Privacy Policy

Your Privacy Matters to Us.

At LifestyleTech, we are committed to protecting your personal information and ensuring your privacy rights are respected in all our healthcare technology services.

Last Updated: 17 October 2025

Privacy Notice for Website and Application
of
Lifestyle Tech Solution Company Limited

Lifestyle Tech Solution Company Limited (hereinafter referred to as the “Company” or “we”, as we are a website and application platform provider who conducts services to facilitate website visitors and our users. This privacy notice (the “Notice”) will cover website “www.lifestyletechsolution.com” (hereinafter referred to as the “Website”), and the application named “Lifestyle Tech” (hereinafter We are deeply aware of the importance of protecting personal data and right to privacy of yours as you are the user of the Website and Application, (hereinafter referred to as “User” or “you”). We, as the data controller under the Personal Data Protection Act B.E. 2562 (A.D. 2019) (“PDPA”), therefore announce this Privacy Notice (the "Notice") to inform you of the protection of your personal data that is collected, used, disclosed and/or transferred (“process” or “processing”) to any other relevant persons by the company. We ensure that your personal data will be secured by a stringent security standard throughout the processing procedure. We will not process your personal data for purposes other than those specified in this Notice unless you consent thereto.

1. Definitions

"Personal Data" refers to any information that identifies or can be used to identify you, which is collected by the company as specified in this Notice.
“Sensitive Data” refers to Personal Data classified as sensitive data under the Personal PDPA that the company is permitted to collect, use, disclose and/or transfer with your explicit consent, e.g., the information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, a natural person’s sexual orientation or criminal record, or data concerning health, disabilities, trade union membership, genetic data, biometric data, and other data that affect the Data Subject in the same manner.

2. Personal Data Collected, Used and/or Disclosed by the Company

We will collect, use, and/or disclose your Personal Data which includes, but is not limited to, the following:

  1. 2.1 General Personal Data
    1. Personal information, e.g., first name, middle name, last name, title, date of birth, gender, nationality, photograph, country of residence, national identification card number, and passport number.
    2. Contact information, e.g., address, mobile phone number, home phone number, and email address.
    3. Financial information, e.g., bank account details and account number, credit or debit card information.
    4. Personal information for account login e.g., username, log-in through social media account (such as Line, Facebook, and WhatsApp), including personal data from the social media account that you choose to share with us (such as email, phone number).
    5. Automatically collected data about your use of service, e.g., access time, device ID, or other unique identifiers, IP address, MAC address, overall usage data, usage history, settings, language information, device name and model, location and time zone, network provider, operating system information, and session length.
  2. 2.2 Special Personal Data

    The Company may be required to collect, use, disclose, and/or transfer sensitive personal data, such as race, religion, or blood type, which may appear on a copy of your national identification card or other official documents you have provided. This is for the purposes of identity verification, legal compliance, or the provision of services under the Company’s business contracts. The Company shall process such data in accordance with the criteria prescribed by law, and will obtain your explicit consent or proceed only where permitted by applicable law. If you do not wish the Company to process such sensitive personal data, please redact or strike through the relevant information on the document copies before submitting them to the Company. In the event that you do not redact such sensitive personal data, the Company shall deem that you have given explicit consent for the processing of such data for the purposes stated in this notice. Where processing is not necessary, the Company will mask or obscure such data unless technically infeasible.
    Additionally, the Company may process data related to health services, which may include sensitive personal data such as health information, medical reports, photographs, or video recordings, for the purpose of providing services in accordance with lawful objectives.

3. Source of Your Personal Data

We will receive your Personal Data from the main channels as follows:

  1. 3.1 From the process of creating a user account through registration via the company's Website or Application;
  2. 3.2 From the Personal Data you voluntarily release to us to request our services, whether through filling out a service request form at the company, contacting via social media accounts, phone calls, or other forms filled out through the company's Website and Application such as appointment forms, inquiry forms, product purchase or service request forms, and news subscription forms;
  3. 3.3 From your registration and log-ins through third-party platforms such as Google, Facebook, Twitter and Apple. We may receive your additional Personal Data through these platforms as they are capable of verifying the authenticity of your identity and providing you with the option to disclose your certain Personal Data, e.g., your name, email address and social media accounts, to the company if you have authorized their platforms to share your Personal Data with us; and
  4. 3.4 From devices or other applications, such as "Apple Health App" to Bumrungrad Application that you can decide which health data will be disclosed to us for providing your health services.
We may receive your Personal Data from other sources, e.g., your family members, intimate persons, or any other third party assigned by you to register and complete your service request form. We may also receive your Personal Data from the companies, representatives, or alliances that refer or introduce you to receive our services.

