1. INTRODUCTION
Galderma (Thailand) Ltd. (the “Company”) is a leading importer and distributor of a variety of products relating to skin care, dermatology diseases as well as aesthetics. In conducting a business, the Company may require the collection, use or disclosure of your personal information, as the Company’s healthcare professional, customer, patient or consumer using the products imported or distributed by the Company or other individuals whom the Company has a need to contact with.
The Company fully respects your personal information, which is protected under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”). As a data controller, the Company is committed to handling your personal data with transparency, in accordance and in compliance with the PDPA, as well as taking any steps to ensure that the Company’s employees and staff members will manage your personal information in the same way.
This “Privacy Policy” has been prepared to ensure the Company’s compliance as required by the PDPA in relation to the collection, use and disclosure of your personal information.
2. WHAT PERSONAL INFORMATION DOES THE COMPANY COLLECT FROM YOU ?
2.1 What is “Personal Information/Data” ?
Any information relating to a natural person, which enables the identification of such natural person, whether directly or indirectly. However, personal information shall not include information of a deceased person.
2.2 Your personal information that the Company collects, uses and discloses
Categories of personal information which the Company collects from you vary, depending on the context of business relationship between you and the Company. Here below are examples of categories of personal information the Company collects from you:
2.3 What “Sensitive Personal Information/Data” does the Company collect ?
Regarding “Sensitive Personal Information/Data”, it is a special category of personal information which is more sensitive in nature and requires a higher level of protection under the PDPA. Since the Company’s business is relating to medicines and other health products, the Company may therefore need to collect your “Sensitive Personal Information/Data”, which is mostly information about your health. In addition, the Company may collect information of your religion or blood type since they are information shown in your ID card.
3. HOW DOES THE COMPANY COLLECT YOUR PERSONAL INFORMATION ?
Most of your personal information which the Company collects is provided by you directly. For instance, when you interact with the Company, whether verbally or electronically; when you request for the Company’s services; when you proceed with any transactions with the Company or when you complete forms or other documents and provide them to the Company. You always have absolute right and choice over your personal information; therefore, you can decline when the Company asks for your personal information. However, such refusal may result in certain negative effects on you, which will be further explained by the Company in Item 8 of this Privacy Policy.
Occasionally, the Company collects your personal information from other sources, namely, when your information is contained in public databases, such as information about your professional license/certificate which could be verified from the government’s website.
Mostly, the Company collects, uses or discloses your personal information for the purposes of its business operations and/or provision of services or sale of products to you. Please note that you can choose not to give your personal information to the Company. However, the said refusal may obstruct the Company from performing its duties or providing smooth services to you, or from offering services or information appropriately to you. The Company will handle your personal information consistent with the consent that you gave to the Company. However, the Company is also able to rely on grounds described under the PDPA, to collect, use or disclose your personal data without having to obtain your consent. Said grounds include but are not limited to the following:
4. WHY DOES THE COMPANY COLLECT YOUR PERSONAL INFORMATION?
The reasons why the Company collects, uses and/or discloses your personal information depend on business relationship between you and the Company. The Company set out below examples of reasons why the Company collects your personal information:
If you are “Healthcare Professionals” – the Company collects your personal information for following reasons:
If you are “Customers” “Patients” or “Consumer” – the Company collects your personal information for the following reasons :
If you are “the Company’s Website Visitor” or “the Company’s Website User” – the Company collects your personal information for the following reasons
If you are “Other Individuals”, besides those discussed above – the Company collects your personal information for the following reasons:
For “Sensitive Personal Information”, such information will be collected, used or disclosed in accordance with your explicit consent. The Company, however, is able to rely on the grounds described under the PDPA to collect, use or disclose your sensitive personal information without obtaining your consent. Should this be the case, the Company will do so in a limited manner and only to the extent allowed by applicable laws. The purposes for which the Company collects, uses and discloses your sensitive personal information are as follows:
5. WHOM DOES THE COMPANY SHARE YOUR PERSONAL INFORMATION WITH ?
The Company shares your personal information internally within the Company’s organisation, which means the Company’s employees whose responsibilities are to handle or involved in managing or performing the tasks to fulfil the purposes for which your personal information is collected, used or disclosed. In addition, the Company may also need to share your personal information with its parent company and other affiliates.
