Privacy Policy

Last updated: January 2025

1. Introduction

Dr Green Thailand (“we,” “us,” “our,” or the “Company”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other applicable laws.

By accessing our website (drgreen-thailand.com), visiting our dispensary, or using our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

2. Data Controller Information

Data Controller: Dr Green Thailand

Address: 93 Sukhumvit 21 Rd, Khlong Toei Nuea, Watthana, Bangkok 10110, Thailand

Email: [email protected]

Phone: +66 82 171 9192

LINE: @drgreenbkk

For any questions or concerns regarding this Privacy Policy or the processing of your personal data, please contact us using the details above.

3. Definitions

For the purposes of this Privacy Policy:

  • “Personal Data” means any information relating to a natural person that enables the identification of such person, whether directly or indirectly, but excludes information of deceased persons.
  • “Sensitive Personal Data” means personal data pertaining to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data that may affect the data subject in a similar manner.
  • “Data Subject” means the natural person to whom the personal data relates.
  • “Processing” means any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

4. Personal Data We Collect

4.1 Information You Provide Directly

We may collect the following categories of personal data when you interact with us:

Identity Information:

  • Full name
  • Date of birth
  • Age
  • Gender
  • Nationality
  • Passport or ID card number (for verification purposes)
  • Photograph

Contact Information:

  • Email address
  • Phone number
  • LINE ID
  • Postal address

Medical Information (Sensitive Personal Data):

  • Medical history relevant to cannabis consultation
  • Current medications
  • Allergies
  • Health conditions
  • Medical prescriptions issued by our physicians

Transaction Information:

  • Purchase history
  • Payment information
  • Product preferences

Communication Information:

  • Correspondence with our staff
  • Feedback and reviews
  • Customer service inquiries

4.2 Information Collected Automatically

When you visit our website, we may automatically collect:

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Time zone setting
  • Language preferences

Usage Information:

  • Pages visited
  • Time spent on pages
  • Navigation paths
  • Referring website
  • Click data

Cookie Information:

  • Session cookies
  • Preference cookies
  • Analytics cookies

Please refer to Section 12 (Cookie Policy) for detailed information about our use of cookies.

4.3 Information from Third Parties

We may receive personal data from third parties, including:

  • Payment processors for transaction verification
  • Social media platforms if you interact with our social media pages
  • Business partners for delivery services (Grab, LINE Man)

5. Purposes for Processing Personal Data

We process your personal data for the following purposes:

5.1 Purposes Requiring Consent

  • Sending marketing communications, promotions, and newsletters
  • Conducting customer satisfaction surveys
  • Sharing your information with third-party marketing partners
  • Processing sensitive personal data (health information) for medical consultations

5.2 Purposes Based on Contractual Necessity

  • Processing and fulfilling your orders
  • Providing medical cannabis consultations
  • Issuing medical prescriptions
  • Delivering products to your specified address
  • Processing payments and refunds
  • Managing your customer account
  • Providing customer support

5.3 Purposes Based on Legal Obligations

  • Complying with Thai cannabis regulations and licensing requirements
  • Maintaining sales records as required by the Department of Thai Traditional and Alternative Medicine (DTAM)
  • Reporting to regulatory authorities as required by law
  • Tax compliance and accounting purposes
  • Responding to lawful requests from government authorities

5.4 Purposes Based on Legitimate Interests

  • Improving our products and services
  • Analyzing website usage to enhance user experience
  • Preventing fraud and ensuring security
  • Protecting our legal rights and interests
  • Internal administrative purposes

6. Legal Basis for Processing

Under the PDPA, we process your personal data based on the following legal grounds:

  1. Consent: Where you have given explicit consent for one or more specific purposes, particularly for marketing communications and processing of sensitive personal data.
  2. Contractual Performance: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
  3. Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject under Thai law.
  4. Vital Interests: Where processing is necessary to protect your vital interests or those of another natural person.
  5. Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms.

7. Disclosure of Personal Data

We may disclose your personal data to the following categories of recipients:

7.1 Internal Recipients

  • Our employees, physicians, and staff members who require access to perform their duties
  • Management for operational and administrative purposes

7.2 External Recipients

Service Providers:

  • Payment processors (credit card companies, PromptPay)
  • Delivery partners (Grab, LINE Man, Thailand Post)
  • Website hosting and maintenance providers
  • Cloud storage providers
  • Analytics service providers (Google Analytics)

Professional Advisors:

  • Legal advisors
  • Accountants and auditors
  • Insurance providers

Regulatory Authorities:

  • Department of Thai Traditional and Alternative Medicine (DTAM)
  • Food and Drug Administration (FDA)
  • Revenue Department
  • Other government agencies as required by law

7.3 Conditions for Disclosure

We will only disclose your personal data to third parties:

  • With your explicit consent
  • When necessary to perform our contractual obligations
  • When required by law or regulatory authorities
  • To protect our legitimate interests
  • To protect the vital interests of any person

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside Thailand for the purposes described in this Privacy Policy.

