NOTIFICATION TO DATA SUBJECTS OF CLIENTS OF IMAART LLC
Data protection under the Thailand Personal Data Protection Act
IMAART LLC takes privacy seriously. This Privacy Notice ("Notice") contains information on what Personal Data IMAART LLC collects, what we do with that information, and what rights Data Subjects have.
"Personal Data" is any information that relates to an identified or identifiable natural person (rather than to a legal entity, such as company), including information about information about employees, directors, officers, shareholders, advisors, agents or other individual representatives (also the "Data Subjects") that we may collect in the course of a relationship with an institutional / corporate client and / or investor of IMAART LLC ("you").
If you are an institutional / corporate client and / or investor of UBS, please make sure that your Data Subjects are made aware of the content of this Notice and provided a copy thereof before sharing any Personal Data with IMAART LLC.
As part of our commitment to protect your personal data in a transparent manner, we want to inform you:
why and how IMAART LLC collects, uses and stores Personal Data of your Data Subjects;
the lawful basis on which Personal Data is processed; and
what rights Data Subjects have and our obligations in relation to such processing.
1. Data protection under the Thailand Personal Data Protection Ac
This Notice applies to any and all forms of use of Personal Data ("processing") of Data Subjects.
2. What types of personal data do we collect?
IMAART LLC (“IMAART LLC”, “we”, “our”, or “us”) may collect and process the following Personal Data about the Data Subjects:
personal details such as name, identification number, date of birth, KYC documents (including a copy of your national identity card or passport),
medical information, such as medical reports, blood test and other examination result;
business contact details such as phone number physical and electronic address);
where applicable, professional information such as job title and work experience;
details of our interactions with those individuals and the products and services you use;
any records of phone or video calls between any Data Subject and IMAART LLC; and
to the extent permitted by applicable law, we collect also special categories of Personal Data, such as data about religious beliefs and other beliefs of a similar nature and data about alleged or proven criminal offences.
3. For which purposes do we process Personal Data and what legal basis do we rely on?
3.1 Purposes of processing
We always process personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process personal data for the following purposes:
a) client on-boarding processes, including to verify the identity;
b) client relationship management, for example to manage our relationships with you, including communicating with you in relation to the products and services you obtains from us and from our business partners and handling customer service-related queries and complaints;
c) Product implementation and execution. For example, providing products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and receiving payments;
d) facilitate medical professionals to advice and provide appropriate medical treatments to you;
e) engaging in prospecting and business development and / or protecting and enhancing the IMAART brand. For example, to evaluate whether and how IMAART LLC may offer products, services and events that may be of interest to you;
f) contacting your Data Subjects' contact information for marketing purposes about products and services we think will be of interest to you, including those offered by us, IMAART LLC, and our other business partners;
g) ensuring the safety of our customers, employees and other stakeholders;
h) undertaking transactional and statistical analysis, and related research;
j) for the IMAART LLC’s prudent operational management (including risk management, insurance, audit, systems and products training and similar administrative purposes);
k) receive and handle complaints, requests or reports from you or third parties made to IMAART LLC; and
l)any other purposes we notify to you from time to time.
3.1 Legal basis for the processing
Depending on the purpose of the processing activity (see section 3.1 above), the processing of your Personal Data will be one of the following:
necessary for executing a contract with you, or for carrying out our obligations under such a contract, such as when we use Personal Data for some of the purposes in Sections 3.1 a), b) and g), as well as certain of the data disclosures described in Section 5;
required to meet our legal or regulatory obligations;
necessary for legitimate interest of IMAART LLC, without unduly affecting your interests or fundamental rights and freedoms and to the extent such Personal Data is necessary for the intended purpose. Please see below examples of legitimate interests of IMAART LLC;
necessary for the performance of a task carried out in the public interest; or
in limited circumstances, and as may be requested from a Data Subject from time to time, we have obtained prior consent (for instance where required by law) or processed with Data Subjects' explicit consent in the case of special categories of Personal Data such as medical information.
Examples of the 'legitimate interests' referred to above are:
pursuing certain of the purposes in sections 3.1 a) to g) above;
when we make the disclosures referred to in section 5 below, providing products and services and assuring a consistently high service standard within IMAART LLC, and keeping our customers, employees and other stakeholders satisfied; and
meeting our accountability and regulatory requirements around the world,
in each case provided such interests are not overridden by privacy interests of the Data Subjects.
Failure to provide us with Personal Data that we need to collect to meet our legal or regulatory obligations may entail the possibility of not being able to onboard you as a client or provide products or services to you (in which case we will inform you accordingly).
To the extent that we process any special categories of Personal Data relating to you, we will do so because:
the processing is necessary for the establishment, exercise or defense of a legal claim;
the processing is necessary for reasons of substantial public interest; or
Data Subjects have given their explicit consent to us to process that information (where legally permissible).
4. Who has access to personal data and with whom are they shared?
All IMAART LLC employees accessing Personal Data must comply with our internal rules and processes in relation to the processing of Personal Data to protect them and ensure their confidentiality. We have also implemented adequate technical and organisational measures to protect Personal Data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure and or access and against all other unlawful forms of processing.
