Privacy Policy
Innotech Laboratory Service Co., Ltd. (“Company”) values the protection of personal data. As a Data Controller under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), we are legally required to inform you of the reasons and methods by which we collect, use, or disclose your personal data, as well as your rights as a data subject.
- “Personal Data” means any information relating to an identifiable living individual, directly or indirectly.
- “Sensitive Personal Data” means personal data concerning racial or ethnic origin, political opinions, cult/religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data (e.g., facial images, iris templates, fingerprints), or other similar data as prescribed by the Personal Data Protection Committee.
- “Processing” means collection, use, or disclosure of personal data.
- “Data Controller” means a person or juristic person with the authority to make decisions regarding the collection, use, or disclosure of personal data.
- “Data Processor” means a person or juristic person who processes personal data on behalf of the Data Controller, and who is not the Data Controller.
The personal data we collect from you may include, for example:
We collect personal data from the following sources:
- You contact us to inquire about our services
- You are our client/patient or a contracting party
- You participate in our promotions or activities
We process your personal data within the scope of the PDPA and collect only what is necessary for the following purposes (together with lawful bases such as contract, legal obligation, legitimate interests, vital interests, public interest, or consent, as applicable), for example:
Apart from the above purposes, we will not use your personal data for other purposes unless permitted by the PDPA, for example:
- To prevent or suppress danger to life, body, or health
- To perform a task in the public interest
- To comply with the law
- To establish, exercise, or defend legal claims
- To comply with labor, social security, or healthcare obligations
- For public health or social protection, with appropriate safeguards for your fundamental rights and interests
5. Disclosure or Sharing of Personal Data
We do not disclose your personal data to third parties except where permitted by law and necessary for operations. We may disclose data in the following cases:
5.1) To government agencies, competent authorities, or any person as required or authorized by law, including to comply with court orders.
5.2) To persons or juristic persons where necessary to perform a contract or for your benefit as a data subject. Such parties are required to keep your data confidential and protect it in accordance with the PDPA. These may include:
- Medical professionals or organizations providing medical/health services
- Data processors necessary for our operations (e.g., laboratory subcontractors, data processing, telecommunications, IT systems, payment services, or technology outsourcing)
We require all external recipients to protect your data under PDPA standards and to use it only for the agreed purposes, to prevent unlawful disclosure or use beyond what has been agreed.
5.3) Cloud computing: We may store personal data in third-party cloud systems located in Thailand or overseas. We enter into contracts with such providers with due care and with appropriate security safeguards for personal data.
6. Retention Period
6.1) We retain your personal data for as long as necessary to fulfill the service purposes and for periods required by accounting, legal, and other applicable regulations.
6.2) In determining retention, we consider the volume and nature of the data, purposes of processing, sensitivity, risks of unauthorized use or disclosure, and statutory requirements.
6.3) Where necessary to comply with the law, court orders, or to establish/exercise/defend legal claims, we may retain data for the statutory limitation period or until the relevant dispute is finally resolved.
7. Security Measures
7.1) We apply security measures no less than those required by law, including appropriate systems to protect personal data—e.g., SSL, firewalls, passwords, encryption for data transmitted over the internet, and restricted physical access for paper records.
7.2) We restrict access to personal data to authorized employees, agents, partners, or external parties on a need-to-know basis; such parties must maintain confidentiality and protect the data.
7.3) We deploy technological measures to prevent unauthorized system access.
7.4) We maintain procedures and controls for the destruction of personal data that is no longer necessary.
7.5) For Sensitive Personal Data, we implement enhanced electronic security, access control, backup/continuity plans, emergency procedures, and regular risk assessments.
8. Your Rights as a Data Subject
Subject to the PDPA, you may request that we:
8.1) Withdraw consent for processing your personal data at any time (without affecting processing already carried out lawfully).
8.2) Access your personal data and obtain a copy, including disclosure of the source of data not obtained directly from you.
8.3) Rectify inaccurate or incomplete personal data.
8.4) Erase your personal data in certain circumstances.
8.5) Restrict the processing of your personal data in certain circumstances.
8.6) Data portability—receive your personal data in a structured, commonly used format and transmit it to another controller where applicable.
8.7) Object to certain processing activities.
Data Protection Officer (DPO)
Email: info@innotechlab.co.th
Innotech Laboratory Service Co., Ltd.
No. 697 Srinagarindra Rd., Phatthanakan,
Suan Luang, Bangkok 10250, Thailand
Tel: 0 2320 5132–5
9. Changes to this Policy
We may review and amend this Policy in the future to enhance personal data protection. We will notify you on our website whenever changes are made.
10. Contact
For any questions or to exercise your rights, please contact:
Email: info@innotechlab.co.th
Innotech Laboratory Service Co., Ltd.
No. 697 Srinagarindra Rd., Phatthanakan,
Suan Luang, Bangkok 10250, Thailand
Tel: 0 2320 5132–5