When we transfer your personal data internationally, we ensure that:

  1. The destination country has adequate data protection standards as determined by the Personal Data Protection Committee (PDPC); or
  2. Appropriate safeguards are in place, such as:
    • Binding Corporate Rules (BCRs)
    • Standard Contractual Clauses (SCCs)
    • Certification schemes ensuring enforceable data subject rights
  3. You have provided explicit consent for the transfer after being informed of the potential risks; or
  4. The transfer is necessary for the performance of a contract between you and us; or
  5. The transfer is necessary to protect your vital interests.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Data CategoryRetention Period
Transaction records10 years (as required by Thai Revenue Code)
Medical consultation records10 years (as required by medical regulations)
Sales records (Phor.Tor.27, 28, 29)As required by DTAM regulations
Marketing consent recordsUntil consent is withdrawn + 1 year
Customer account informationDuration of account + 5 years
Website analytics data26 months
CCTV footage30 days

After the retention period expires, we will securely delete, destroy, or anonymize your personal data, unless:

  • Further retention is required by applicable law
  • Retention is necessary to establish, exercise, or defend legal claims
  • You have provided consent for longer retention

10. Your Rights as a Data Subject

Under the PDPA, you have the following rights regarding your personal data:

10.1 Right to Be Informed

You have the right to be informed about how we collect, use, and disclose your personal data before or at the time of collection.

10.2 Right of Access

You have the right to request access to and obtain a copy of your personal data that we hold. We will respond to your request within 30 days.

10.3 Right to Rectification

You have the right to request correction of any inaccurate, incomplete, misleading, or outdated personal data.

10.4 Right to Erasure

You have the right to request deletion, destruction, or anonymization of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and we have no other legal ground for processing
  • You object to processing and we have no overriding legitimate grounds
  • The data was unlawfully processed

10.5 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

10.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer this data to another data controller where technically feasible.

10.7 Right to Object

You have the right to object to the processing of your personal data:

  • When processing is based on our legitimate interests
  • When processing is for direct marketing purposes
  • When processing is for scientific, historical, or statistical research purposes

10.8 Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

Phone: +66 82 171 9192

In Person: Visit our dispensary at 93 Sukhumvit 21 Rd, Khlong Toei Nuea, Watthana, Bangkok 10110, Thailand

We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and ensure your right to access your personal data.

10.10 Right to Lodge a Complaint

If you believe that our processing of your personal data violates the PDPA, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) or the Office of the Personal Data Protection Committee.

Office of the Personal Data Protection Committee

Website: https://www.pdpc.or.th

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Measures:

  • SSL/TLS encryption for data transmission
  • Secure servers with firewall protection
  • Regular security assessments and vulnerability testing
  • Access controls and authentication systems
  • Data encryption at rest
  • Regular data backups

Organizational Measures:

  • Staff training on data protection
  • Confidentiality agreements with employees
  • Access restrictions based on job responsibilities
  • Data protection policies and procedures
  • Incident response procedures
  • Regular audits and reviews

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the PDPC within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without delay.

12. Cookie Policy

12.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit our website. They help us recognize your device and remember certain information about your visit.

12.2 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the website to function properly. They enable basic features such as page navigation and access to secure areas. The website cannot function properly without these cookies.

Preference Cookies: These cookies allow the website to remember choices you make (such as your language preference) and provide enhanced, personalized features.

Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use Google Analytics for this purpose.

Marketing Cookies: These cookies are used to track visitors across websites to display relevant advertisements. We only use these cookies with your explicit consent.

12.3 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner. You can:

  • Accept All Cookies: By clicking “Accept All,” you consent to all categories of cookies
  • Reject All: By clicking “Reject All,” only strictly necessary cookies will be placed
  • Customize: You can select which categories of cookies you wish to accept

You can change your cookie preferences at any time by clicking on the cookie settings link in the footer of our website or by adjusting your browser settings.

12.4 How to Manage Cookies in Your Browser

Most web browsers allow you to control cookies through their settings. Please note that if you disable certain cookies, some features of our website may not function properly.

13. Children’s Privacy

Our services are not intended for individuals under 20 years of age, in accordance with Thai cannabis regulations. We do not knowingly collect personal data from individuals under 20 years of age.

If we become aware that we have collected personal data from an individual under 20 without appropriate consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately.

14. Third-Party Links

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy policies or practices. We encourage you to read the privacy policy of every website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes to this Privacy Policy, we will:

  • Post the updated Privacy Policy on our website
  • Update the “Last Updated” date at the top of this page
  • Notify you by email (if we have your email address) or through a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

16. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the Kingdom of Thailand.

Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Thailand.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Dr Green Thailand

Address: 93 Sukhumvit 21 Rd, Khlong Toei Nuea, Watthana, Bangkok 10110, Thailand

Email: [email protected]

Phone: +66 82 171 9192

LINE: @drgreenbkk

Operating Hours: Open 24/7, every day of the year

18. Language

This Privacy Policy is provided in English. In the event of any inconsistency between the English version and any translated version, the English version shall prevail.

Effective Date: January 2025

Version: 1.0