4. Purposes and Legal Bases

We will process your Personal Data based on legal bases as provided below:

  1. 4.1 We rely on contractual obligations to process your Personal Data, for instance:
    1. consider registration requests to create user accounts on the Website and Application;
    2. verify your identity when registering to create an account on the Website and Application; To process appointments and manage patient records
    3. proceed with the registration of service with the company through online platforms and contact you for providing the services;
    4. assist you in buying products and services from the company through online platforms such as purchasing vouchers for health check-up programs and other medical treatment programs;
    5. collect payment for products and services, e.g., service packages, purchased products, etc. through the Website.
  2. 4.2 We rely on legal obligations to process your Personal Data, for instance:
    1. submit Personal Data to government agencies as required by law;
    2. comply with court orders or orders of competent authorities as required by law; and
    3. pay legal fees.
  3. 4.3 We rely on legitimate interest to process your Personal Data, for instance:
    1. facilitate your access to the Website and Application;
    2. allow you to access services through the company's online platforms reserved for members with user accounts;
    3. provide assistance, answer questions, respond to inquiries, and accept the request with regard to services;
    4. contact you due to your complaint or comments on the company’s services that you want to improve;
    5. track your use of services to improve the quality of the company’s services;
    6. develop and improve service quality, increase service efficiency, and facilitate the use of services through the company’s systems to the user and customers;
    7. disclose your Personal Data, where it is necessary, to investigate, prevent, or act in reprisal in the event of suspected illegality or fraud, or to safeguard the safety, rights, or property of the company or of another person; and
    8. disclose your Personal Data for the purpose of internal auditing.
  4. 4.4 For the necessity of establishing, exercising, or defending legal claims as permitted by law, for instance, service fee collection, invoice issuance, requesting to pay off the invoice, issuance of receipts, and verification of billing and payment records.
  5. 4.5 The Company may collect, use, disclose, and/or transfer your personal data based on your consent for the purpose of analyzing information related to the purchase of goods and/or services, including health-related information, in order to provide or deliver news, notifications, promotions, campaigns, or invitations to participate in various activities organized by the Company that may be beneficial and relevant to your interests, through the communication channels you have provided.

5. Disclosure of Your Personal Data

We will not disclose your personal data to any third party for independent use under any circumstances, except as stated in this Notice or when authorized by you.
However, the Company may disclose your personal data held by the Company to its affiliates, business partners, or external service providers, such as customer relationship management service providers, marketing, advertising and communication service providers, information technology system providers, cloud system providers, document storage providers, debt collection agencies, accounting and legal service providers, auditors, internal auditors, financial auditors, as well as your family members, relatives, close contacts, relevant authorities, or your employer, and any other actions necessary to achieve the purposes specified in this notice for the benefit of the Company’s services. The Company will ensure that such parties handle your personal data in accordance with this Privacy Notice and applicable laws.
The Company may be required to disclose your personal data in order to comply with applicable laws, court orders, or directives issued by governmental or regulatory authorities. This may include sharing personal data of service users with relevant authorities for the purpose of verifying user information and preventing fraud or misconduct, without obtaining your consent, or as otherwise required by law.

6. Cross-border Data Transfer

In certain circumstances, the Company may need to transfer your personal data to a foreign country. Such transfer will be carried out in compliance with the Personal Data Protection Law and under appropriate data protection measures as required by applicable law.
The Company will implement appropriate safeguards in accordance with legal requirements, which may include entering into Standard Contractual Clauses (SCCs) or relying on other lawful data transfer mechanisms, to ensure that your personal data is adequately protected in line with applicable data protection regulations.

7. Collection of Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons

In the event that we must process the Personal Data of minors, incompetent persons, or quasi-incompetent persons, we shall have their parents, legal representative, guardian, or curator, as the case may be, consented on behalf of them. If a minor or a quasi-incompetent person is legally permitted to give consent on their own behalf, we shall require combined consent from them and their legal representative.
If you become aware of the unauthorized collection of Personal Data from minors, incompetent persons, and quasi-incompetent persons without the consent being given in the manner according to the above, you can exercise the rights of the Data Subject as the legal representative under the PDPA.

