Privacy Policy

Updated March 2023

This Privacy Policy has been adjusted to be conform to Personal Data Protection Act B.E.2565 and applies to OOCA Application and its implications which provide communication services between users and doctors/consultants. This Privacy Policy prescripts how the Company stores, manages, and conceals information of the users during the use of the Application.

The Company shall collect and forward personal, medical, and health-condition information of the User during using the Application. The User gives consent to the Company to collect and forward the personal information and other relevant information under this Privacy Policy.

The User disagreeing with this Privacy Policy should not use the Application.

1.1 Personal Information means personal information of the User used for identifying an individual’s identity such as name-surname, identification number, address, email address, telephone number, or other relevant information of the User.

1.2 Sensitive personal data includes information such as race, ethnicity, political opinions, ideology, religion or philosophy, sexual behavior, or mental health information, etc.

1.3 Health Information means personal information of the User relating to his/her health conditions or medical information.

1.4 User’s Unidentifiable Information means information of the User which is unidentifiable.

1.5 Cookies means information sent from the site to the User’s computer at the time the User are visiting the Company’s website.

1.6 Conversations with the Company means details of conversations between you and the consultant, personnel of the company including symptom assessment, conversations between you and our personnel via email and live chat.

When the User creates an OOCA account or provides the User’s Personal Information through the Application, the information stored by the Company include as follows:

Type of Personal Information	Description
Name	Upon registration, the Company collects alias and nicknames. First name, last name, National ID number is collected if the User logs the information into the application.
Personal Characteristics	Upon registration, the Company will collect information pertaining to your date of birth (age) and gender. In some services (e-prescription), we may require additional information including height, weight, and sex.
Contact Information	Information that the Company uses to communicate and contact the User, including mobile phone number, email address. In some services (e-prescription), the Company may require additional information such as home address.
Billing information	Billing information includes credit card information; credit/debit card number; name of cardholder; date of expiry; CVV code; transaction information; payment information;
Health Condition	Information or records regarding illness history; physical examination; laboratorial results; radiological results; and other health-related information;
Health Information of the User recorded by doctor/consultant through the application	Including medical records; history taking and medical examination; information and other health-related information; written advice written by the consultant after the consultation (visit note); video and audio recording between you and your doctor/consultant.
Online usage data collected for technical purposes via devices	Audio/video/photos/camera access data call logs, contact/address book, text messages or emails (content), unique device identifier (UDID), IP address; Data collected on user’s behavior in using the Company’s website or application (event tracking), number of times the User views the screen or clicks on a button; Cookies, or similar technologies; User information for logging such as passwords, email address used to log in, one-time password (OTP); Telemetry , metadata, data related to end user activity device numbers and types, networks, connection details, access details, plug-in types of browsers including versions, operating systems, platforms, time zone setting and locations, time used in accessing website; Token and SMS messages; Information on User interaction with online advertisements, or data on User’s interaction with links (e.g. Referrer URL, dynamic links, or deep linking); Information on crash reports and device information pertaining to the crash;
Social Accounts	Facebook account, Apple account, or Gmail account that the User uses to log into the Application.
Information about User’s behavior, preferences, and opinion	Data on behavior, preferences, opinion pertaining to the Company’s Services gathered through feedback form via different communication channels (Email, SMS, mobile notifications)
Conversations with the Company	Details of conversations between you and the consultant, personnel of the company including symptom assessment, conversations between you and our personnel via email and live chat.
Information submitted by the User via Application, electronic forms, or the Company's related services	Data collected when User inputs data in the Company’s affiliated websites, applications, electronic and paper forms, information that the User has provided when the User contacts the Company.
Information related to the Company’s services	Information related to the User’s appointment, including, the consultant chosen, appointed time, Support pin, User ID; Data log on purchase orders, time of purchase and purchase channel; Any other information you provide as part of the service or relationship management;

If the User has submitted information of any other third party to the Company, such as full name, mobile phone number of the User’s emergency contact, the Company shall consider that the Third Party has been consented or allowed by the relevant other third party to disclose and submit such personal information to the Company.