5. Who has access to personal data and with whom are they shared?
5.1 Within IMAART LLC
We make available Personal Information to members of our personnel within the IMAART LLC for the purposes indicated in section 3, in order to ensure a consistently high service standard and to provide services and products to you.
5.2 Third Parties
When providing products and services to you, we will share personal data with persons acting on your behalf or otherwise involved in the transaction (depending on the type of product or service you receive from us), including, where relevant, the following types of companies:
medical institutions, including IVF centres and laboratories;
a party acquiring interest in, or assuming risk in or in connection with, the transaction (such as an insurer);
issuers of securities (including third parties appointed by them) in which you have an interest, where such securities are held by the bank for you;
payment recipients, beneficiaries, account nominees, intermediaries, and correspondent and agent banks (including custodian banks);
clearing houses, and clearing or settlement systems; and specialised payment companies or institutions such as SWIFT;
other financial institutions, credit reference agencies or credit bureaus (for the purposes of obtaining or providing credit references);
any third-party fund manager who provides asset management services to you;
lawyers, auditors, escrow agents , and insurers providing legal, audit, consultancy, escrow or insurance services to us, and
any introducing broker to whom we provide introductions or referrals.
4.3 Service providers
In some instances, we also share personal data with our suppliers, who are contractually bound to confidentiality, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, advisors and others. When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure.
4.4 Public or regulatory authorities
If required from time to time, we disclose personal data to public and judicial authorities, regulators or governmental bodies and in proceedings, including when required by law or regulation, under a code of practice or conduct, at their request, or to safeguard our legitimate interests.
IMAART external auditor and any other persons or entities to whom IMAART is required to make disclosure by applicable law.
If Data Subjects exercise their right to data portability, where applicable, we will usually disclose the personal data to an intermediary that facilitates data portability in accordance with applicable law and regulations.
If our business is sold to another organisation or if it is re-organised, personal data will be shared so that you can continue to receive products and services. We will usually also share personal data with prospective purchasers when we consider selling or transferring part or all of a business. We take steps to ensure such potential purchasers keep the data secure.
We will disclose personal data where required to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
5. International transfers of personal data
The Recipients referred to in section 4 above can be located also outside of Thailand. IMAART LLC puts in place suitable safeguards to ensure that any data transfer is carried out in compliance with applicable data protection rules. We only transfer Personal Data abroad to countries which are considered to provide an adequate level of data protection, or in the absence of such legislation that guarantees adequate protection, based on one of the following conditions:
the transfer is based on appropriate safeguards including enforceable rights and effective legal remedies for Data Subjects;
Data Subjects have provided explicit consent to the transfer after being informed of the risks;
the transfer is necessary for the performance of a contract between you and us or for the implementation of pre-contractual measures taken at your request;
the transfer is necessary to comply with a legal obligations;
the transfer is necessary for carrying out activities in relation to substantial public interest.
Where IMAART LLC transfers personal data to overseas service providers, adequate contractual standards will be adopted.
6. How long do we store your personal data?
We will only retain personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose
In general, IMAART LLC will retain personal data for the period of your relationship or contract with IMAART LLC, reflecting the length of time for which legal claims may be made following termination of such relationship or contract, as well as if it is in IMAART LLC's legitimate interest.
However, if Data Subjects wish to have their Personal Data removed from our databases, you can make a request as described in Section 7 below, which we will review as set out therein.
7. Data Subjects' rights
Data Subjects have the right to access and to obtain information regarding their Personal Data that we process and a copy thereof. If Data Subjects believe that any information we hold about them is incorrect or incomplete, they may also request the correction of their Personal Data.
Data Subjects may also have the right to:
object to the processing, use and disclose of their Personal Data;
request the erasure, destruction or anonymisation of their Personal Data;
request restriction on the processing of their Personal Data;
withdraw the consent where IMAART LLC obtained their consent to process Personal Data (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).
In some circumstances as prescribed by the Thailand Personal Data Protection Committee and where applicable, Data Subjects may have the right to request their Personal Data be transferred in a generally readable or usable format to themselves or to another controller, provided that is technically feasible (the ‘data portability’ right).
8. Exercising rights, and complaints
Rights can be exercised by contacting IMAART LLC. If you are not satisfied with any aspect of the processing of your personal data by IMAART LLC, we would like to discuss it with you to understand how we can rectify the issue.
If any of the Data Subjects deems that we are not complying with any provision under the PDPA they have the right to make a complaint to the Personal Data Protection Committee.
9. Security Note
We have in place appropriate technical and organisational measures to prevent unauthorised or unlawful access to your personal data. As complete data security cannot be guaranteed for communication via e-mails, instant messaging, and similar means of communication, we would recommend sending any particularly confidential information by an alternative secure means.
10. Information about the data controller and changes to this privacy notice
This privacy notice is issued by IMAART LLC with registered office at
468 N Camden Drive, Suite 288A,
Beverly Hills, CA 90210
For any information or comment about this privacy notice please contact IMAART LLC.
This privacy notice was updated in July 2022. We reserve the right to amend it from time to time. If the notice has been updated, we will take steps to inform you of the update by appropriate means, depending on how we normally communicate with you.
For information on how we use and protect the personal data of our former, current and prospective clients, please read the country specific client privacy notices in select jurisdictions where IMAART LLC entities process personal data. If your country is not listed, please contact IMAART LLC before proceeding further.