BSL Clinic Co., Ltd. (the “Company”) respects and values the privacy rights concerning the personal data of its business partners, prospective business partners, who may be natural persons or representatives of juristic persons, such as directors, authorized signatories, proxies, sub-proxies, operators, agents, employees, and staff of juristic persons that have entered into or are expected to enter into transactions with the Company (“you”).
The Company is responsible for maintaining the security of your personal data under its supervision and is committed to managing such data in a secure and reliable manner. For this reason, the Company has prepared this Privacy Notice for Business Partners (the “Notice”) to explain how the Company handles personal data and sensitive personal data, and to provide details regarding the collection, use, disclosure, and purposes of processing personal data, as well as to inform you of your rights, as follows:
| “Prospective Business Partner” | means any person who may become a business partner of the Company, whether such person has expressed an intention to enter into a contract and/or to register as a business partner of the Company, shown interest in engaging in business with the Company, cooperated with the Company, or any other person who has requested a quotation or to whom the Company has provided a quotation. |
| “Business Partner” | means any person who submits a quotation to sell products and/or provide services to the Company, business alliances, business collaborators (whether selling products directly to the Company or jointly developing products with the Company for sale), service providers, service recipients, employers, contractors, consultants, specialists, academics, lecturers, or contractual parties of the Company. |
| “Related Person” | means a natural person who is related to or represents a Prospective Business Partner or a Business Partner, such as directors, employees, agents, proxies, principals, witnesses, or persons acting on behalf of a juristic person. It also includes individuals whose personal data appears in documents related to the contractual process, such as shippers or consignees. |
| “Personal Data” | means any information relating to an individual that enables the identification of such individual, whether directly or indirectly, but does not include information of deceased persons specifically. |
| “Sensitive Personal Data” | means personal data concerning race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other information that may similarly affect the data subject, as prescribed by the Personal Data Protection Committee. |
The Company collects your data by directly requesting information from you, which may be in the form of documents or electronic data, by asking you to fill in information on documents prepared by the Company, or to fill in information on an online platform designated by the Company, and/or by any other methods. The Company needs to process certain data of yours, which may be data that the Company receives from sources other than directly from you. The personal data collected from you may vary depending on the case and the nature of the activities for which the Company is required to process your data.
General personal data: personal details such as title, name, surname, identification card number, nationality, signature, residential address, telephone number, fax number, email, information on business cards such as occupation, job position, workplace, interaction and communication data in the case where you contact the Company, including the data you choose to share and disclose through the Company’s systems, applications, tools, questionnaires, and services, in any form or by any method, which may be images or voice, not limited to telephone, email, chat messages, and social media communications.
Data identifying the status as a business representative, guarantor, collateral provider, status as an executive, director, authorized signatory, shareholder, proxy, sub-proxy, operator, agent, employee, and staff of juristic persons who have entered into or will enter into transactions with the Company. Data used as supporting evidence for registration as a business partner with the Company or for conducting transactions, such as personal data appearing in a copy of the identification card, copy of the name change certificate, copy of the house registration, copy of the power of attorney, copy of the company certificate, invoice, receipt, payment voucher, including any other documents used for identification and verification. Other personal data that you have provided to the Company, such as other personal data of Related Persons, for which you certify to the Company that you have obtained the consent of the Related Persons to disclose their data to the Company, including their consent for the Company to process their personal data for the purposes specified in this Notice.
The Company has no intention to collect, gather, use, or disclose your sensitive personal data. However, if such data appears on the identification card, house registration, or any other documents that you voluntarily disclose to the Company, such as race or religious data, and you deliver any data containing such information to the Company, whether in the form of documents or other media, the Company recommends that you conceal such sensitive personal data yourself by crossing out the sensitive personal data. Nevertheless, if you do not conceal the data by yourself, the Company shall deem that you have explicitly granted permission for the Company to conceal such data on your behalf, and the data you deliver, which the Company has concealed on your behalf, shall be considered as complete documents, fully enforceable under the law, and the Company shall be able to process them under the Personal Data Protection Act B.E. 2562 (2019). In the event that the Company is unable to conceal sensitive data on your behalf due to technical issues or other problems, the Company shall store such sensitive data only as part of your identification documents.
