Last updated: 25 July, 2022
Ever Medical Technologies Co., Ltd., (referred to as “EVER”, “we” or “our” or “us”) offers a wide range of products and services, including server products used to help operate enterprises worldwide, EVER application (“Application”) and online health-related products and services reservation platform (OMA) (“Platform”) (hereinafter referred to as “Service”). EVER is always committed to conduct its business under good corporate governances, including recognizing the importance of data security and privacy where we intend to process your personal data with transparency.
The purpose of this privacy policy (“Privacy Policy”) is to maintain your trust and ensure that EVER will properly manage and process your personal data including maintain the security measure as specified by the laws and meet the international standard.
In case that you are user of our Application or Platform, you may find further details about the processing of your personal data in relation to the provision of the Service as well as the exercising of rights and procedure to exercise your rights from the Privacy Policy of EVER application at https://support.ever.healthcare/hc/en-us/articles/7670901380761-Privacy-Policy and Privacy Policy of online health-related products and services reservation platform (OMA) at https://support.ever.healthcare/hc/en-us/articles/7670901380761-Privacy-Policy
This Privacy Policy applies when EVER acts as the data controller of the personal data only. For any activities where EVER is the data processor for other data controller, you may check the details of such processing activities from the privacy policy or notice of processing of such company, organization, or service provider who is the data controller of such activity directly.
1. Collection of Personal Data
EVER may, directly or indirectly, collect your personal data from the following sources:
• Information provided to us directly via the use of our products and/or services including the Application and
• Platform, the registration of user account, conversation via live-chat or in-app messenger on the Platform, or by
• doing any transactions or participating in any campaigns or activities through our Services;
• Personal data we received from our affiliates;
• Medical Service Provider, hospital, clinic, and/or other service provider whom you choose to receive services;
• Social media and/or other public relation media that you use to access our Service;
• Personal data from third-party, such as our business partners; and
• Any public sources such as government data, and other professional institution
2. Types of Personal Data Collected
Depending on purposes of use and requirement of the officers in processing personal data, EVER may collect various types of your personal data including:
General Personal Data
• Identification information such as name, username, password, date of birth, identification number, passport number, flight itinerary, telephone number, address, copy of public servant identification card, copy of identification card, copy of passport, photo, voice, and video;
• Personal characteristics such as age, sex, weight and height;
• Geographic information and information about your device and software such as Internet Protocol address (IP Address), your Global Positioning System (GPS), location, your current location or technical hardware and software specifications, and uniquely identifying data;
• Financial information such as credit and debit card, bank account, transaction information including price, payment method, and other payment details;
• Service usage history such as voice recording, video recording, and other record created during the services, data automatically collected via Application and/or Platform including Application and/or Platform usage behavior, log-file, your interests, devices information and your IP address, setting information, Application and/or Platform adjustment, date or location that you use the Application and/or Platform;
• Other information such as personal data that you provide when communicate with us through the Services, and other communication channels or when do any transactions or participating in any campaigns or activities through our Services;
Sensitive Personal Data
• Personal characteristics such as blood type;
• Health information such as body mass index, heart rate, blood pressure, oxygen saturation, body temperature, fasting blood sugar, hearing, mobility, nutrition, sleep, cycle tracking and other relevant health data, records and history;
• Medical information and medical history such as congenital disease, lifestyle behavior, sexual orientation, genetic data, symptom, health assessment result, medical record, medical history, clinical record, vaccination history and treatments, medical prescription history, medical test results, diagnosis result, medication usage or record of treatment method;
With regard to the processing of sensitive data, EVER will obtain consent from the data subject before or at the time of data processing, unless the processing of such sensitive data falls under the exceptions that the Personal Data Protection law prescribed.
3. Retention Period
EVER will retain your personal data as long as it is necessary for the purpose of data processing. After that, EVER will erase and destroy your personal data except as may be required, by applicable laws, or for protection of EVER’s interest. In general, personal data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law or for the protection of EVER’s interest.
Upon the completion of the abovementioned period, EVER will follow the deletion and destruction procedure to ensure that all your personal data is safely deleted from server of EVER or is retained in the form of anonymous data.