The Company may need to disclose your personal information in an event where the Company sells or transfers its business or assets whether in whole or in part, including but not limited to a merger, acquisition, amalgamation or joint venture.
Furthermore, the Company also shares your personal information with certain third parties, including competent authorities, government agencies and the Company’s external auditors to the extent necessary and required by applicable laws, regulations, directions, court orders, by-laws, guidelines, circulars or announcements applicable to the Company. For example, the Company may have to share your personal information with the Food and Drug Administration and the Revenue Office as well as with any other persons or entities, such as consultants or service providers to the extent needed to enable them to render their services for the Company.
In addition to the above, the Company also shares your information as and when necessary in order to notify or report adverse reaction/event or undesirable event to the organisation who studies and monitors drug safety or to report its parent company located in a foreign country (Global Pharmacovigilance).
6. HOW LONG DOES THE COMPANY RETAIN YOUR PERSONAL INFORMATION ?
The Company will retain your personal information for the minimum period necessary for the purpose(s) of its collection, use and disclosure as specified in this Privacy Policy only. When determining the retention period of your personal information, the Company will take the following criteria into consideration:
After the retention period elapses, the Company will securely delete, destroy or anonymise your personal information in a manner permitted by law.
7. WHAT RIGHTS DO YOU HAVE OVER YOUR PERSONAL INFORMATION?
As a data subject, you have the rights over your personal information as described in the PDPA. However, you may not be entitled to exercise all the rights since your entitlements are subject to the nature or the purpose of the collection, use or disclosure of your personal information carried out by the Company, as will be further explained by the Company below. Hence, for your information, and so that you duly understand and recognise each of your rights, the Company summarise all rights prescribed under the PDPA, as follows:
Right to Withdrawal of Consent: You have the right to withdraw your consent to collect, use and/or disclose your personal information so long as there are no restrictions in so ding by law or the contract which gives benefit to you. To withdraw the consent, you are recommended to convey your intention to the Company in writing (the contact details are provided in Item 10 of this Privacy Policy) for the Company’s record and to ensure that the Company will be aware of such request for withdrawal of consent and take necessary steps in due course. However, the withdrawal of consent shall not affect the collection, use, or disclosure of personal information for which you have already given consent legally.
Right to Access: You have the right to request information about how your personal information is collected, used or disclosed, including the right to access to your own personal information and to obtain a copy of such personal information, as well as to request for disclosure of your personal information that you believe the Company obtained without your consent.
Right to Rectification: You have the right to require the Company to correct or complete your personal information that you believe it is inaccurate or incomplete.
Right to Erasure: You have the right to request the Company to have your personal information erased and to have confirmation of such erasure, or to make your personal information anonymous under certain conditions and on certain grounds in accordance with the PDPA, as follows:
Right to Restriction: You have the right to request the Company to restrict the use of your personal information in the following circumstances:
Right to Data Portability: You have the right to request that the Company sends or transfers your personal information which the Company collected and arranged to be in a format readable or commonly used by ways of automatic tools or equipment, and which can be used or disclosed by automated means to another organisation or directly to you in accordance with the conditions and grounds specified under the PDPA. Your right in this regard will only apply to the personal information which you have consented to be collected, used or disclosed, or which the Company collects, uses or discloses by relying on the necessity for performance of a contract.
Right to Object: You have the right to object to the collection, use or disclosure of your personal information in accordance with the conditions and grounds specified under the PDPA, for example, in the following scenarios:
Right to Lodge a Complaint: You have the right to lodge a complaint to relevant committee(s) under the PDPA if the Company or its employees fail to comply with the PDPA or the announcements issued under the PDPA.