8. Cookies

We may place cookies on your device and use them to automatically collect your Personal Data when you visit the Website.
Cookies are small pieces of data sent from a website that are stored on your computer. They help record the User’s browsing activities conducted on the company’s website, such as preferred languages, list of favorites, most common use, and other settings, to customize the Website to fit your preference and make internet browsing faster and easier.
You can customize your browser settings to block the use of cookies in order to prevent your browser from automatically accepting new cookies, but it may affect a quality of usage on the Website or difficulty in making any request or entering into any transaction with us on the Website

9. Retention Periods

  1. 9.1 9.1 The Company retains your personal data only as long as necessary to fulfill the purposes stated in this Notice. The retention period will be determined based on appropriateness and aligned with contractual terms, accounting standards, statutory prescription periods, and any legal obligations requiring the continued retention of your personal data for compliance, the establishment of legal claims, or the exercise of such legal claims.
  2. 9.2 9.2 The Company has implemented a system to review and ensure the deletion or destruction of personal data once the retention period has expired, or when the data is no longer relevant or necessary for the purposes for which it was collected.

10. Security Measures

  1. 10.1 10.1 The Company has established appropriate security measures to protect personal data, covering both physical and digital formats, including documents, electronic systems, computers, or other tools, in accordance with international standards. These measures are in place to give you confidence in the security of the Company’s personal data protection system and include safeguards against loss, unauthorized access, use, alteration, modification, or disclosure of personal data, whether accidental or unlawful.
  2. 10.2 10.2 The Company restricts access and uses security technologies to prevent unauthorized access or cyberattacks on its computer and electronic systems. When your personal data is disclosed to external parties for processing or to data processors, the Company will ensure such parties are appropriately supervised and act in compliance with the Company’s instructions.

11. User’s Rights as the Data Subject

  1. 11.1 Under the PDPA you, as the Data Subject, are entitled to
    1. Request access to, or copies of, your Personal Data collected, used and disclosed by the company.
    2. Request receive or transfer of your Personal Data, in a form collected by us and readable, usable, and disclosable in an electronic format, to another party (the company reserves the right to charge you a fee, the amount of which is at our discretion.)
    3. Object to the collection, use, and/or disclosure of Personal Data to the extent permitted by law.
    4. Have your Personal Data deleted, destroyed, or anonymized by any method permitted by law.
    5. Sequester your Personal Data from further use by any method unless the law provides otherwise.
    6. Withdraw your consent given us at any time, unless otherwise restricted by law or contracts. Your withdrawal will not extend to Personal Data to which you have granted consent for processing.
    7. File a complaint with the competent officer authorized under the PDPA in the event that you believe we have violated, or do not comply with, the PDPA.
  2. 11.2 We will endeavor to maintain the accuracy and completeness of your Personal Data. When there is a change or modification to your Personal Data or when you detect that your Personal Data is incorrect, you have the right to make corrections thereto.
  3. 11.3 The exercise of your rights specified above must comply with law. We reserve the right to refuse any request on grounds permitted by law. In the event that we deny your request, the request and reasons for denial will be recorded in the Personal Data processing record as required by law.
  4. 11.4 To exercise your right, you may contact us via the contact information provided hereunder. We will process your request and then inform you of the result within 30 days from the date of receiving your request. Where we refuse your request, you will be informed of the reason accordingly.

12. Notifications, Reminders, and Location Settings

The company may deliver a notification or reminder to your device. You can opt out of receiving these messages at any time by setting up notifications on your device or by adjusting the notification settings on the Application or by changing the notification settings on your mobile in the notification setting and in the Application.

13. Links To Third Parties

Some of the company’s online services may contain links to third-party applications or websites. Access to and usage of such applications or websites shall be governed by the privacy notice of such third party. We refuse to be held liable to the User if such applications or websites do not comply with or operate in accordance with a third party’s privacy notice.

14. Amendment to this Privacy Notice

The Company may review, amend, or update this Privacy Notice from time to time to ensure its consistency with relevant practices, laws, regulations, and legal requirements. In the event of any changes to this Notice, the Company will notify you by publishing the updated version through channels designated by the Company as soon as practicable. Your continued use of the services following the publication of any changes to this Notice shall be deemed as your acceptance of such changes.

15. Contact Information

Should you wish to exercise any of your legal rights under applicable data protection laws as outlined above, or if you have any questions, concerns, suggestions, or complaints regarding this Privacy Notice, you may contact the Company through the following channels:

LIFESTYLE TECH SOLUTION COMPANY LIMITED
6th floor, Bumrungrad Academy Building, Sukhumvit Soi 3 (Nana Nua), Sukhumvit Road, Khlong Toei Nua, Vadhana, Bangkok 10110

Data Protection Officer (DPO)
Email: dpo@bumrungrad.com