4. Purposes of Use and Disclosure
EVER will process your personal data to: (i) perform contractual obligations as a party to the contract, (ii) comply with legal obligations, (iii) for the legitimate interest, (iv) for vital interest, or (v) for the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics. EVER will use and disclose Personal Data for the abovementioned purposes and scope, including the following purposes:
4.1 Purposes of Providing Medical Services
• Registration for using Application and/or Platform, creation of user account, including patient registration, and verification record;
• Accessing telemedical service, telepharmacy service or video call services to consult, make any queries, and receive diagnosis from medical service provider or other service provider chosen by you via our Application;
• Ordering/ reserving products and/or services of your chosen medical service provider via our Platform;
• Notification for doctor appointment via telemedical, telepharmacy and notification for other services;
• Connection with other application such as Google Health or Apple Health Kit, to obtain and record any information relating to the Service;
• Processing your request prior to entering into an agreement, consider for approval in relation to the provision of products and/or services, and deliver products and/or services to you including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing ServicesSpecifying your location for receiving Service or for delivery of medicine, medical supplies, or other devices;
• Carrying out your instructions or processing your requests (e.g. to connect you with the relevant pharmacies, other service providers and/or medical service provider);
• Connecting your health data between your mobile application and web application for doctor and/or personnel of medical service provider and/or other service providers;Providing communication system (chat) between you and medical service provider or other service provider;
• Processing payment, proceeding in relation to the purchase order of medicines, medical supplies and our services, including delivery of medicines, medical supplies, and services under the purchase order and other transaction on the Application and/or Platform;
• facilitating with the visa organization for the person receiving medical services;
• Providing services for the reservation of hotel and/or accommodation for the user;
• Providing services for the reservation of the vehicle for the user;
• Providing services for storing data as per the request/order of the user and any other services concerning the user’s data in accordance with the user’s request/order on the Application;
• Sending administrative information to you (e.g. information regarding the services and changes to our terms, conditions, and policies);
• Ensuring that the content on our channel will be provided to you and shown on your electrical devices efficiently; and
• Communication, expressing opinion, making queries, and communicate with you.
4.2 Purpose of Analyzing, Developing, and Improving Service including Preparing Statistical Information
• Conducting research or strategy analysis in developing, improving, and maintaining quality of our Service, including developing software, hardware and functions relating to our Service;
• Preparing statistical information in relation to public health system, for education, and our internal analysis only;
• Supporting the stability and security of the Application and/or Platform;
• Conducting satisfactory survey, questionnaire, and opinion suggestion in the Application and/or Platform; and
• Data connection with public and private data sources and provide set of anonymous data (anonymous data such as demographic information, behavioral information, and technical information that summarized from fundamental information) for the usage of our purposes.
4.3 Marketing Purpose
In the case where applicable law permits and/or EVER obtained your consent to process data, EVER may collect, use, and disclose your personal data including but not limited to the following marketing purposes:
• Offering information and newsletter in relation to our Services via Application, Platform and/or our other channel. In case where you no longer wish to be contacted for marketing of sales activities, you could opt-out through our designated channels;
• Processing the purchasing order for medicine, medical supplies, and Service that you use in order to improve quality of Service, sending information relating to the medicine, medical supplies, and offer Services that you may interested in, including giving advice in relation to medicines, medical supplies, and Services to you via Application, Platform and/or our other channel;
• Setting pattern and improving our general marketing activities; and
• Using all information of the Services’ visitors and users to generate usage pattern or interest of the Services’ visitors and users
4.4 Other Purpose
• Fulfill our contractual obligations whether directly or indirectly;
• Legitimate interests in relation to the carrying out of business of EVER, by concerning the fundamental rights of the data subject;
• Support the stability and security of EVER;
• Assessment and management of your requests;
• Communicating and/or offering campaigns or activities concerning research that are conducted by EVER and/or business partners of EVERPrevention and investigation of forgery;
• Inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies;
• Compliance with applicable laws; and
• Other purposes specified at the point of collection with your prior consent
4.5 Use of De-identified Data
“De-identified” in this Privacy Policy refers to information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular person.
EVER may deidentify or anonymize your personal data and/or may use the de-identified or anonymized data, as permitted by law, whether in the form of statistics or any other aggregated forms to develop research projects or allow EVER’s affiliated companies or business partners, in or outside Thailand, to access such information for further use or project developments.
You hereby acknowledge that once the information has been de-identified or anonymized, it is not covered by this Privacy Notice nor is subjected to your consent. EVER may use and share it for any lawful purpose without further notice or compensation to you.
5. Personal data of minors, quasi-incompetent person and incompetent person (“Incapacitated Person”)
We will process the personal data of Incapacitated Person only where it is permitted by data protection law. For clarity, our Service is not intended for Incapacitated Person. We do not seek to obtain, nor do we want to obtain personal information directly from Incapacitated Person, but we will arrange to obtain the consent from parent, curator or guardian who is the legal representative of such Incapacitated Person (as the case may be). This does not apply in a case of obtaining consent for processing of personal data of Minor over 10 years old which is strictly personal, suitable to his condition in life and actually required for reasonable needs which such minor can provide consent to us directly.
In addition, we cannot, however, always determine that the people accessing our Service is not an Incapacitated Person. As such, should any Incapacitated Person access to our Service and provide to us any personal data without obtaining consent from parent, curator or guardian who is his/her legal representative (as the case may be), we request that the parent, curator or guardian of such Incapacitated Person contact us via channels provided in this Privacy Policy, to provide consent to us or to help us remove his/her personal data from our Service.
6. Disclosure
We will not disclose your personal data without any legal basis. In the case we required to transfer your personal data to other third parties, we will proceed according to an appropriate procedure in order to ensure that other third parties will protect and prevent your personal data from any lost, unauthorized access, usage, modification or disclosure. Your data may be disclosed to other third parties including:
• Our group company or affiliate relating to us;Medical service provider and/or other service provider;
• Other third-party service providers such as payment processing service provider, logistic provider, cloud service provider or data analysis service provider;
• Governmental and regulatory bodies;
• Business partnersAuditors, legal advisors, and other advisors; and
• Other data controller to whom you have previously disclosed or transferred data e.g., hospital, clinic, hotel, transportation company.
7. Cross-Border Transfer
We will disclose your personal data to the recipient outside of Thailand only where it is permitted by data protection law and/or other applicable laws. In this regard, we may follow the rule for the transfer of data to outside Thailand by entering the standard agreement or use other available tools under the applicable laws and may use the data transfer agreement or other permitted tools for the transfer of personal data to other country.
8. Data Security Measure
We adopt the high-standard security system in both technology and procedures to prevent any unauthorize or unlawful access, use, change, amendment or disclosure of personal data, and possible data theft. We make substantial investments, effort and human resources as to ensure that we maintain high-standard measures and your personal data remains safe. We implement various measures to protect its computer system such as, Firewall and Secure Socket Layer. In addition, EVER also adopt internal guideline to set personal data access control in order to maintain confidentiality and security of data. We will revisit such internal policies periodically according to the laws.
We will delete and destroy your data immediately when it is no longer necessary for the purpose of data processing, or when the retention period expires. In this regard, we may delete or destroy your personal data using appropriate and safe method without prior notice.
Although we make its best efforts to protect personal data with our technical mechanism along with the management by our personnel to control access and keep personal data against unauthorized access, we cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft. Also, monitoring own account on a regular basis (such as monitoring balance, transaction date) and keeping personal data and financial status confidential are strongly recommended.
9. Right of Data Subject
In accordance with the data protection law, you, as a data subject has the following rights (which may be amended pursuant to any regulations of the data protection law) which are exercisable in compliance with applicable laws:
• To access personal data;
• To rectify personal data;
• To erasure or destroying of personal data;
• To restrict the use of personal data;
• To object the collection, use and disclosure of personal data;
• To data portability; and
• To withdraw the consent.
In case that we cannot comply with your request to exercise the right of data subject, or that we fail to comply with the data protection law, you may make a complaint to the regulator, including the Personal Data Protection Committee, Ministry of Digital Economy and Society.
In case where you have given the consent for the processing of personal data to EVER (where the consent is not required by other applicable laws), you shall have the right to withdraw the consent at any time. Should a withdrawal of any consent affect any transactions or provision of services, you will be informed at the time of withdrawal request.
In responding to your request under this clause, we may be able to consider only for your personal data we processed as a data controller. For the exercising of your right for the personal data we processed as a data processor of your chosen Medical Service Provider, we will inform such Medical Service Provider to consider and proceed according to your request as your data controller. While EVER may undertake efforts to see that any third party to which the personal data is disclosed is under an obligation to use that personal data solely for the purposes for which the information was disclosed, such third parties are independent third parties over which EVER exercises no control. EVER is not responsible for, and will not be liable for, the conduct, actions, omissions, or information handling or dissemination practices of third parties.
Please note that if EVER shares your personal data with a third person such as a business partner who engages in the business of clinical trial, such party may continue to have access to your personal data even if you choose to no longer receive additional information from us
10. Contact Person
If. you have any queries, suggestions, or concerns regarding this Privacy Policy or if you have any queries or questions regarding our use of personal data, you may contact us at:
SEND TO: Data Protection Officer
Ever Medical Technologies Co., Ltd.
Address: 394 Bangkok Bank Building, 5th floor, Rama I Road.,
Pathum Wan Sub-district, Pathum Wan District,
Bangkok, 10330
E-mail: dpo@everapp.io
Phone number: 081-234-3834
Note:
• When making any complaint or claim, please provide your contact details as to enable EVER to revert as soon as possible.
• We do not charge any administrative fee relating to your personal data. However, a fee in processing certain requests (other than the request for rectification) under the data protection law may apply.
11. Amendment to Privacy Policy
In case there is a material change on the practice relating to personal data protection, EVER will amend and revise this Privacy Policy and disclose on our website to ensure that you have acknowledged the method that EVER collect, use, handle, disclose, and protect the data.
This Privacy Policy is effective from 29 May 2022