Privacy Policy & Terms of Service

HE Clinic Co., Ltd. (“we,” “our,” “us”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and disclose your data, your rights under Thailand’s Personal Data Protection Act B.E. 2562 (PDPA), and our Terms of Service.

By continuing to use our website, products, or services, you acknowledge this Privacy Policy and agree to our Terms of Service.

IMPLIED CONSENT

Your continued use of this website and our services implies your acknowledgement of this Privacy Policy and consent to the Terms of Service. If you do not agree, please discontinue use immediately.

1. Types of Data We Collect

We collect the minimum necessary data to provide and improve our services. This may include:

Identity data: Full name, date of birth, gender, national ID/passport number.

Contact data: Address, email, phone number.

Medical data: Health history, medical records, prescriptions, treatment notes.

Payment data: Billing address, payment method details (processed via secure payment providers).

Technical data: IP address, browser type, cookies, and device identifiers.

Voluntarily Provided Data: Information you provide via forms, surveys, sign-ups, emails, or other correspondence.

We may also collect information via cookies and tracking technologies (see “Cookies & Tracking” below).

2. Purpose of Collection and Use

We will only collect and use your personal data for the following purposes:

1. Providing medical consultations and treatments (including telemedicine).
2. Managing patient records and treatment history.
3. Prescribing and dispensing medication (including medical cannabis where applicable).
4. Scheduling appointments and follow-ups.
5. Complying with legal obligations, including Ministry of Public Health reporting.
6. Processing payments and accounting.
7. Ensuring IT security and service quality.
8. Marketing and patient communications (only with your explicit consent).

3. Legal Basis for Processing

We process your personal data under these legal bases:

• Consent (for sensitive data such as medical records)
• Performance of a contract (to provide you with medical services)
• Legal obligations (compliance with healthcare laws and MoPH reporting)
• Legitimate interests (improving our services, fraud prevention)

4. Data Retention

We retain medical and personal data for 5-10 years after your last interaction with us, unless a longer retention period is required by law. After that, data will be securely deleted or anonymized. Newsletter email addresses are retained for no longer than one year unless you re-subscribe.

5. Third-Party Applications & Data Sharing

We may use third-party services such as email list tools, analytics platforms, cloud storage, and A/B testing software to operate our services. These providers are contractually bound to maintain strict confidentiality and comply with PDPA.

We may share your personal data with:

• Licensed medical practitioners involved in your care.
• Accredited laboratories, pharmacies, and partner clinics.
• The Ministry of Public Health and other government agencies as required by law.
• IT service providers and cloud storage vendors (with strict security agreements).

We do not sell personal data for monetary gain.

6.Cross-Border Data Transfers

If your data is stored or processed outside Thailand (e.g., by cloud service providers), we will ensure appropriate safeguards are in place to comply with PDPA requirements.

7. Data Security

We use administrative, technical, and physical safeguards to protect your data, including:

• Encrypted storage and transmission.
• Access control (only authorized personnel can view patient data).
• Regular security audits and backups.
• Staff training in PDPA compliance.

8. Your Rights

You have the right to:

• Access and request a copy of your personal data.
• Request correction of inaccurate data.
• Request deletion of your data.
• Withdraw your consent at any time.
• Object to certain types of data processing.
• Lodge a complaint with the PDPC.

To exercise these rights, contact our DPO using the details below.

9. Cookies and Tracking

We and certain third-party services use cookies to help our site function correctly, measure usage, and customize your experience. Cookies do not collect personally identifiable information unless you provide it voluntarily.

You can disable cookies in your browser settings, but doing so may affect site functionality.

10. Breach Notification

If your data is compromised, we will notify you and the Personal Data Protection Committee (PDPC) within 72 hours, as required by law.

11. Disclaimers

Our website provides general health and wellness information but is not a substitute for professional medical advice, diagnosis, or treatment. No doctor–patient relationship is created by using this site.

HE Clinic Co., Ltd. is not responsible for any injury, loss, or damage—physical, mental, or otherwise—arising from reliance on the information provided here or on linked third-party content.

12. Content Responsibility & Copyright

All text, images, and videos on this site are owned by HE Clinic Co., Ltd., unless otherwise stated. Use of any content requires written permission. For educational use, attribution to HE Clinic Co., Ltd. is required, along with a link to our website.

We are not responsible for user-generated content, incoming links, or external sites linking to or sharing our material.

13. Updates to This Policy

We may update this policy from time to time. Any changes will be posted on our website with a revised “Last Updated” date.

Data Controller & Contact Information

Data Controller: He Clinic Co., Ltd.

Data Protection Officer (DPO): Keerati G.

Address: Fifty-Fifth Thonglor, 2nd Fl. 90 Thong Lo Rd. Sukhumvit 55, Bangkok, Thailand 10110

Email: info@heclinics.com

Phone: +66 (0) 2 381 5155

Effective Date: 13th August 2025

Last Updated: 13th August 2025