Well Health, we aim to comply with the Personal Data Protection Act 2565 (PDPA), and to be market leaders when it comes to healthcare and privacy.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any changes, we will notify you when we make any changes to review so.
This policy explains how we use your personal data for our home-monitoring healthcare services.
This policy covers:
1. Who we are
2. What personal data we hold and how we get it
3. What we use your personal data for
4. Sharing your personal data
6. Data security and transfers
7. Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting us:
Address: 139, Spaces 24th Floor, Chamchuri Square, Pathumwan, Bangkok 10330
1. Who we are
Our healthcare services are delivered by Invitrace Company Limited. The registered office and principal place of business is 55/240 Moo 9, Pakkret, Nonthaburi, Thailand. Our partner service is hospitals
When this policy talks about ‘Well Health’, ‘us’ or ‘we’, it means Invitrace. We provide your data to hospitals which use our service including other companies to provide your healthcare services
2. What personal data we hold and how we get it
We use the following categories of personal data:
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, gender, profile picture, phone number, hospital number, identification number including caregiver information such as name and phone number of caregiver and relationship.
Health and medical information
The main type of information we hold about you is health and medical information: information about hospital, clinic, treatment status, personal doctor, health insurance, weight, height, treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram and any other medical information related to you. This includes details of your consultations with our doctors, and interactions with our digital services. Your interactions with our digital services may be shared with our doctors in order to provide you with a better experience and for the purposes of providing your health care.
We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us. Examples include where you decide to share information collected from a smart watch or similar device with our App.
Technical information and analytics
When you use our App, we may automatically collect the following information.
information about your visit (such as when you first used the App and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, App response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the App or otherwise) and any phone number used to call our customer service number.
We work with hospital partners to provide you with services that are suitable for you. This includes helping us understand how users interact with our services and measuring performance of our services.
Sources of personal data
We receive personal data directly from you. We collect your personal data from the following service process.
When you register an account to use our services.
Collet from your voluntary in completing the questionnaire.
Collect data from your use of the Platform through the application.
Collect from your inquiry or through chat interactions.
When you click to buy services or products from us.
When you connect your device to our platform.
3. What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
Providing you a service
We obtain and use your personal details in order to verify that you are a user of an application that has subscribed to our services through hospitals and clinics. When a healthcare professional confirms your access, your personal information will be sent to us and provide your personal information to the hospitals and clinics you using.
We obtain and use your medical information because this is necessary to calculate and notify your health information to the healthcare professionals in your clinic. We can use this information to provide healthcare services and personalize services such as content and health services for you in the application.
Making healthcare accessible
Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address, and contact details) to improve our healthcare products and services, and our artificial intelligence system, so that we can deliver better healthcare to you. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making any decisions that would have a significant effect on you – it is only about improving our products, services, and software so that we can deliver a better experience to you and help achieve our aim of making healthcare accessible to everyone. Strict confidentiality and data security provisions always apply. This consent relates to information that can identify you.
We may obtain and use data about your precise location where you give your consent (through providing us access to your location through your App or browser settings or your address). We may also derive your approximate location from your IP address.
· Based on our legitimate interest in managing and planning our business, we may analyze data about your use of our products and services to troubleshoot bugs within the App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will always apply.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
We also store your medical information, such as hospitals, clinics, treatment status, personal doctor, health insurance, weight, height, treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram and any other medical information related to you. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by the regulator as otherwise required by law or regulation.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
4. Sharing your personal data with others
Personal data collected in the use of our services may be disclosed to relevant persons or entities such as cloud service providers, information administrators, developers of applications, and related information systems as personal data processors and service providers in related to using our services, such as the hospital where you receive treatment or business partners under the supervision and personal data protection conditions set by the service unit as a personal data controller without collecting, using, or disclosing personal data of you for the business benefit of the personal data processor without consent of you as the personal data subject.
Information sharing with other healthcare providers
· We will, where necessary for your treatment or care, share your information with health care providers, for example, doctors, nurses, or other healthcare professionals in the hospital where you are treated for the purpose of providing services under the supervision and conditions of personal data protection set by the service unit as a personal data controller.
· We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
5. Retention periods
We retain your medical records in accordance with standard practice. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business or records for other periods as required by law or regulation and after maturity, there is a standard practice of the law for the data destruction method.
Patient Login 10 years
Patient Profile 10 years
Name, surname, date of birth, gender, photo, hospital number, identification number, hospital, clinic, treatment status, personal doctor, health insurance, weight, height
Patient Contact 10 years
Phone number, caregiver information
Health and medical information 10 years
treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram
Hospital Care Team Login 10 years
Doctor Note to patient (message) 10 years
Doctor/Nurse Users list (Rights) 10 years
Internal message 10 years
Analyzed Data 10 years
Access and Usage log data 10 years
Post-Data Analysis 10 years
6. Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data, including symptoms, quality of life, medication information, and vital sign data on secure servers.
7. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by contact via email firstname.lastname@example.org
You also have specific rights under the PDPA to:
· wherever we process data based on your consent, withdraw that consent at any time. You can do this via email email@example.com
We will process your request within a reasonable time from such a request for withdrawal of consent being made with data destruction method, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request.
Your withdrawal of consent may result in certain consequences. For example, it may mean that we will not be able to provide you with certain services that you have requested. We will inform you of such consequences after we receive your request for withdrawal.
You can rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time.
For any questions or concerns, you can contact us by sending an email to firstname.lastname@example.org