Privacy Policy

1. Introduction

Tidal Fern ("we," "our," or "us") is committed to protecting the privacy and confidentiality of all individuals who use our senior care services or interact with our website. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with Thailand's Personal Data Protection Act (PDPA) and other applicable data protection laws.

We understand that choosing senior care involves sharing sensitive health and personal information. We treat all data with the utmost respect and maintain strict confidentiality practices across all aspects of our operations.

2. Information We Collect

We collect various types of information to provide and improve our care services:

Personal Identification Information

This includes: full name, date of birth, national identification number or passport number, contact information (phone numbers, email addresses, physical address), emergency contact details, and family member information.

Health and Medical Information

We collect medical history, current health conditions, medications, allergies, dietary restrictions, mobility limitations, cognitive status assessments, and healthcare provider information. This information is essential for providing appropriate care and ensuring resident safety.

Financial Information

For billing purposes, we collect payment information, insurance details, and billing addresses. Payment processing is handled securely through third-party payment processors who maintain their own security standards.

Website Usage Information

When you visit our website, we may collect IP addresses, browser type and version, pages visited, time spent on pages, and referring websites. This information helps us improve our website functionality and user experience.

3. How We Use Your Information

We use collected information for the following purposes:

Service Delivery

Personal and health information is used to provide appropriate care services, develop individualized care plans, coordinate with healthcare providers, manage medications, accommodate dietary needs, and ensure resident safety.

Communication

We use contact information to communicate with residents and their families about care updates, schedule appointments, respond to inquiries, and share important facility information.

Billing and Administration

Financial information is used to process payments, handle insurance claims, maintain accurate financial records, and fulfill our legal obligations.

Quality Improvement

Aggregated, non-identifiable data may be used to analyze care outcomes, improve our services, train staff, and maintain quality standards.

4. Legal Basis for Processing

Under Thailand's PDPA, we process personal data based on the following legal grounds:

Consent: We obtain explicit consent before collecting and processing personal information for most purposes.

Contract Performance: Processing is necessary to fulfill our care service agreements with residents and their families.

Legal Obligation: We process certain data to comply with healthcare regulations, tax laws, and other legal requirements.

Vital Interests: In emergency situations, we may process health information to protect the life or physical safety of residents.

5. Data Sharing and Disclosure

We maintain strict confidentiality but may share information in limited circumstances:

Healthcare Providers

We share relevant health information with doctors, nurses, therapists, and other medical professionals involved in resident care, always with appropriate consent or as required for treatment.

Family Members and Authorized Representatives

Information is shared with family members or legal representatives as authorized by the resident or as required by law.

Service Providers

We work with third-party vendors for services such as payment processing, website hosting, and medical equipment suppliers. These providers are contractually obligated to maintain confidentiality and use data only for specified purposes.

Legal Requirements

We may disclose information when required by law, such as in response to court orders, regulatory investigations, or to comply with healthcare reporting requirements.

6. Data Security Measures

We implement comprehensive security measures to protect your information:

Physical Security: Secure facility access controls, locked storage for paper records, and surveillance systems.

Technical Security: Encrypted data transmission and storage, secure servers with firewall protection, regular security updates and patches, and password-protected systems with role-based access controls.

Administrative Security: Staff training on confidentiality and data protection, regular security audits and assessments, documented data handling procedures, and incident response plans.

Despite these measures, no security system is completely impenetrable. We continuously work to enhance our security practices and respond promptly to any potential breaches.

7. Data Retention

We retain personal information for different periods depending on the type of data and legal requirements:

Medical Records: Maintained for a minimum of five years after the last date of service or as required by Thai healthcare regulations.

Financial Records: Retained for seven years in accordance with Thai tax and accounting laws.

Contact Information: Kept while active in our services and for two years after service termination, unless you request earlier deletion.

When data is no longer needed, we securely destroy or anonymize it according to industry standards.

8. Your Rights Under PDPA

Under Thailand's Personal Data Protection Act, you have the following rights:

Right to Access: Request copies of your personal data and information about how we use it.

Right to Rectification: Request correction of inaccurate or incomplete personal data.

Right to Erasure: Request deletion of your personal data in certain circumstances.

Right to Restrict Processing: Request limitation on how we use your data.

Right to Data Portability: Receive your personal data in a structured, commonly used format.

Right to Object: Object to certain types of data processing.

To exercise these rights, please contact our privacy officer at [email protected]. We will respond to your request within 30 days.

9. Cookies and Website Tracking

Our website uses cookies and similar technologies to enhance user experience and analyze website traffic. For detailed information about our cookie practices, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings or by using the cookie management tools on our website.

10. Children's Privacy

Our services are designed for adults, and we do not knowingly collect information from individuals under 18 years of age. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We will notify residents and their families of significant changes through direct communication or by posting a notice on our website.

The "Last Updated" date at the top of this policy indicates when it was most recently revised. We encourage you to review this policy periodically.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

13. Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable laws, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand, the supervisory authority responsible for data protection matters in Thailand.