Privacy Notice for Patients
Dr. Phornrak Eye Clinic (“Clinic”) respects and prioritizes the protection of personal data, especially health information
of patients. This Notice explains how we collect, use, and disclose personal data, as well as your rights as a data subject,
in accordance with the Personal Data Protection Act B.E. 2562 (PDPA).
1) Scope and Types of Data Collected
General information: Full name, national ID/passport number, date of birth, gender, address, phone number, email.
Health information (sensitive data): Symptoms, diagnoses, laboratory and examination results, medical records,
treatment history, medical images/photos, medication and allergy information.
Appointment/Emergency contact: Appointment details, medical record number, emergency contact/guardian.
Payment/Financial documents: Receipts, tax invoices, proof of payment (Note: The Clinic does not store full
credit-card numbers. Where needed, payments are processed via secure payment service providers.)
Digital service data (only as necessary): Online appointment system usage and system access logs (e.g., IP/Log)
for system security purposes.
Minors: If a patient is under 20 years of age or has legal capacity limitations, consent from a parent or legal guardian
is required before processing.
2) Sources of Data
Data may be collected directly from patients during registration, treatment, and follow-up; from third parties as
necessary for medical care (e.g., referring physicians, laboratories, patient’s relatives); and from government
authorities as required by law.
3) Purposes of Processing
To diagnose, plan, and provide medical treatment, including follow-up care and post-treatment advice
For appointments, queue/reminder notifications, and communications related to treatment
To prepare medical and financial documents, e.g., medical certificates, receipts, tax invoices
To coordinate referrals to other healthcare facilities/physicians or laboratories
To comply with laws and regulations and public health reporting requirements
Marketing/communications (e.g., patient reviews or photos) will be conducted only with the patient’s explicit,
separate written consent (“specific consent”), which can be withdrawn at any time
4) Data Retention and Security
Data are stored in paper and electronic formats with appropriate measures for access control, authentication,
password/encryption, and system logging
Personnel with access must follow the Clinic’s privacy policies and receive privacy training
Retention period: Data are retained only as necessary for medical and/or legal purposes.
When no longer needed, the Clinic will delete or destroy data securely and appropriately.
5) Disclosures to Third Parties
The Clinic will not disclose personal data to third parties unless:
We have the data subject’s consent; or
It is necessary for treatment/referral/laboratory services; or
It is necessary for payment processing via secure payment providers; or
Required by law, court order, or competent authorities.
For cross-border transfers, the Clinic will comply with applicable data-protection standards required by law.
6) Data Subject Rights
Patients have the right to:
Access/obtain a copy of their personal data
Rectify data to be accurate, up-to-date, and complete
Erase/restrict processing when data are no longer necessary or have been unlawfully processed
Object/withdraw consent for processing based on consent (e.g., marketing/reviews) at any time
Data portability as provided by law
Lodge a complaint with the supervisory authority if PDPA has been infringed
The Clinic will respond to requests within a reasonable period, not exceeding 30 days, per established procedures.
7) Personal Data Breach Notification
If a breach occurs that poses a high risk to patients’ rights and freedoms, the Clinic will notify the Office of the
Personal Data Protection Committee within 72 hours of becoming aware of the breach and inform affected patients
without undue delay together with remedial guidance.
8) Contact & Data Protection Officer (DPO)
Dr. Phornrak Eye Clinic (E.Y.E Co., Ltd.)
Address: 293/48 Yuthitham Road, Nai Mueang Subdistrict, Mueang District, Chaiyaphum 36000, Thailand
Tel: +66 61 639 2241
Email: drphornrak@gmail.com
Data Protection Officer (DPO): Ms. Phloensiri Sripon — Tel: +66 61 639 2241
Effective since: 16 March 2023
Last updated: 11 October 2025