In the case that the Company receives your personal data from third parties, clients of the Company, and/or any other persons who are controllers or processors of the data, which the Company in good faith believes that such persons are entitled to process and disclose personal data to the Company, this includes but is not limited to receiving data through the following channels:
| No. | Purpose | Legal Basis |
|---|---|---|
| 1 | To carry out your requests or intentions prior to or at the time of entering into a contract, including contacting you before you enter into a contract with the Company, and to take any actions for the Company’s business continuity, such as suitability assessments, qualifications, claims, quotations, and bidding. | Performance of a contract / Legitimate interest |
| 2 | To manage and administer the contracts that the Company has entered into or will enter into with you, including inspection and acceptance of goods or services, relationship management, inspection and evaluation of performance in accordance with the terms specified in purchase orders, contracts, or other documents related to the procurement process. | Performance of a contract / Legitimate interest |
| 3 | To carry out processing in relation to requests, approvals, contract execution, use of electronic transaction services, verification and authentication in the process of vendor registration, including contract relationship management between you and the Company, and all matters related to contract signing and performance. | Performance of a contract / Legitimate interest |
| 4 | For procurement, vendor selection, registration of new vendors, verification of vendor information and qualifications, or of related persons in similar capacities, as well as carrying out various requests of vendors or other persons in similar capacities within the Company’s system, such as modification or amendment of vendor information. | Performance of a contract / Legitimate interest |
| 5 | For the retention, updating, and maintenance of names, directories, and records of any business transactions between the Company and business partners, as well as for storing contracts and related documents in the Company’s records. | Legitimate interest |
| 6 | For billing or collecting debts owed to the Company, conducting transactions, making and/or receiving payments, handling claims and disputes, including dispute resolution, establishing legal claims, complying with or exercising legal claims, or raising defenses against the Company’s claims at various legal stages, as well as conducting legal proceedings and enforcement actions under the law. | Performance of a contract / Legitimate interest |
| 7 | For the management of the Company’s structure, data storage for report preparation, internal control, business operations, and compliance with the Company’s policies and procedures, which includes risk management, security, auditing, finance and accounting, systems, and operations for the Company’s business continuity. | Legitimate interest |
| 8 | For use in transfers, mergers, business reorganizations, or similar events, whereby the Company may disclose or transfer your personal data to one or more third parties involved in such transactions. | Legitimate interest |
| 9 | To carry out the completion of transactions, debt establishment, payments, account settlements, accounting entries, and verification of account numbers and credit or debit card numbers, as well as transactions related to payments, refunds, issuance of receipts, invoices, debt repayments, collections, and any other actions related to your account as a business partner of the Company. | Performance of a contract / Legitimate interest |
| 10 | For the Company’s business administration in monitoring, preventing, identifying, and investigating fraud, money laundering, terrorism, misconduct, or other criminal activities, including but not limited to conducting credibility checks on any persons related to the Company’s business partners. | Legitimate interest |
| 11 | To serve as a database for analysis, preparation of activities, performance under contracts, and to carry out matters relating to contract management or entering into additional contracts in the future. | Performance of a contract / Legitimate interest |
| 12 | To serve as a database of the Company’s stakeholders and/or to use the data for relationship management or for various communications related to the Company and you. | Legitimate interest |
| 13 | To comply with applicable laws, regulations, and rules, both domestic and international, and to comply with orders of legally authorized persons, such as court orders, orders of government agencies, regulators of the Company, or competent officers, including actions related to legal processes or litigation. | Compliance with the Law |
| 14 | For use in issuing tax invoices in accordance with the Revenue Code and other applicable laws or announcements, such as Section 86/4 of the Revenue Code and the Director-General of the Revenue Department’s Notification on Value Added Tax (No. 199), etc. | Contractual Performance/Compliance with the Law |
The Company may store your data on computer servers or cloud services provided by third parties and may use third-party programs or applications in the form of software-as-a-service or platform-as-a-service for processing your personal data. However, the Company will not allow unrelated persons to access personal data and will require such third parties to have appropriate security protection measures in place.