The Company shall use the information obtained from the User or forward the information to other third parties (including relevant companies, outsourced service providers, and outsourced distributors) for the benefits of the business, in whole or in parts, as follows:

3.1 Disclosures of information necessary to provide services include:

Purposes	Description
Operate or support the use of the application	Providing customers with services to manage the user's account in accordance with the rights that the user has with the company (if any); Issuing or delivering relevant documents; Providing support by contact the User in the event of problem in Application or service use or need to ask for more information;
Provide health services including medical consultations	Diagnosis and treatment, if you use our services; Consultation via audio, video call with a consultant from a doctor or medical professional on the Application;
Financial Transactions	Disclosure of information to operators and credit card companies for authorization and making transactions or payments; To monitor and manage financial transactions that occur within the company system; Storage of payment history within the Company’s internal tools, as well as on the User’s Application;
Identity Verification	Verification of your identity through personal information so that you can exercise the right to administer your information contained in the Company in accordance with your rights in relation to personal data;
Data Maintenance	Filling in your information as requested, collecting records, managing customer databases;

3.2 Disclosure in special circumstances or protected by law, including:

Purposes	Description
In order to prevent any danger to life or body	To assist users in an emergency; Prevent accidents that endanger life, health or physical body;
For the legitimate interest	In case of law enforcement purposes or compliance with laws, rules, regulations or any other request;

3.3 Disclosures to process and improve service quality

Purposes	Description
For analysis and evaluation	Analysis of the use of the Services through the mobile applications and websites you visit; Monitoring Access Point Assessment (integration) and user experience Features testing to understand customer behavior; Identifying and fixing systemic application problems such as stability of use;
Improving the quality of products and services	Data from the analysis, development of interface and data mapping, layout and content of pages of applications and websites (user interface); Test new services of the company through a small cohort (beta), or gradual rollout; Analyze data to improve marketing and advertising performance; Compliant investigation or quality control of Service Providers (upon consent)
Advertising and marketing purposes	Notification of announcements and any other notices our services; Notify about special privileges marketing campaign; Survey, analysis and research on marketing; Customer behavior analysis and customer segmentation;
Measure and manage the effectiveness of advertising and marketing	To offer good and suitable services to the User; Process to understand customer groups and present information, privileges that the company expects to be useful to the User;
Preparation of reports about the service	Preparing and publishing reports (both internal and external) about service usage statistics (e.g. customer interaction results); Preparation of various analysis reports according to the requirements of the competent authority various analysis reports other for the Company's business purposes. (If there is personal information required the Company will always ask for your consent first.);

3.4 Other specific cases may include

Purposes

Description

Research Project

The Company will only disclose information to users under the Wall of Sharing Project to Wall of Sharing Project Volunteers. Information is disclosed for the following purposes:: to contact Wall of Sharing Users to ask for consent to participate in third-party research projects; to inform Wall of Sharing users of any activities run by Wall of Sharing volunteers; to run project campaigns run by Wall of Sharing volunteers; Personal Information disclosed to Wall of Sharing volunteers include; name (First Name, Last Name, alias); Institution; Contact information (email address and phone number); Wall of Sharing volunteers must state their purpose of contact and ask for consent from the User directly before any other personal information is disclosed.

When the User has signed in to open an account with OOCA or has submitted his/her Personal Information through the Application, the Company uses the Personal Information of the User to send him/her marketing news and promotions regarding the services of the Company or its outsourced doctor/consultant from time to time. The User can cancel the receipt of marketing news and information sent by the Company at all time. In using cancellation system in receiving the marketing information, the Company may use the contact information of the User to send newsletters from the Company or its affiliates.

In case of an exception and being asked to disclose the Personal Information, such the case that it is well-grounded, the Company may send the User’s Personal Information to any other third parties or the Company’s affiliates for the purposes mentioned above.

