Well Hospital Edition – Well Care Privacy Policy
Well Hospital Edition – Well Care by OMIC, We aim to comply with the Personal Data Protection Act 2562 (PDPA), and to be market leaders when it comes to healthcare and privacy.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any changes, we will notify you when we make any changes to review so.
This policy explains how we use your personal data for our healthcare services and products, including, amongst others, our private service, and our partner service.
This policy covers:
1. Who we are;
2. What personal data we hold and how we get it;
3. What we use your personal data for;
4. Sharing your personal data;
5. Retention;
6. Data security and transfers; and
7. Your rights.
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting us:
Address: 139, Spaces 24th Floor, Chamchuri Square, Pathumwan, Bangkok 10330
Email: info@omic.com
1. Who we are
Our healthcare services are delivered by Ontarget Medicine Invitrace Cooperatice (OMIC) – number 0-9930-00437-60-8. The registered office and principal place of business is 55/240 Moo 9, Pakkret, Nonthaburi, Thailand.
Our partner service is Phayathai 1 Hospital Co.,Ltd - number 0105544117879, whose registered address is 64/1 Thanon Si Ayutthaya, Thanon Phaya Thai, Ratchathewi, Bangkok 10400
When this policy talks about ‘Well Hospital Edition, ‘us’ or ‘we’, it means Ontarget Medicine Invitrace Cooperatice (OMIC). We provide your data to other companies within our corporate group, including Ontarget Medicine Company Limited, which develops and maintains our medical knowhow, Invitrace Company Limited, which develops and maintains our software.
Ontarget Medicine Company Limited and Invitrace Company Limited are joint controllers of your personal data provided to, or collected by or for, or processed in connection with our healthcare services. This policy applies to both companies.
Your relationship is with Ontarget Medicine Invitrace Cooperatice (OMIC). If for example, you would like to access your data, Ontarget Medicine Invitrace Cooperatice (OMIC) is the entity to which you would make such a request.
2. What personal data we hold and how we get it
We use the following categories of personal data:
Personal details
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners. You are responsible for the accuracy of the information that you provide to us.
Health and medical information
The main type of information we hold about you is health and medical information: information about your health, symptoms, treatments, consultations and sessions, medications and procedures. This includes details of your consultations with our doctors, and interactions with our digital services, including interactions with our chatbot, 7 days daily question, sides effect check up,quality of life check up, health monitoring, recommendation notes, and appointment. Your interactions with our digital services may be shared with our doctors in order to provide you with a better experience and for the purposes of providing you health care.
We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our services, we may receive your medical history from your previous health records from hospital. Any correspondence we receive from you is uploaded electronically to your Well Hospital Edition health record.
We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us. Examples include where you decide to share information collected from a smart watch or similar device with our App.
Technical information and analytics
When you use our App, we may automatically collect the following information where this is permitted by your device or browser settings:
· technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, OTP, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
· information about your visit (such as when you first used the App and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, App response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the App or otherwise) and any phone number used to call our customer service number.
We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts.
Information obtained from third party services
You may choose to connect your existing accounts with other providers (such as a social media provider) , for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name. Provided we are acting in accordance with data protection laws, we may also use information from other sources, such as specialist companies that supply information, online media channels, our commercial partners and public registers. This information can for example, help us to improve and measure the effectiveness of our services.
3. What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
Providing you a service
· We obtain and use your personal details and financial details in order to establish and deliver our contract with you and (if applicable) charge you correctly.
· We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous health record with Phayathai 1 Hospital. It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms.
Making healthcare accessible
· Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, and our artificial intelligence system, so that we can deliver better healthcare to you and other Well Hospital users. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making any decisions which would have a significant effect on you – it is only about improving our products, services and software so that we can deliver a better experience to you and other Well Hospital users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you.
· We may obtain and use data about your precise location where you give your consent (through providing us access to your location through your App or browser settings or your address). We may also derive your approximate location from your IP address.
Keeping you up to date
· We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
· As part of providing you with high quality preventative and occupational health care services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example for free healthcare screening programmes (such as cervical cancer screening).
Other uses
· Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within the App or our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
· Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
· We also store your medical information, such as notes from consultations, recordings of our consultations with you as well as your interactions with our digital services including interactions with our chatbot, 7 days daily question, sides effect check up,quality of life check up, health monitoring, recommendation notes, and appointment, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulator as otherwise required by law or regulation.
· Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
4. Sharing your personal data with others
· We may share your personal data with members of our corporate group and our partners (such as Ontarget Medicine Company Limtied, Invitrace Company Limited). This is to help us deliver our services to you.
· We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
· Where you access our services through your health insurance provider or any of our commercial partners (including your employer) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, whether or not you had a referral made and other similar information about your appointment with us.
Information sharing with other healthcare providers
· We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your Phayathai 1 Hospital and other bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
Anonymised information
· We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
5. Retention periods
We retain your medical records in accordance with standard practice. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation.
6. Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data, including your primary care information, medication information and diagnostic information, on secure servers.
Where you have chosen a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We encrypt data transmitted to and from the App. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
7. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App.
You also have specific rights under the PDPA to:
· wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App;
· understand and request a copy of information we hold about you. Subject to our retention periods, recordings of your appointments with us and other medical notes can be accessed via the App. For other information, you can make a request by email;
· ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time;
· ask us to restrict our processing of your personal data or object to our processing; and
· ask for your data to be provided on a portable basis.
Contact us
For any questions or concerns, you can contact us by sending an email to info@omic.com