Klaire Medical Center


Home Privacy Policy

Privacy Policy 


M.D. Health and Beauty Co., Ltd.

M.D. Health and Beauty Co., Ltd. (“the company”) has created this Privacy Policy (“Policy”)  to protect the privacy of the company’s clients.

Types of personal data

    • Personal data means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular. The personal data are listed as follows:
      • General personal data means personal information, contact information, accessories/devices information, registration numbers that identify the specific ownership, and including information or anything that is presented in the form of documents, files, reports, books, diagrams, drawings, photos, video recordings or sound recordings via electronic devices, or any other mean that will present the recorded contents relevant to personal information that enables the identification of a person.
      • Sensitive personal data means personal data relating to race, ethnicity, sexual behavior, criminal history, health information (medical history, blood test result, medical examination result), disability, genetic data, biometric data, facial, retinal, or fingerprint recognition, or any other information that Personal Data Protection Committee prescribed and classified as sensitive personal data under personal data protection laws.


Purposes of collection, use, or disclosure of personal data

    • To provide suitable services for users’ needs. The company will use users’ personal data to provide services that satisfy the users’ contractual purposes or respond to the users’ requests as follows:
      • The services such as examination and treatment, medical and nursing services.
      • Any operation relating to the services such as patient registration, appointment, laboratory examination, medicine or supplement prescription, product delivery.
    • To comply with legal obligations obligations in compliance with the relevant laws, i.e., securities and exchange laws, tax laws, anti-money laundering laws, computer laws, and bankruptcy law. The company collects, uses, and discloses personal data such as patient information, etc. Additionally, the company has the responsibility to follow the orders of agencies or legal authorities. The company may also need to cooperate with relevant foreign agencies in providing information.
    • For legitimate interests  of the company, other persons or legal persons such as
      • The security measures. The company records CCTV at the entrances and areas within the company.
      • Customer relations include providing services to users, complaint management, satisfactory assessment, user attendance by the company’s staff, and occasional communication or presentation of the services that are beneficial to users.
      • The risk management, supervision, internal organization, and prevention of illegal conduct such as corruption, cyberbullying, money laundering, and other laws.
      • The personal data safety measures such as data anonymization.
    • For business purposes. The company collects personal information for data retention, statistical analysis of data, or the company’s publicity such as video or sound recordings, etc.
    • For the benefit of users when using products and services that the users have consented such as to provide users with better services more suitable for the users’ needs, to provide the users with offers, special privileges, suggestions, and news, including opportunities to join special activities, etc.


Sources of personal data

    • Directly from users such as information the users’ input during the service registration, medical records, or the information received during the communication between users and the company or the company’s staff, information from the use of the company’s services, contacts, visits, website searches, call center and other channels provided by the company, and including the information from activity participations.
    • Tracking technology when the customers use the company’s website and application.
    • Affiliated companies.
    • Third-party such as:
      • Governmental agencies
      • Financial institutes
      • Representatives, agents, and other brokers
      • Business partners
      • Information providers
      • Social media platforms and advertisers.

The sources mentioned above are solely to update the users’ personal data to be present and improve the company’s services to better quality and efficiency.


Period of data collection and retention

The company will retain the users’ personal data as long as necessary or as per the law required or until the completion of the operations according to the purposes stated in this privacy policy. Except when the laws stipulate or allow the company to retain the data longer, the duration may be 1 – 20 years or more. These include the statutory limits on relevant matters for legal proceedings or investigation by supervising authorities.


Disclosure of personal data

The company will not disclose personal data to any person without prior consent from the users. Nevertheless, the users acknowledge and accept that for the efficiency of service providing or legal compliance, the company may disclose the users’ personal data to the following persons:

  • Affiliated companies
  • The company’s staff
  • Domestic and foreign data processing providers
  • Agencies or legal authorities

By disclosing personal data to the abovementioned persons, the company will ensure these persons will keep the users’ information confidential and will not use it for other purposes outside of the scope of the company stipulated.

In addition, the personal data received from the users will be stored on the cloud of the data processing provider which is a third-party and has servers both inside and outside of Thailand. Such data transfers of the company’s users’ data are for the purpose of security on data storage, backup, retrieval, and service providing. The company has inspected and chosen the provider carefully and has agreements relating to the data protection security measures and scope of data processing with the relevant provider. When the users give personal data to the company, it is deemed that the users consented to the cross-border data transfers and storage of the users’ personal data in foreign countries for the abovementioned purposes. Nonetheless, if the users believe the persons the company discloses the users’ personal data to, as listed above, have used the users’ personal data for purposes other than the scope of the company, the users can inform the company using the contact details provided in this privacy policy to proceed further.

Moreover, the company may have to disclose the users’ personal data to comply with the law, such as disclosing to governmental agencies, state organizations, supervising authorities of the servicers or the supervising authorities of the users, and including the requests to disclose the data as stipulated by the laws, i.e., the information request for filing the litigations or legal proceedings, or the request from private organizations or other third parties relating to the legal procedures, or the request to forward the patient information to the Department of Health Service Support, Ministry of Public Health, and including the cases where it is appropriate and necessary to enforce the company’s terms and conditions. The disclosure may also take place during the organization’s restructure, the company mergers, or acquisitions where the company may transfer all or part of users’ personal data that the company collected to the relevant companies.


Sending or transferring personal data to foreign countries

The company may transmit or transfer personal data collected, used, or disclosed to foreign countries. The destination countries or the international organizations that receive the personal data must have adequate personal data protection standards in coordination with the laws.


Rights of data subjects

Under the personal data protection law, you have the rights to proceed as follows:

Right to withdraw consent: If you have given consent, we will collect, use, or disclose your personal data whether you had consented before the date the personal data protection law was enforced or afterward. You have the right to withdraw your consent at any time.


Right to access: you have the right to access your personal data under our responsibility, request us to make a copy of the data for you, and request us to disclose how we retrieved your personal data.


Right to data portability:  you have the right to receive your personal data if we can arrange such personal data to be in the format that is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. You also have the right to request us to send or transfer your personal data to other data controllers when it is possible to do so by automated means and receive your personal data, which we sent or transferred using such means to the other data controller directly unless it is impossible to do so because of the technical circumstances.


Right to object: you have the right to object to the collection, use, or disclosure of your personal data at any time, suppose that the collection, use, or disclosure of your personal data were proceeded necessarily with legitimate interests of us, other persons or legal persons without exceeding the scope you can reasonably expect or proceeding for the public interest obligations.


Right to erasure/destruction:  you have the right to request us to delete, destroy or anonymize your personal data if you believe that your personal data had been collected, used, or disclosed without legitimate ground of relevant laws, or you think that we no longer need to store it for the purposes stated in this policy, or when you have exercised your right to withdraw consent or right to object.


Right to restriction of processing:: you have the right to restrict the use of personal data temporarily when we are pending an examination process following your request to rectify your personal data or your objecting request. Or in other cases where the data is no longer necessary for us, and we have to delete or destroy it per relevant law, you request us to restrict its use instead.


Right to rectification:  you have the right to rectify your personal data to be accurate, up-to-date, complete, and does not cause a misunderstanding.


Right to lodge a complaint: you have the right to make a complaint with the relevant legal authorities if you believe that collecting, using, and disclosing your personal data has breached or does not comply with the applicable laws.

You can exercise your rights as a data subject mentioned above by contacting our personal data protection office as detailed at the end of this policy. We will inform you of the result within 30 days from the date we receive your request to exercise your rights with the form or method we set forth. If we deny your request, we will inform you of the reason for rejection via various channels such as SMS, email, phone number, or letter, etc.


Rectification or deletion of personal data:

the users can rectify or delete the users’ personal data at any time. The users can request a form regarding personal data to fill in and send it back to the company through email: info@klairemedicalcenter.com . The deletion of data may prevent the users from using the company’s services or lessen the services’ efficiency.

                In the case there is a request to delete the users’ personal data from the company’s system or user database, the company will take actions with the total capacity of a relevant system to facilitate and process the users’ requests. Unless it appears that proceeding with such request will risk breaching the privacy policy of other users or breaching the law, or there is a necessity to keep the data as evidence for the examinations or legal proceedings, or to comply with the relevant laws, or to comply with the safety policy of the system or in the case that the users’ requests are beyond the possibility to proceed practically.

