This Privacy Notice applies to the operations of LUMA Care Co., Ltd (“LUMA”). At LUMA we respect your right to privacy and value the trust you have placed in us. We are committed to the responsible management, use and protection of your personal data. Personal data is information that relates to you and may identify you as an individual ,as outlined in the Thailand’s Personal Data Protection Act 2019.
When our guests use our sites and applications, we may obtain data from and about guests and their devices. We are dedicated to treating your personal information with care and respect. We will refer to these websites and mobile applications as “Services” throughout this Policy.
What is personal data
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
Information We Collect
We collect personal information that you voluntarily provide through our Services, including:
- Name, address, email address, and birthdate.
- Health information.
- Financial information such as payments made and received and services purchased, bank account details and financial transactions history.
- Personal Identification numbers.
- Geolocation information.
- Social media account IDs.
We may supplement the information you submit to us online with:
other personal information we have about you, including information from our affiliates and vendors; and information that we obtain about you from public and non-public records, in every case we ensure of the information safety following the law and our information security policy.
Where we collect Personal Data from
- We collect information you provide to us when you request or purchase products, services, or information from us, register with us.
- We collect information through a variety of technologies, such as cookies, Flash cookies, pixels, tags, software development kits, application program interfaces, and Web beacons, including when you visit our sites and, whether or not you are logged in or registered.
- We collect information using analytics tools, including when you visit our sites and applications.
- We get information from the data controller as a data processor following data controller order.
- An “IP Address” (a number that is automatically assigned to the computer that you are using by your Internet Service Provider) may be identified and logged automatically in our server log files whenever a user access the Services, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services. We use IP Addresses for purposes such as calculating usage levels of the Services. helping
diagnose server problems, and administering the Services.
Anonymous and Aggregate Information
- LUMA may aggregate personal information so that it does not personally identify you or any other user of the Services (for example, we may aggregate personal information to analyze the percentage of our users who have a particular area code).
- LUMA may remove personal information to create anonymous data.
- LUMA uses and shares anonymous and aggregate information for historical, statistical, or business planning purposes. Additionally, we may use and share this information for any purpose except where we are required to do so otherwise under applicable law. If we are required to treat this information as personal information under applicable law, then we may use it as described above in “Other Information,” as well as for the purposes for which we use and share personal information.
How We Process, Store and Destroy Your Personal Data
How We Use Your Personal Information
We use personal information you provide when you visit or use our Services to fulfill the purpose for which you provided the information and to enhance your experience with us. These uses include:
- Completing transactions, for example, processing your insurance payments.
- Processing claims.
- Sending administrative information to you, for example. information regarding the Services and changes to our terms, conditions, and policies.
- Providing and improving customer services, including through any chat or similar feature available through our Services.
- Sending marketing information, we think may be of interest to you;
- Providing a quote for one of our products.
- Sending you surveys.
- Authenticating or confirming your identity when you return to your LUMA accounts online.
- Conducting our business, such as data analysis, audits, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- Taking any action that we believe to be necessary or appropriate:
- (a) to investigate, prevent and detect illegal activities.
- (b) under applicable laws, including laws outside your country of residence;
- (c) to comply with legal process;
- (d) to respond to requests from public and government authorities including public and government authorities outside your country of residence;
- (e) to enforce our Terms of Service and Privacy Notice
- (f) to protect our operations or those of our affiliates;
- (g) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and
- (h) to allow us to pursue available remedies or limit the damages that we may sustain.
- Informing you of job opportunities and evaluating your suitability for a job.
- Other purposes specifically disclosed at the time we request your information.
Personal data collection notification
We shall not conduct any processes which are different from the purposes as have previously been shared with the you except for when:
- You have been informed of such a new purpose, and prior consent is obtained.
- it is necessary for us to be in compliance with this Act or other laws.
How we store your personal data
We store the Personal Data of Data in both physical and electronic forms.
- For electronic data we store in our dedicated servers and databases ,with data safety standards.
- For physical documents we store in our vault rooms and relevant department lockers.
How We Share Personal Information
Sharing Among our Affiliates
LUMA and its affiliates may share your personal information with one another to ensure that your use of the Services is as helpful and beneficial as possible; to support our business operation, to provide services to you and for any other purpose described in this Privacy Notice.
Sharing with Third Parties
- We work with third parties that provide services to us, such as insurers, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing and other similar services. We may share your personal information with them so they can provide those services.
- We may share personal information with third parties to permit them to send you marketing communications, if you have opted in to such sharing
- We may share with your benefit plan’s plan sponsor or plan administrator the fact that you have visited or used features of our Services to permit your benefit plan’s plan sponsor or plan administrator to determine eligibility, qualification or confirmation of a promised incentive or reward to you. We will share any personal information you provide on our Services for the purposes stated on the page where we collected the information and in accordance with applicable laws and regulations.
We may share your information in other limited circumstances, including:
- Complying with applicable laws, including laws outside your country of residence.
- Responding to requests from government or public authorities or otherwise cooperating with authorities pursuant to a legal matter, including authorities outside your country of residence.
- Responding to matters of personal or public safety.
- In litigation, investigations, and other legal matters where the data is pertinent.
- Investigating security incidents.