8. WHAT IF YOU DO NOT PROVIDE PERSONAL INFORMATION?
If you refuse to provide the requisite personal information necessary for the Company to enter into an agreement with you or to provide services to you, this refusal will obstruct the Company in managing the relationship between the Company and you, and in providing its services to you. By not providing the Company with certain information, you may experience inconvenience or may be limited in receiving a better service or useful information from the Company. Furthermore, if you do not provide certain personal information to the Company, the Company will be unable to comply with its contractual obligations, for instance, the Company may not be able to provide any recommendations with regard to the Company’s products or services, or the Company may be unable to deliver the products that you purchase or win a prize from the Company to you. In case you are supplier or vendor of goods and products to the Company, your non-cooperation may result in the Company being unable to make a payment to you.
9. COOKIE POLICY
9.1 What are cookies ?
Cookies are small text files that are stored on your computer or other internet-connectable devices such as smartphone or tablet. Cookies do no harms to said devices’ functions, and have nothing to do with computer viruses or other harmful programs. When you visit the Company’s website, cookies allow the website to remember you and your behavior using the website each time. This means you get a better online experience each time you visit the website.
The Company’s use of cookies on the Company’s website will be in line with your consent to the option you have chosen. You may see what cookies are used by clicking the menu Privacy Policy or Cookie Policy.
9.2 Why does the Company use Cookies and how long are their lifespan ?
The Company’s website uses cookies to understand your patterns and behaviors using the website, and to allow the Company to improve and tailor experiences to match your preferences and give you a better online experience each time you visit the Company’s website. In this regard, the Company’s website uses types of cookies as detailed below:
Types of Cookies Used by the Company
1. Site functionality cookies
These cookies allow you to navigate the site and use website features, such as registration, logging in and product favourites. If you disable these cookies, certain parts of the website will not function for you; for example, adding items to your basket or proceeding to checkout.
Lifespan: As long as necessary
2. Site analytics cookies
These cookies allow the Company to measure and analyse how you use the Company’s websites, applications and mobile platforms, to improve both its functionality and your experience.
Lifespan: 180 days
3. Customer preference cookies
When you are browsing on the Company’s sites, these cookies will remember your preferences (such as your language or location), and other information you choose to provide to us, so the Company can help tailor your experience and make it more relevant and personal to you.
Lifespan: 180 days
4. Advertising or targeting cookies
These cookies are used to deliver advertisement which are relevant to you. They also limit the number of times that you see such advertisement and help the Company measures the effectiveness of the Company’s marketing campaigns. The Company may also use the information obtained via these cookies to serve you with advertising that may be of interest to you based on your past online behaviour.
Lifespan: 180 days
5. Social media cookies
These cookies are used when you share information using a social media sharing button on the Company’s website. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
Lifespan: 180 days
9.3 Deleting/Deactivating Cookies
You can manage the setting of Cookies’ use as well as change your consent previously allowing the Company to use cookies, by following the instruction in the website https://www.about cookies.org/how-to-control-cookies/ or https://www.aboutcookies.org/how-to-delete-cookies/ or adjust at the menu on The Company’s website (if available).
If you choose not to receive cookies, you understand and agree to the possibility of having your online experience not as fulfilling as it would otherwise be. In some cases, you may be unable to browse or access the Company’s website at all.
10. CONTACT
If you have any inquiries or concerns regarding this Privacy Notice or the collection, use or disclosure of your personal information, or if you would like to exercise any of your rights under the PDPA as explained above, please contact the Company at:
Data Protection Officer (DPO) of Galderma (Thailand) Ltd.
Email: privacy.thailand@galderma.com
Telephone: 02-023-1800
issued on 8 October B.E. 2564 (2021)
on behalf of Galderma (Thailand) Ltd.