Last Updated: Febuary 15, 2023

As the owner of your own personal information, Horizon Rehab Center (“the Company”) is committed to protecting it. Your personal information will be safeguarded under the Personal Data Protection Act B.E. 2019. As a data controller, the Company is required by law to inform you in this document about the reasons and methods by which it collects, uses, or discloses your personal information, as well as your rights as a personal data owner.


“Personal Data” refers to any information about an individual that can be used to identify that person, either directly or indirectly. but does not include specific information about the deceased.

“Sensitive personal data” refers to information about a person’s race, ethnicity, political beliefs, cult, religion or philosophy, sexual behavior. Criminal records, health, disability, and labor union information Biological and genetic information (e.g., facial image data, iris simulation data, fingerprint data) or any other information that affects the owner of personal in a similar way as announced by the Personal Data Protection Committee.

“Processing” means collecting, using, or disclosing.

“Personal Data Controllers” (“Controllers”) are natural or juristic persons, who have the power and duty to decide on the collection, use or disclosure of personal data.

“Personal Data Processors” (“Processors are natural or juristic persons who collect, use, or disclose personal data for a Controller.

“Infirmary in the network” refers to a medical facility in the group or network of Horizon Rehab Center, both in Thailand and internationally.


Your personal data collected by the Company can be divided into the following categories:

# Type of personal data Details
1 Personal data If you are a company’s service provider (Vendor): name, surname, identification number, taxpayer’s number and date of birth must be included.
2 Contact data Your phone number and email address must be provided if you are a company service provider (Vendor).
3 Financial data If you are a company’s service provider (Vendor): Bank account number.
4 Computer Usage Data If you visit the website, the following information will be collected: your computer’s IP address, type Cookie data, time zone settings, the operating system, platform, and device technology used to access the website and the online appointment system.

Your personal information is directly collected by the Company:

  • If you visit , when viewing information about the Company’s services or contacting the Company to learn more about its services.
  • If you are a company service provider (Vendor), the Company obtains your personal information From your inquiry regarding coming to the Company to provide services or for the Company to collect your personal data as a service provider who has entered a contract with the Company.

The Company processes your personal data in accordance with the Personal Data Protection Act B.E. 2019 and explains the Lawful Basis of Processing as follows:

1 If you visit the website, the Company collects statistics on your website visits by processing your personal data and contact you when the Company contacts you to learn more about the Company’s services.
  • Personally identifiable data
  • Contact information
It is required in the Company’s legitimate interests to collect website traffic statistics and to contact you if you wish to learn more about the Company’s services (M.24) (5)

If you are a service provider (vendor) for the Company:

The Company processes your personal data in order to carry out a contract with your request to the company such as:

  • Communicate with you about contract-related activities before and after the contract.
  • Any payments and wages associated with contract performance.
  • Examine the contract’s completion and success.
  • Personal information will be saved for internal and business standard audits.
  • Personal Data
  • Contact information
  • Financial Data
The Company must carry out its contract with you as a service provider or agree to do the contract with you (section 24) (3)

Your personal information will not be used for purposes other than those stated above except where the Personal Data Protection Act B.E. 2019 is required for the establishment of legal claims, in order to prevent or suppress a threat to a person’s life, body, or health.


1. The Company may disclose or share your personal information with third parties, such as personal data processors who are required for the company’s operations. The Company requires the aforementioned third parties to maintain confidentiality and protect your personal information in accordance with the Personal Data Protection Act B.E. 2562 standards and use your personal information for the purposes that the Company has specified or ordered the third party to perform. Third parties will not be able to use your personal data for any other purpose.

2. Personal data may be stored in the cloud computing system by utilizing the services of third parties located in Thailand or internationally and cautiously consider the personal data protection security provided by cloud computing service providers to protect personal data.

3. In order to comply with the law, the Company may disclose your personal information to any government agency, person, or juristic person to comply with a court order.


1. The Company will keep your personal information for the duration of their contract with you and will be retained for a period of 10 years following the contract’s termination.

2. In the event that the Company must comply with the law, court orders, or establish a legal claim in order to enter any dispute resolution process. The Company may retain personal data for the duration of the applicable legal statute of limitations.

3. Following the expiration of the period specified in Article 1 or 2, the Company will proceed to destroy that personal data in accordance with the Company’s data destruction procedures. and will complete the procedure without delay.


1. The Company will manage the retention of personal data in accordance with the legal requirements. and with the appropriate system Personal data can be protected and secured by employing security protocols, for example (Secure Sockets Layer: SSL), using firewalls, passwords, and other technical measures to encrypt data sent over the internet to protect them and keep in a facility with access control systems that limit the person’s access to personal data in the form of documents.

2. The Company restricts access to personal data that may be accessed by employees, agents, partners, or third parties. Third-party access to personal data is only permitted when required or ordered. Third parties are required to maintain confidentiality and protect personal information.

3. The Company provides technological solutions to prevent unauthorized access to computer systems. The Company provides technological solutions to prevent unauthorized access to computer systems.

4. The Company has a monitoring system in place to manage the deletion of personal data that is no longer required for the Company’s operations.

5. In the case of sensitive personal data, the company will implement security measures for document and electronic data security in terms of access and control over their use. There is an operating system, a backup system, and an emergency plan. There is also a regular risk assessment of the system.


1. In some cases, the Company may be required to transfer your personal data abroad. The Company may do so after notifying you of its intent and the company has received your consent. The Company will notify you of personal data protection standards that may not be adequate in the destination country.

2. If the transfer of personal information abroad is required by the contract to which you are a party, the Company may transfer your personal information without your consent. or for use in processing your request prior to entering that contract, or to comply with the Personal Data Protection Act B.E. 2019.


When you visit the Company’s website, cookies are used to ensure that you have a positive experience. Cookies are small files that store information and are saved on your computer or communication device via the web browser you choose to use while visiting the website.

The Company employs cookies to identify your visit to the website and can easily recall the nature of your website’s use. This data will be used to improve the company’s website according to your requirements. The Company occasionally requires third parties to do so for the convenience and speed of your use of the website, which may require the use of an Internet Protocol Address (IP Address). and cookies for analysis data link and processing for marketing purposes. When you visit our website, you have the of installing cookies. You have the option of allowing or disabling analytics cookies, data link and processing for marketing purposes.


As the owner of personal data, you have the right to request that the Company process your personal data to the extent permitted by law, as follows:

1. Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data that you have given the company at any time. Your personal information is stored by the company.

2. Right of access: Right of access to personal data: You have the right to access your personal data and request that the company make a copy of such personal data, revealing the acquisition of personal information that you did not consent to the company giving to you.

3. Right to rectification: You have the right to request that the Company correct inaccurate information or add missing information.

4. Right to erasure of personal data: You have the right to request that the Company delete your information for any reason.

5. Right to processing restriction: You have the right to request that the Company the use of your personal information for any reason.

6. Right to data portability: You have the right to transfer data, your personal information provided to the Company by another data controller or yourself for whatever reason.

7. Right to object to personal data processing: You have the right to object to personal data processing of your personal information for specific purposes.

To exercise any of the above rights, please contact our Data Protection Officer (DPO) / Information Technology Officer by


Telephone : +662-853-9922


In order to improve personal data protection, the Company may review and change the Personal Data Protection Policy in the future. The Company will notify you whenever there is a change in such policy.


You can contact the data controller, inquire about or exercise any personal data rights at Horizon Rehab Center

89 Moo 3, Khlong 1, Khlong Luang, Pathum Thani


Telephone : +662-853-9922