We may share personal information with service providers acting on our behalf for the purposes stated in “Use and Disclosure of Personal Information”. We do not share personal information with third parties for their own marketing purposes. Who can access your information include:

Recipients	Description
Doctors/Consultants	Doctors/Consultants who are providing service within the application
Service contractors	The Company may engage with other companies to provide services to support the Company’s business operation, including outsource companies and sub-contractor representative. This includes, but not limited to: software web and mobile app developers; researchers and data analysts service providers; infrastructure providers; marketing service providers; advertising service providers; social media service provider; crowd funding service provider;
Service Providers	We disclose your information to Internal staffs who provide you the Company’s services. Internal staffs as service providers are responsible for handling personal data in accordance with this Privacy Policy in accordance with our instructions. Service providers cannot use the User’s personal information we disclose for their own purposes and that personal data must be deleted or returned upon completion of our request.
Software used by the Company to provide services	The User’s personal and technical data may go through software or platform necessary to provide services including, but not limited to: cloud service or platform providers; networks providers; email providers; SMS service providers; internet service providers; mobile phone operators; payment network service provider; payment gateway service;
Partners, agents or other organizations business partner	Partners may include (but not limited to) researchers; third party services providers (for example, a third party service to fulfil orders, prepare and deliver the products and services you have ordered); business partners who provide joint project business; partners interested in co-investing; collaborative partners; partners for marketing and advertising media preparation; banks and other financial institutions; Disclosure of your personal data will be for a specific purpose, under the legal base and appropriate safety measures The Company requires partners to protect your personal information by removing your personal information so that it cannot be identified. If it is necessary to disclose your personal information The Company will only ask for your consent first.
Financial institution and services	In using the payment service through the Application, information will be sent to services used by the Company to process and make payments such as revenue management software, payment gateway, financial institutions that is processing your payment.
Government authorities and others organizations	The Company may disclose your Data for legal or necessary purposes to government entities or regulatory bodies. Parties disclosed may include employees belonging to a governmental body; government officials; competent authority; to comply with a lawful order or request. In the event that there is a legal process requiring action investigation of potentially illegal activities on case of necessity for legitimate interests, or in case of necessity for carrying out missions for the public interest without which we are unable to obtain your consent.
Individuals affiliated with the Wall of Sharing Project	The Company may disclose data to student volunteers; partners; third-party research groups; All individuals in this category must affiliated to the Wall of Sharing Project or is in a joint-project with the Wall of Sharing Project.

The Company may disclose personal information to others on your order with your consent, or if we deem that disclosure is reasonably necessary to enforce our terms and conditions, or to protect our operations or users. You can choose to accept or deny the right to disclose your personal information through the settings in the application.

If the User wishes to access his/her Personal Information or health condition information which is in the Company’s system by logging in the Application, the User agrees to arrange his/her Account Name, password, and important information for logging in the account and shall not disclose them to other unauthorized third parties. The Company is uncapable to be responsible for damages occurred from the use of the Account Name, password, and important information for logging in the account.

The Company will keep your personal information for as long as necessary to fulfil the following purposes:

• The Company will keep your account creation information as long as your account remains, so that the company can provide services;
• The Company does not delete your information if it has been left inactive or unattended. To remove your information, you must delete your account;
• The Company will collect and keep the data of your Visit Note, transactions, and appointment until you delete your account. After the account is deleted, The Company will retain the information stated in a Non-personally identifiable form for five years after the date you delete your account to adhere to the Department of Health Service Support regulations;

The Company represents that all information will be kept securely. The Company will protect the User’s Personal Information by:

• limiting the access of Personal Information;
• providing technological approaches to prevent unauthorized accesses to computer systems;
• arranging the User’s Personal Information for security matters when the information is unnecessary for legal purposes;
• the Company uses 128-bit SSL (Security Sockets Layer) coding technology when dealing with financial matters;

If it is reasonably believed by the User that his/her privacy is violated by the Company, please contact the Company via the email given below. The user password is a key for accessing the service account. Please apply different numbers, letters and symbols. Also, do not disclose your password to others. If the User discloses his/her password to others, he/she shall be responsible for all actions, that have been made on his/her behalf or through the service account, and their effects. If the User is unable to control his/her password, the User would probably be unable to control the User’ Personal Information or other information submitted to the Company. The User may have to accept the subsequent effects of the actions made on his/her behalf. Therefore, if the user password is disclosed or no longer confidential, the User should contact the Company and change the password immediately. It is advised by the Company that the User should log off the system and close the browser every time when using public computers.

