CCTV Privacy Notice

Privacy in using CCTV cameras

Announcement from Wattanapat Hospital Samui
regarding privacy in using CCTV cameras (CCTV Privacy Notice)

Wattanapat Hospital Samui Co., Ltd. (hereinafter referred to as “the hospital” or “we”) is implementing the use of closed-circuit television cameras (CCTV) for surveillance in and around the area at the entrance and exit This includes areas that the hospital deems appropriate to be surveillance points within the hospital (“Areas”) of the hospital in order to protect life, health, and property. The hospital collects personal information of staff. Workers, customers, employees, contractors, visitors or any person (hereinafter collectively referred to as “Service recipients”) who come to the area Through the use of said CCTV equipment
This CCTV Privacy Notice (“Notice”) provides information about our collection procedures. Use or disclose which is information that can identify service recipients (“Personal Information”) including various rights of service recipients as follows:

Legal bases for processing personal data

The hospital collects personal information of service recipients under the following legal bases.

  • Necessary to prevent or stop danger to life, body, or health of service recipients or other persons.
  • Necessary for the legitimate interests of the hospital or other persons Such benefits are no less important than the basic rights to personal data of service recipients.
  • The need to comply with relevant laws which controls safety and the environment in the workplace and hospital property


Purpose of collecting personal information of service recipients

The hospital collects personal information of service recipients for the following purposes:

  1. To protect the health and personal safety of service recipients. This includes the property of the service recipient.
  2. for building protection Hospital facilities and property from damage, obstruction, destruction of property or other crimes.
  3. To support agencies involved in enforcing the law for deterrence, prevention, search and legal prosecution.
  4. To assist in the dispute resolution process which occurs during the disciplinary or grievance process.
  5. To provide assistance in the investigation process or the process of submitting a complaint.
  6. To assist in the process of initiating or defending civil litigation. This includes, but is not limited to, legal proceedings related to employment.


Personal information collected and used by the hospital

For the purpose as stated in item 2. The hospital installs CCTV cameras in a visible location. Signs will be placed warning that CCTV cameras are in use at entrances and exits. Including areas that the hospital deems appropriate to be areas that require surveillance. To collect personal information of service recipients when service recipients enter the area as follows:

List of personal information collected

  • slide
  • animation
  • Sound (used in the treatment design process Telemedicine)
  • Pictures of the service recipient's property such as vehicles, bags, hats, clothing, etc.

The hospital will not install CCTV cameras in areas that may unreasonably infringe on the basic rights of service recipients, such as rooms, bathrooms, shower rooms, or places for workers to rest. Except for the Telemedicine care design process that is for the benefit of care and has received consent from the service recipient.

Disclosure of personal information of service recipients

The hospital will keep the information on the CCTV cameras regarding service recipients confidential. and will not be disclosed except in cases where it is necessary for the hospital to achieve the objectives of surveillance and observation as specified in this announcement. The hospital may disclose information on CCTV cameras to the following types of persons or legal entities.

  1. Agencies with powers and duties as specified by law to help Support in law enforcement or for conducting investigations, investigating, or prosecuting various matters.
  2. Third party service providers For the necessity of ensuring confidence in preventing or stopping danger to life, body, health, and property of service recipients or other persons.
  3. Rights according to the Personal Data Protection Act, B.E. 2019, of service recipients. The Personal Data Protection Act, B.E. 2019, aims to make the personal data of service recipients more under the control of service recipients. Service recipients can exercise their rights under the Personal Data Protection Act 2019 when the provisions regarding the rights of personal data owners come into effect. which has the following details
  4. The right to access, receive a copy, and request disclosure of the origin of personal data of service recipients that the hospital collects. Except in cases where the hospital has the right to refuse the service recipient's request according to law or court order. or in cases where the service recipient's request will have an impact that may cause damage to the rights and freedoms of other people.
  5. The right to request correction of personal information of service recipients that is incorrect or incomplete. In order to be accurate, current, complete and not cause misunderstandings.

The right to request to suspend the use of personal information of service recipients in any of the following cases:

  1. During the period when the hospital is inspecting at the request of the service recipient to correct the personal information of the service recipient. complete and current
  2. Personal information of service recipients is collected. Use or disclose illegally
  3. When the personal information of service recipients is no longer necessary for keeping for the purpose, the hospital will notify in the collection process. But the service recipient wishes the hospital to continue keeping that information in order to exercise the service recipient's legal rights.
  4. During the time when the hospital is proving to the service recipient that there is a legitimate reason for collecting it. Use or disclose personal information of service recipients or check the necessity of collecting, using, or disclosing personal information of service recipients for the public benefit. This is due to the service recipient exercising the right to object to the collection, use, or disclosure of the service recipient's personal information.
  5. The right to object to the collection, use, or disclosure of personal information of service recipients. Except in the case where the hospital has a legitimate reason for rejecting the service recipient's request (for example, the hospital can demonstrate that the collection, use, or disclosure of the service recipient's personal information has more legitimate grounds. or for the establishment of legal claims. Complying with or exercising legal claims or for public benefit according to the mission of the hospital)
  6. The period of retention of personal information to achieve the purpose of surveillance by using CCTV equipment as specified in this announcement. The hospital will retain personal information on CCTV cameras related to service recipients for a period of 15 days. After that period has elapsed, the hospital will further delete and destroy the personal information of service recipients. By using CCTV cameras in the Telemedicine system, no data will be stored. The important information will be recorded in the medical record. for use in maintenance
  7. Personal information security

The hospital has appropriate measures in place to maintain the security of personal information of service recipients. Both technically and administratively To prevent data loss or there is unauthorized access, deletion, destruction, use, change, modification, or disclosure of personal information. This is in line with the hospital's information security policy and practices.
In addition, the hospital has established a personal data protection policy which has been announced throughout the organization. Along with guidelines to ensure security in collecting, using or disclosing personal information. By maintaining secrecy (Confidentiality), accuracy, completeness (Integrity) and ready-to-use condition. (Availability) of personal information The hospital has arranged to review the said policy including this announcement in an appropriate period of time.

Responsibilities of the Personal Data Controller

The hospital has designated that only those personnel who have authority and duties involved in collecting, using, or disclosing personal information in this processing activity will have access to personal information of service recipients. The hospital will ensure that staff strictly comply with this announcement.

Changes to this Privacy Notice

To improve or change this announcement The hospital may consider making changes as it deems appropriate. and will inform service recipients via the hospital's website with the date of the latest version marked at the end. However, the hospital recommends that customers please check regularly for new announcements. Especially before the service recipient enters the hospital area.

Entering the service recipient's area This is considered acknowledgment according to the agreement in this announcement. Please refrain from entering the area. If the service recipient does not agree with the terms in this announcement. If service recipients continue to come into the area after this announcement has been edited and posted on the above channels. It will be considered that the service recipient has been informed of such change.


Service recipients can contact and inquire about this announcement at
1. Personal Data Controller (Data Controller).

  • Name: Head of Medical Records
  • Contact location: 555 Village No. 1, Bophut Subdistrict, Koh Samui District Surat Thani Province 84320
  • Contact channel: 0-7796-5889 Email:


2. Data Protection Officer (DPO)

  • Name: Ms. Sirirat Rittisak (Quality Management Manager position)
  • Contact location: 247/2 Phatthalung Road, Thap Thiang Subdistrict, Mueang District, Trang Province 92000
  • Contact channel: 07-520-5555 ext. 7015 Email: