Well Health, we aim to comply with the Personal Data Protection Act 2565 (PDPA) and to be market leaders regarding healthcare and privacy.
This policy explains how we use your data. We want to help you understand how we work with your data so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time, and if we make any changes, we will notify you when we make any changes to review.
This policy explains how we use your data for our home-monitoring healthcare services.
This policy covers:
1. Who we are
2. What personal data do we hold, and how do we get it
3. What do we use your data for
4. Sharing your data
6. Data security and transfers
7. Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by
Address: 188 Spring Tower, 10th Floor, Phaya Thai Road, Thung Phaya Thai, Ratchathewi, Bangkok 10400
1. Who we are?
Invitrace company Limited delivers our health services. The registered office and principal place of business are 55/240 Moo 9, Pakkret, Nonthaburi, Thailand.
When this policy talks about 'Well Health', 'us', or 'we' it means INVITRACE. We provide your data to other companies, which are your employer.
2. What personal data do we hold, and how do we get it?
We use the following categories of personal data:
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, gender, profile picture, phone number, hospital number, identification number, including caregiver information such as name and phone number of caregiver and relationship.
Health and medical informationThe primary type of information we hold about you is Health and medical data: information about the hospital, clinic, treatment status, personal doctor, health insurance, weight, height, treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram and any other medical information related to you. This includes your consultations with our doctors and interactions with our digital services. Your interactions with our digital services may be shared with our doctors to provide you with a better experience for your health care.
We may also hold information about you and your Health from other apps, devices, and services where you have consented to that data being shared. Examples include where you decide to share information collected from a smartwatch or similar device with our App.
Technical information and analytics
When you use our App, we may automatically collect the following information.
Information about your visit (such as when you first used the App and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, App response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the App or otherwise) and any phone number used to call our customer service number.
We work with hospital partners to provide you with services that are suitable for you. This includes helping us understand how users interact with our services and measuring the performance of our services.
Sources of personal data
We receive personal data directly from you. We collect your data from the following service process.
When you register an account to use our services.
Collet from your voluntary in completing the questionnaire.
Collect data from your use of the Platform through the application.
Collect from your inquiry or through chat interactions.
When you click to buy services or products from us.
When you connect your device to our Platform.
3. What do we use your data for?
The purposes for which we use your data and the legal grounds on which we do so are as follows:
Providing you a service
We obtain and use your details to verify that you are a user of an application that has subscribed to our services through hospitals and clinics. When a healthcare professional confirms your access, your personal information will be sent to us, and provide your personal information to the hospitals and clinics you are using.
We obtain and use your medical information because this is necessary to calculate and notify your health information to the healthcare professionals in your clinic. We can use this information to provide healthcare services and personalize services such as content and health services for you in the application.
Making healthcare accessible
Where you have provided your explicit consent, we will use your medical information (permanently removing personal identifiers, such as your name, address, and contact details) to improve our healthcare products and services, and our artificial intelligence system will deliver better healthcare to you. This medical information (with your identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making decisions that would significantly affect you – it is only about improving our products, services, and software so that we can deliver a better experience to you and help achieve our aim of making healthcare accessible to everyone. Strict confidentiality and data security provisions always apply. This consent relates to information that can identify you.
We may obtain and use data about your precise location where you give your consent (by providing us access to your area through your App, browser settings, or address). We may also derive your approximate location from your IP address.
Based on our legitimate interest in managing and planning our business, we may analyze data about your use of our products and services to troubleshoot bugs within the App, forecast the demand of service, and understand other trends in usage, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services. Strict confidentiality and data security provisions will always apply.
Where necessary, we may need to share personal and financial details for fraud prevention and detection.
We also store your medical information, such as hospitals, clinics, treatment status, personal doctor, health insurance, weight, height, treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram and any other medical information related to you. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by the regulator as otherwise required by law or regulation.
Where necessary for safety, regulatory, and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will always apply to audits and access
4. Sharing your data with others
Personal data collected in the use of our services may be disclosed to relevant persons or entities such as cloud service providers, information administrators, developers of applications, and related information systems as personal data processors and service providers in related to using our services, such as the hospital where you receive treatment or business partners under the supervision and personal data protection conditions set by the service unit as a personal data controller without collecting, using, or disclosing personal data of you for the business benefit of the personal data processor without consent of you as the personal data subject.
Information sharing with other healthcare providers
We will, where necessary for your treatment or care, share your information with healthcare providers, for example, doctors, nurses, or other healthcare professionals in the hospital where you are treated, to provide services under the supervision and conditions of personal data protection set by the service unit as a personal data controller.
We may display on our website or share with our commercial partners aggregated and anonymized data that does not personally identify you but shows general trends, for example, the number of users of our service.
5. Retention periods
We retain your medical records by standard practice. Below is a summary of our retention policy. However, we may keep records that do not identify you for legitimate business purposes, such as managing or planning our business or documents for other periods as required by law or regulation, and after maturity, there is a standard practice of the law for the data destruction method.
Patient Login 10 years
Patient Profile 10 years
Name, surname, date of birth, gender, photo, hospital number, identification number, hospital, clinic, treatment status, personal doctor, health insurance, weight, height
Patient Contact 10 years
Phone number, caregiver information
Health and medical information 10 years
treatment expectation, affordability, symptoms, quality of life, medication records, body temperature, heart rate, blood pressure, respiratory rate, steps, oxygen saturation, hours of sleep, blood sugar level, electrocardiogram
Hospital Care Team Login 10 years
Doctor Note to the patient (message) 10 years
Doctor/Nurse Users list (Rights) 10 years
Internal message 10 years
Analyzed Data 10 years
Access and Usage log data 10 years
Post-Data Analysis 10 years
6. Data storage, security, and transfers
We do not store your health data on your mobile device. We keep your health data on secure servers, including symptoms, quality of life, medication information, and vital sign data.
7. Your rights
As indicated above, whenever we rely on your consent to process your data, you have the right to withdraw your consent at any time by contacting via email firstname.lastname@example.org
You also have specific rights under the PDPA to:
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via email email@example.com
We will process your request within a reasonable time from such a request for withdrawal of consent being made with the data destruction method and will not collect, use and/or disclose your personal data in the manner stated in your request.
Your withdrawal of consent may result in inevitable consequences. For example, it may mean that we will not be able to provide you with certain services that you have requested. We will inform you of such consequences after we receive your withdrawal request.
You can rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or Health records for medical diagnoses and treatment for prescribed periods.
For any questions or concerns, you can contact us via email at firstname.lastname@example.org