In the event that the Company transfers or sends your personal data abroad, the Company will take steps to ensure that the destination country, international organization, or foreign data recipient has an adequate standard of personal data protection or to ensure that the transfer or transmission of your personal data abroad complies with the criteria prescribed under the Personal Data Protection law. In some cases, the Company may seek your consent for the transfer or transmission of your personal data to such foreign countries.
In cases where you provide information to the Company as a contracting party, business partner, prospective business partner, or a related person thereof, the Company will retain your data as long as necessary to provide services to you for the duration of the contract, and will retain it for an additional five (5) years from the year the contract or relationship with you ends.
In cases where rights requests are made as specified in this Notice, the Company will retain evidence of the exercise of such rights under the Personal Data Protection law for five (5) years from the month in which the Company completes consideration of your request.
In other cases, the Company will retain your personal data as long as reasonably necessary to fulfill the Company’s obligations and achieve the purposes specified in this Notice. Where the retention period cannot be clearly determined, the Company will retain the data for a period that may be reasonably expected under standard practices (e.g., the maximum statute of limitations under general law, which is ten years). In the event of legal proceedings, your personal data may be retained until the completion of such proceedings, including any period necessary to achieve the intended purposes. Thereafter, your data will be deleted or retained only as permitted by law.
The Company respects your privacy rights and allows you to choose the methods of control or the means by which the Company contacts you. The Company will comply with your requests in order to promote transparency, and ensure the quality and accuracy of data. You have rights under the Personal Data Protection law, which you can exercise by submitting a written request to the Company through the channels specified by the Company, as follows:
However, please be informed that the withdrawal of consent does not affect the lawful processing of personal data that you have already consented to, unless such right is restricted by law, by nature cannot be withdrawn, or where there is a contract between you and the Company that provides benefits to you, or such withdrawal may result in the Company being unable to carry out certain or all purposes as specified in this document.
Such personal data must be data that you have consented to provide to the Company, or personal data that the Company needs to process to allow you to use the Company’s services as intended under your contract with the Company, or to carry out your requests prior to service use, or other personal data as prescribed by the competent legal authority.
If you object, the Company will continue processing your personal data only where it can demonstrate legal reasons that are more significant than your fundamental rights, or where it is for the establishment of legal claims, compliance with the law, or defense in legal proceedings, as the case may be.
The Company will use its best efforts to proceed within a reasonable period of time and not exceeding one (1) month or 30 business days from the date of receipt of the request. However, the Company has the right to refuse your request in cases where there are legal exceptions, or where the Company would be unable to perform its contractual obligations, or where it would affect the performance of contractual obligations, or where refusal is based on a court order, or if complying with your request would result in impacts that may cause damage to the rights and freedoms of other persons. In such cases, the Company will record the refusal of the request together with the reasons.
If it is clearly apparent that your request is unreasonable or excessive, the Company reserves the right to charge a fee for processing your request at the rate determined by the Company.
The Company has implemented appropriate personal data security measures to prevent loss, access, use, alteration, modification, or disclosure of personal data without authorization or in violation of the law, in accordance with the Company’s Information Security Policies and Practices and the Privacy Policy.
Bangkok Skin and Laser Clinic Co., Ltd. is the coordinator regarding the Company’s personal data protection. In case the data subject has any questions, wishes to exercise rights as specified in this Notice, or seeks further inquiries, contact can be made through the following channel:
Matters related to personal data: Contact the Data Protection Officer (DPO)
The Company reserves the right to amend, review, and update this Privacy Notice, which shall be effective as of the date of publication without prior notice to you, in order to ensure appropriateness and efficiency in providing services. Therefore, the Company recommends that you read this Privacy Notice each time you visit or use the Company’s services or website.
Announced on May 31, 2022
Call Center : +66993438666
BSL Clinic (Silom Branch)
30/8 Saladaeng Road, Silom, Bang Rak, Bangkok 10500, Thailand
BSL Clinic (Sukhumvit Branch)
Time Square Building Room 114 (Ground Floor). 246 Sukhumvit Road, Khlong Toei, Bangkok, Thailand 10110
Copyright © 2015 www.bslclinic.com All Rights Reserved.
