Privacy Policy | Privacy Policy

Spread the love

Privacy Policy | Privacy Policy

Last updated: June 2026 | Last updated: June 2026

1. Introduction | Introduction

Villa Clinic (“we,” “our,” or “us”) is committed to protecting your personal data in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Villa Clinic (“we,” “our,” or “us”) is committed to protecting your personal information in accordance with the Personal Data Protection Act 2019 (PDPA). This policy explains how we collect, use, disclose, and secure your information when you visit our website or use our services.

2. Personal Data We Collect | Personal data we collect

We collect the following categories of personal data / We collect the following categories of personal data:

Identity Information | Identity Information: Full name, date of birth, gender (full name, date of birth, gender)
Contact Information | Contact Information: Email address, phone number, LINE ID (email address, phone number, LINE ID)
Medical & Health Information | Health Information: Medical history, current medications, allergies, treatment records, consultation notes — collected only for providing aesthetic medical services
Technical Data | Technical Data: IP address, browser type, device identifiers, cookies, pages visited (IP address, browser type, cookies)
Social Login Data | Data from social logins: Public profile information from Facebook or Google if you choose social login
Appointment Data | Appointment data:Appointment dates, services booked, visit history (appointment dates, services booked, service history)

3. How We Use Your Data | How we use your information

To schedule, confirm, and manage appointments (Schedule, confirm, and manage appointments)
To provide aesthetic medical treatments and maintain accurate treatment records (provide aesthetic medical treatments and maintain accurate treatment records)
To send appointment reminders and follow-up communications via LINE, SMS, or email (Send appointment reminders and follow-up communications via LINE, SMS, or email)
To process payments and issue receipts (Process payments and issue receipts)
To improve our website and services through analytics (improve our website and services through analytics)
To comply with legal obligations under Thai law (Comply with legal obligations under Thai law)

Legal basis / Legal basis: Consent (marketing communications) | Contractual necessity (appointments & treatment) | Legal obligation (medical record keeping) | Legitimate interest (analytics & security)

4. Third-Party Services | Third-Party Services

Google Analytics: Used to understand website visitor behaviour. Data is anonymised. You may opt out via Google’s opt-out tool. See Google Privacy Policy.
Facebook Login: If you use Facebook Login, your public profile (name, email, photo) is shared per your Facebook privacy settings. See Facebook Data Policy.
Google Login: If you use Google Login, basic Google profile data is shared. See Google Privacy Policy.
Payment Gateways: Payment data is handled by certified payment processors. We do not store full card numbers on our servers.
LINE Official Account: If you contact us via LINE, LINE Corporation’s privacy policy governs their platform data.

We do not sell your personal data to third parties. / We do not sell your personal information to third parties.

5. Data Retention | Data retention period

Medical records | Medical records: 5 years from last treatment, or as required by Thai medical law
Contact & appointment data | Contact & appointment data: 3 years from last appointment or contact
Website analytics | Website analytics: Up to 26 months (Google Analytics default)
Financial records | Financial records: 7 years as required by Thai accounting law

After the retention period, data will be securely deleted or anonymised. / After the retention period, data will be securely deleted or anonymised. The data will be securely deleted or made anonymous.

6. Your Rights Under PDPA | Your rights under PDPA

Under Thailand’s PDPA, you have the right to:

Access: Request a copy of your personal data
Rectification (correction): Request correction of inaccurate or incomplete data
Erasure (erasing data): Request deletion of your data, subject to legal retention requirements
Restriction (restriction of processing): Request restriction of processing in certain circumstances
Data Portability (data transfer): Request data in a structured, machine-readable format
Object (objection): Object to processing based on legitimate interest or direct marketing
Withdraw Consent: Withdraw consent at any time where processing is consent-based

To exercise your rights, email: info@villaclinic.com — We will respond within 30 days.

To exercise your rights, contact: info@villaclinic.com — We will respond within 30 days.

7. Data Security | Data security

We implement SSL/TLS encryption, access controls, and regular security assessments to protect your personal data. However, no internet transmission is 100% secure.

We use SSL/TLS encryption, access control. and regular security assessments to protect your personal information.

8. Governing Law | Governing law

This Privacy Policy is governed by Thailand’s Personal Data Protection Act B.E. 2562 (PDPA). Any disputes shall be subject to the jurisdiction of Thai courts.

This policy is governed by Personal Data Protection Act 2019 (PDPA) Disputes are subject to Thai jurisdiction.

9. Changes to This Policy | Policy changes

We may update this Privacy Policy periodically. Significant changes will be notified by posting the updated policy on this page with a revised date. Continued use of our services constitutes acceptance of changes.

We may update this policy from time to time. Important changes will be communicated by posting the updated policy on this page.

10. Contact Us | Contact us

Villa Clinic Bangkok
Email: info@villaclinic.com
Website: www.villaclinic.com

Sign up for Newsletter