verify the user.

The processing is necessary for legal obligation to verify the user.

b) Payment and transaction information including payment information (such as your credit or debit card detail or your bank account details), and time, date and value of transaction.

We use this information to facilitate transactions and provide you with the service.

The processing is necessary for the performance of a contract with you.

We use this information to provide customer support.

The processing is necessary for the performance of a contract with you.

We use this information to detect and prevent fraud.

The processing is necessary for our legitimate interests, namely the deletion and prevention of fraud.

c) Location and Date

We use GPS technology to determine your current location in order to provide you with relevant content and to show where you have made such content.

The processing is necessary for our legitimate interests, namely administering the service.

We will only use your personal information in this way to the extent you have given us consent to do so.

d) Comment, chat and opinions

When you contact us directly (e.g. by email, phone, mail or by completing an online form or participating in online chat, we may record your comments and opinions.

The processing is necessary for our legitimate interests, namely to respond to your question or comment, to evaluate and improve our products and services and to inform our marketing and advertising.

e) Information received from third parties, such as social networks. If you interact with the service through a social network such as your name, profile information, and any other information you permit the social network to share with third parties. The data we receive is dependent on your privacy setting with the social network.

We may use this information to authenticate you and allow you to access the service.

The processing is necessary for the performance of a contract with you.

We may use this information tailor the way this is displayed to you (such as the language in which it is presented to you).

The processing is necessary for our legitimate interests, namely tailoring the service so that it is more relevant to our users.

f) Usage information, such as the time for which you use our products, your results when you use our products, any issues experienced when you use our products and any other information generated by the products about how you use our products

We may use this information to analyze how the service perform, to fix issues with the service, to improve the service and develop new products and services.

The processing is necessary for our legitimate interests, namely improving our products and service, dealing with any errors in our products and services and developing new products and service.

We may use this information to develop new products and feature available through the or otherwise improve the service.

The processing is necessary for our legitimate interests, namely developing and improving the service.

g) All personal information set out above at rows a) – f)

We may use all the personal information we collect to operate, maintain and provide to you the feature and functionally of the service, to communicate with you, to monitor and improve the service and business, and to help us develop new products and services.

The processing is necessary for our legitimate interests, namely administer and improving the service.

h) Information about how you access and use the service. For example, how frequently you access the service, the time you access the service and how long you access the service from, whether you access the service from multiple devices, and other actions you take on the service.

We may use the information about how you use and connect to the service to present the service to you on your device.

The processing is necessary for our legitimate interests, namely too tailor the service to the user.

We may use this information to determine products and service that may be of interest to you for marketing purposes.

The processing is necessary for our legitimate interests, namely to inform our direct marketing.

We may use this information to monitor and improve the service and business, resolve issue and to inform the development of new products and services.

The processing is necessary for our legitimate interests, namely to monitor and resolve issue with the service and to improve the service generally.

i) Log files and information about your device. We also collect information about the tablet, smartphone, or other electronic device you use to connect to the service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the service through the device, you mobile network, your IP address and your device’s telephone number (if it has one) .

We may use this information about how you use and connect to the service to present the service to you on your device.

The processing is necessary for our legitimate interest, namely to tailor the service to the user.

We may use this information to determine products and service that may be of interest to you for marketing purposes.

The processing is necessary for our legitimate interest, namely to inform our direct marketing.

We may use this information to monitor and improve the service and business, fraud prevention and detection, resolve issue and to inform the development of new products and services.

The processing is necessary for our legitimate interest, namely to monitor and resolve issue with the service and to improve the service generally.

We may retain this information to comply with legal obligation under applicable laws.

The processing is necessary for legal obligation to retain the log data.

We may have to share your personal data with other parties for all the reasons described above, such as our affiliates, Group of Companies, our business partners, and third party service providers engaged by us (e.g., IT service providers, logistic service providers, campaign and event organizers, data storage and cloud service providers).

In some cases, we may need to disclose your personal data to any government authority, law enforcement agency, court, regulator, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individual’s personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

We may transfer your personal data outside of Thailand, such as when we store your personal data on cloud platforms or servers located outside Thailand for IT system support. Some recipients of your personal data may be located in countries which may not have been declared as having an adequate data protection standard by the Personal Data Protection Committee under the Thai Personal Data Protection Act B.E. 2562.

When it is necessary to transfer your personal data to a third country with a level of data protection standards lower than in Thailand, we will ensure an adequate degree of protection is afforded to the transferred personal data, or that the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred personal data that such data will be protected by data protection standards which are equivalent to those required in Thailand.

If you wish to seek further information about how we protect your personal data when it is transferred outside Thailand, please contact us at the address in “Our Contact Details” section below.

We retain your personal data for as long as it is reasonably necessary to fulfil the purposes for which we obtained it for and to comply with our legal and regulatory obligations. We may need to retain your personal data for a longer duration, as required and/or permitted by applicable law.

The rights listed in this section are your legal rights, where you may request to exercise these rights under the conditions prescribed by law and our right management procedures. These rights are as follows:

  • To request access, obtain a copy of your personal data, or for the disclosure of the acquisition of your personal data that is obtained without your consent;
  • To have your personal data corrected, if it is inaccurate or not up to date;
  • To have your personal data erased, destroyed, or anonymized;
  • To request us to provide your personal data in a structured, commonly used and machine-readable format, and transmit it to another organization;
  • To object us or restrict us from collecting, using, or disclosing your personal data;
  • To withdraw consent for collection, use, or disclosure of your personal data that is based on your consent at any time.

To exercise any of these rights in this section, you may contact us at the address in “Our Contact Details” section below.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request; for example, due to our legal obligation or a court order. If we decline your request, we will notify you of our reason.

If you believe our collection, use or, disclosure of your personal data is in violation of the applicable data protection law, you have the right to lodge a complaint to the competent data protection authority, where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

We only collect the Personal data of minors, quasi-incompetent persons, and incompetent persons where their parents or guardians have given their consent. We do not knowingly collect information from minors (i.e., customers under the age of 20) without their parental consent or legal guardian’s consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. In the event we learn that we have unintentionally collected personal information from minors without parental consent or legal guardian’s consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent, we will delete it in a timely manner or process it only if we can rely on other legal bases apart from consent.

By using our Services, you represent and warrant that you have the legal capacity required for using our Services. If you are a minor, quasi-incompetent person, or incompetent person you represent and warrant that you are using our Services with the consent of your parents or guardian. We may impose restrictions on certain Services in cases where we are unable to confirm that you are of a certain age.

If you believe that we have collected Personal Data from a minor, quasi-incompetent person, or incompetent person, without the consent of the parent and/or guardian, please let us know via the Data Subject Rights Request Form. If we have inadvertently collected Personal Data without the requisite legal consent, we will deactivate the relevant Account(s) and will take reasonable measures to stop processing such Personal Data and/or to promptly delete such Personal Data from our records.

We may amend or update this Privacy Notice from time to time as our data protection practices change due to various reasons, such as technological changes, changes in law, etc. The amendments or updates to this Privacy Notice will be effective upon being published by us on https://www.winmed.com/en/privacy-policy

If you have any questions about our practices or activities relating to your personal data, you can contact us per the details below. We will be happy to help with requests for information, suggestions, or complaints:

Data Protection Officer: DPO

Winnergy Medical Public Company Limited, Address No. 634/4 Soi Ramkhamhaeng 39 (Theplila 1) Pracha Uthit Road, Wang Thong Lang Sub-District, Wang Thong Lang District, Bangkok, Thailand 10310