Nonetheless, although the company has already proceeded with the users’ requests, there may be a record or copy of such data at the company’s server or backup system for data backup if there are errors, defects, or system failures.


Request to access and obtain the electronic copy of personal data, request to disclose and transfer personal data to other persons by automatic means, request to restrict or suspend the use of personal data, or the rejection of data processing:

the users can ask for the “form regarding the personal data” to fill in and send it back to the company via email info@klairemedicalcenter.com or call: 02-227 0600.

  • Consent withdrawal: the users can withdraw the users’ consents given to the company regarding data processing or specific activities by contacting the company via email: info@klairemedicalcenter.com or call: 02-227 0600.
  • If you no longer want to receive news via telephone: please inform us via email: info@klairemedicalcenter.com
  • If you no longer want to receive news through email: the customers can click “unsubscribe from news” from within the email you received from the company immediately.
  • Complaint lodging:  the users have the right to make a complaint to the expert committee under the Personal Data Protection Act if the company or personal data processor including the staffs or employees of the company or data processor breach or do not comply with the Act or the announcement made under the Act.


Consequences of consent withdrawal

The data subjects may withdraw the consent to let the company collect, use, or disclose personal data as mentioned above by informing the company. The company may ask for reasons for such withdrawal.

The consent withdrawal of data subjects will not affect the collection, use, or disclosure of personal data that the data subjects had consented to prior.

In addition, before I gave my consent, I have read and understood the terms and conditions in disclosing personal data as stated explicitly above. I expressed my consent to be bound by following this term and condition, including all the future rules.


Report on the breach of personal data

If there is a breach of your personal data, we will promptly inform the Office of the Personal Data Protection Commission within 72 hours after we learned about the breach. Suppose the violation has a high risk that will affect your rights and freedom. In that case, we will inform you about the breach and the remedy thereof immediately through various channels such as website, SMS, email, phone number, or letter, etc.


Dispute resolution

In resolving any dispute arising from this company’s website, if the users encounter the problem or damages from any text, content, or service, including the violation of rights or intellectual rights that appeared on the company’s website, the company has a dispute resolution as follows:


  • The injured person must file the complaint in writing explicitly to the company’s staffs at the address below by stating the following details:
    • Name, address, current address
    • Current phone number/email
    • Details on the complaints or the evidence regarding the illegal conduct (if any)
    • Suggestion or recommendation or request that would like the company to proceed


  • You must proceed with such complaint filing or suggestion by contacting:
    • M.D. Health and Beauty Co., Ltd. : Address259/22 Soi Pridi Banomyong 13, Sukhumvit 71 Road, Prakanong Nuea, Wattana, Bangkok, 10110.
    • Phone number: 02-227 0600
    • Email: info@klairemedicalcenter.com

After the company acknowledges the abovementioned complaints, the company will contact the relevant persons and inform the managing director or the delegation of the company and proceed with the resolution within 15 days from the date stated in your written complaint that contains the details as the company mentioned above. Pending the investigation, you agree to refrain from filing a case or waive your rights to file complaints in civil or criminal proceedings as the company needs time to examine and investigate the facts further.


Questions or suggestions

If you would like to ask for more information regarding this Privacy Policy, including a request to exercise the rights. You can contact our Data Protection Officer or us as follows:


Data Controller

M.D. Health and Beauty Co., Ltd.

259/22 Soi Pridi Banomyong 13, Sukhumvit 71 Road, Prakanong Nuea, Wattana, Bangkok, 10110.

Phone number: 02-227 0600

Email: info@klairemedicalcenter.com


Data Protection Officer

Klaire Medical Center PDPA Team

259/22 Soi Pridi Banomyong 13, Sukhumvit 71 Road, Prakanong Nuea, Wattana, Bangkok, 10110.

Phone number: 02-227 0600

Email: info@klairemedicalcenter.com


Effective from 1 April 2021

M.D. Health and Beauty Co., Ltd.