www.villa-medica.com is property of Optimum Health Management Co., Ltd, Thailand.
This Website may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Optimum Health Management may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from May 2018.
- What personal information about you we may collect
- How we may use your personal information
- Who we may disclose your personal information to
- How we protect your personal information
- Contacting us & your rights to prevent marketing and to access and update your personal information
- Our Cookies Policy
1. Information we may collect about you
1.1. We may collect and process the following data about you:
a) Information you give us. This is information about you that you give us by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Website, subscribe to our services, search for a product, place an order on our site, or other activities commonly carried out on the Website and when you report a problem with our Website. The information you give us may include your name, e-mail address and phone number, personal description and photograph, and any other information.
b) Information we may collect about you. With regard to each of your visits to our Website or Platform we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other information;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), products you viewed or searched for’, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, any phone number used to call our customer service number, and other information.
- Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may notify you when we receive information about you from them and the purposes for which we intend to use that information.
2. Uses made of your personal information and justification of uses
2.1. We may use your personal information in the ways listed below. Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use in this policy. These are the principle grounds that justify Our use of your information:
a) Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by notifying us);
b) Contract performance: where your information is necessary to enter into or perform our contract with you;
c) Legal obligation: where we need to use your information to comply with our legal obligations;
d) Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights;
e) Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you or a third party.
2.2 We may use your personal information in the following ways. For each use, we note the grounds we use to justify each use of your personal information:
a) to on-board you onto the Website. Where you are a Customer or designated contact of a Customer, you will create an account by providing the relevant information as specified in paragraph 1.1.(a) above. Where you are a representative of a Customer, you will create an account by providing the relevant information as specified in paragraph 1.1.(b) above
Use justification: consent, contract performance, legitimate interests (to allow is to on-board you as a user);
b) as part of the on-boarding process described in paragraph 2.1(a) above, where you are a designated contact of a Customer, we will conduct KYC, AML and other checks to decide whether to on-board you on to the Platform. We may disclose such information to third party credit reference and fraud agencies for the purposes of credit analysis and detecting and preventing fraud and crime – please see paragraph 3.5. below).
Use justification: consent, contract performance, legal obligations, legitimate interests (including to ensure you fall within our acceptable risk profile);
c) to provide you with updates and offers, where you have chosen to receive these (please see the section titled “Marketing” below)
Use justification: consent;
d) to ensure that content from our Website is presented in the most effective manner for you and for your computer
Use justification: consent, contract performance, legitimate interests (to allow us to provide you with the content and services on the Website);
e) to analyse it to develop our products, services and systems and to understand our users’ requirements
Use justification: legitimate interests (to allow us to improve our services);
f) to notify you about changes to our service
Use justification: contract performance, legitimate interests (to allow us to continuously develop our services).
We may use your information for marketing our own services to you by email, through the Website and by post, and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing.
Use justification: consent (which can be withdrawn at any time – please see paragraph 5.1. below)
Opt-out: we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 5.4. below.
We may use, and we may engage third parties who may, collect information, by using technologies such as cookies and web beacons, across various websites and devices, for the purpose of delivering more relevant advertisements on our behalf, or on the behalf of third parties, to you on the Service or third party websites, and to perform tracking and reporting functions for our Service, Partner Sites, or other third party websites, and the advertisements you view or click on. We, or third parties we engage, may combine this with Personally Identifiable Information like your name or email address or other information that could be used to identify you, which may be used, among other things, to deliver advertising, including by email, targeted to your preferences and interests derived from your interaction with the Website, Partner Sites or other third party websites, and to better understand your interactions with the Website, Partner Sites and other websites.
To learn more about this type of targeted advertising (also called interest-based advertising), analytics services and your choices, including how to opt-out of some interest based advertising, advertising networks and ad servers, please visit https://www.youronlinechoices.com or http://youronlinechoices.eu/, DAA Consumer Opt-Out Page, NAI Consumer Opt-Out Page and Google’s information page.
3. Disclosures to third parties and justification of uses
3.1. We may permit selected third parties such as business partners, suppliers, service providers, agents and contractors to use your personal information, for the purposes set out in paragraph 2 above who will be subject to obligations to process such information in compliance with the same safeguards that we deploy.
Use justification: contract performance, legitimate interests (to enable us to effectively provide our services to you)
3.2. We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);
3.3. In the event that we (or a part thereof) are (i) subject to negotiations for the sale of its business or (ii) is sold to a third party or (iii) undergoes a reorganisation, you agree that any of your personal information which We hold may be transferred to that re-organised entity or third party and used for the same purposes as set out in this policy, or for the purpose of analysing any proposed sale or re-organisation. We will ensure that no more of your information is transferred than necessary.
Use justification: legitimate interests (to allow us to change our business).
3.4. We and other organisations may also access and use your personal information to conduct KYC checks, credit checks and checks to prevent fraud and money laundering. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to the relevant authorities including credit reference agencies and fraud prevention agencies. We will also record this. Law enforcement agencies may access and use this information. We, and other organisations that may access and use information recorded by such agencies, may do so from other countries.
Use justification: legal obligation, legal claims, legitimate interests (to assist with the prevention of crime and fraud)
4. Transmission, storage and security of your personal information
Security over the internet
4.1. No data transmission over the Internet or website can be guaranteed to be secure from intrusion; any transmission is at your own risk. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
4.2. All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
4.3. In accordance with the recommendations of Payment Card Industry Security Standards Council, customer card details are protected using Transport Layer encryption — TLS 1.2 and application layer with algorithm AES and key length 256 bit.
Export outside the EEA
4.3. Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor we will impose the same data protection safeguards that we deploy inside the EEA.
4.4. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. If we decide that, staff in those countries which have not had these approvals, will have access to your personal information,, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
4.6. We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period one that period expires.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
5. Your rights & contacting us
Data Protection Rights
You have the following data protection rights:
a) You can request access, correction, updates or deletion of your personal information.
b) You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
c) If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
d) You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.)
To exercise any of these rights, please contact us at any time in accordance to paragraph 5.4
5.1. You have the right to ask us not to process your personal data for marketing purposes. You can exercise the right at any time by contacting us in accordance with Section 5.4.
5.2. We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in paragraph 5.4
Last updated on 23 May 2018