- In the event of the sale or transfer of LUMA or some of our assets, or in the context of similar business negotiations.
- Enforcing our Terms of Services.
Cross Border Transfers
We offer Services on a global network basis and the Services are not intended to subject LUMA or any affiliated entity to the laws or jurisdiction of any state, country or territory other than the Thailand’s Personal Data Protection Act 2019 and the Singapore Personal Data Protection Act 2012. Your personal information may be stored and processed in any country where we work with insurers, have facilities or in which we engage service providers, and by using the Services, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules than your country. LUMA does not represent or warrant that the Services, or any part of them, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Services, do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations.
How long do we keep your personal data
We will retain your Personal Data for as long as required to perform the Purposes for which the data was collected, depending on the lawful basis on which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain the Personal Data. In general terms, this will mean that Personal Data will be kept for the duration of our relationship with the respective Data Subjects and:
- the period required by tax, company and financial services laws and regulations, and as prescribed under other applicable laws;
- the period during which we deem it necessary to retain Personal Data, taking into account the business practices and industry standards
- as long as it is necessary for Data Subjects to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under applicable law.
In certain circumstances, Personal Data may need to be retained for a longer period of time, for example, where we are in ongoing correspondence or there is a continuing claim or investigation.
Data Security , Integrity and retention
The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect guest information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable
What are your rights in relation to the Personal Data
Under the PDPA, you are entitled to certain rights in relation to your Personal Data. Some of these rights will only apply in certain circumstances. you would like to exercise, or discuss, any of these rights, then you should contact the DPO Office at the contact details set out below and provide sufficient information to allow us to understand the scope of the request.
- Withdrawal of Consent: if our Processing is based on consent, you can withdraw the consent at any time by contacting the DPO Office.
- Access: you are entitled to ask us if we are Processing your Personal Data, and if we are, you can request access to yours Personal Data, including to receive a copy of the Personal Data we hold about you and certain other information about it.
- Correction: you are entitled to request that any incomplete or inaccurate Personal Data we hold about you be corrected.
- Erasure: you are entitled to ask us to delete, destroy or anonymize your Personal Data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the Personal Data is required for compliance with law or in connection with claims.
- Restriction: you are entitled to ask us to suspend the Processing of your Personal Data, for example if you want us to establish its accuracy or the reason for Processing it.
- Transfer: you are entitled to request the transfer of your Personal Data to another third party in limited circumstances.
- Objection: where we are Processing Personal Data based on our legitimate interests (or those of a third party) you may challenge the Processing. However, we may be entitled to continue Processing your Personal Data based on our compelling legitimate interests or where this is relevant to legal claims. You also have the right to object where we are Processing Personal Data for direct marketing purposes.
- Complaint: you have any concerns or questions about the Processing of your Personal Data, please contact us at the contact details set out below. In case of an alleged infringement of the PDPA, you have the right to lodge a complaint with a supervisory authority in accordance with the rules and methods prescribed under the PDPA. Your request for the above purposes will be processed and responded to within 30 days after receiving the completed information and support documents.
Your request for the above purposes will be processed within 30 days after receiving the completed information and supporting documents.
What are your rights in relation to the Personal Data
- The Services contain links to websites operated by third parties. If you provide personal information to any third party’s website, your transaction will occur on that website (not LUMA’s websites) and that website operator will collect the personal information you provide and will be subject to its privacy policies.
- We encourage you to read the legal notice posted on those sites, including their privacy policies.
The Privacy Notice does not apply to your use of and activity on those other websites. We provide links through the Services to other websites only as a convenience, and the inclusion of these links does not imply endorsement of the linked site. We have no responsibility or liability for your use of third party websites.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer providers, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any personal information you disclose to other organizations through or in connection with our mobile applications or other websites.
Online Communication Practices
If you email us, please do not include information you want to keep private. It is possible that your e-mail communication may be accessed or viewed inappropriately by another Internet user while in transit to us. If you wish to send us information that you want to keep completely private, please use a method other than e-mail.
Other Online Communications
We may send you electronic newsletters, information about products or services we offer, and other marketing communications. If you no longer want to receive marketing-related e-mails from us you may opt-out of receiving these
marketing-related emails by clicking on the unsubscribe link at the bottom or each email.
We will try to comply with your request(s) as soon as reasonable practicable. Please also note that if you do opt-out of receiving marketing-related e-mails from us, we may still need to send you important administrative messages, and you cannot opt-out from receiving administrative messages.
- We reserve the right to amend this Privacy Notice at any time.
- We will post the revised Privacy Notice on our websites or announce the change on the homepage of the website.
- You can determine when we revised the Privacy Notice by referring to revision date at the bottom of the notice.
- Any changes will become effective when we post the Privacy Notice on our websites. By continuing to use the Services following such changes, you will be deemed to have agreed to such changes.
- If you do not agree with the terms of this Privacy Notice, in whole or in part, you can choose to not continue to use the Services.
If you have any questions about this Privacy Notice please feel free to contact us under +662 494 3600 or [email protected]
Luma Care Headquarter
57 Park Ventures Ecoplex
9th Floor, Unit 912 Wireless Road,
Lumpini, Pathumwan, Bangkok 10330 Thailand