You have the following rights regarding your personal data that the Company process.

• The right to access your personal data and the right to rectify your personal data by which you can do through logging into your account and access the settings menu the application and/or web application to edit the User’s profiles and accounts
• Right to remove or right destroy personal data by deleting data through your account settings, or by simply deleting the account from the system. After deletion you will not be able to access the applications and web applications that you previously used under the account you deleted, and will not be able to access the information entered under the deleted account
• Right to copy or transfer personal data by contacting the Company via email; [support@ooca.co](mailto:support@ooca.co). We will process your request as soon as we can after we have verified your identity.
• Right to withdraw your consent to the collection, use or disclosure of personal data; in case you have previously given consent to the collection, use, or disclosure. or disclose your personal information, You have the right to withdraw your consent at any time.
• Revoke data consent, right of access, camera, microphone, phone notifications by setting on your mobile device to disable such information service. However, in doing so we may be unable to provide you with our service.
• You can unsubscribe from marketing notifications by choosing Unsubscribe at the bottom of any marketing email you receive. However, alerts or emergency messages will still be sent to you.
• The right to lodge a complaint in the event that you believe that the Company has not complied with the law on protection of personal data, in the event that you have any requests or complaints related to the processing of your personal data You can contact us at any time by contact via email. [support@ooca.co](mailto:support@ooca.co)

Your rights as mentioned above may be limited in certain circumstances, for example we need to use your personal data to provide the Services. the case where the law require us to collect, use or Disclosure personal data where necessary for our legitimate interests.

The Company provides services for minors or children with age not over 15 years old who have parents or a rightful representative.

10.1 Information on Cookies and similar tracking technologies

When you use the application or our website. The Company may collect the following information if the User have given consent through the User’s device or web browser. The Company may use cookies (Cookies) or similar programs such as pixel tags and web beacons to store information to help the Company to provide better, faster, safer service and for user privacy. Cookies can also help The Company know what parts of the application users visit facilitating analysis of the effectiveness of ads and web search engines. The cookies that we will collect from you are as follows:

• Strict Necessary Cookies are set as necessary for certain specific services or features that you access or request. For example, cookies that allow us to display our website in a form and suitable language and authenticate and verify your transactions.
• Unnecessary cookies including analytic cookies, and functional cookies are used to understand how visitors interact with websites and online services. It also helps us evaluate the effectiveness of ads and web searches, and also uses these cookies to remember your choices when browsing the application. so that we can provide you with a personalised experience.

In some of our email messages, the Company uses a "click-through URL" that allows you to link to the mobile application. When you click on one of these URLs, you are routed through another web server before reaching the targeted page in our application. The Company will track this click-through to help us identify specific topic interests and assess whether we can communicate effectively with you. If you do not want to be tracked in this way it is advised to not click on any text or graphic link in an email message received.

The Company may use Cookies or other similar programs to store information, for providing better, faster, and safer services and for the privacy of the User while using the services and/or accessing the Application. When the User visits the Company’s servers, the company will automatically memorize and record the information sent from the browser of the User when he/she visits the Company’s website. The information may include:

• IP address of the User’s computer
• Type of the browser of the User
• Web page accessed by the User before logging in the Application- Web page visited by the User in the Application
• Time spent in visiting the site, information which the User searches for, date and time of visit, and other statistic information.

Such information will be kept for the analysis and evaluation to support the Company in improving the Application.

10.1.1 Information related to the use of the Firebase SDK and Firebase Crashlytics.

In addition, to improve our service to be stable for use, the Company uses Firebase Crashlytics to collect crash statistics and to process Crash-related information. The data management process is carried out through the service company's policies.

10.1.2 Information related to the use of Google Analytics and Branch.io

To improve our Service, the Company uses Google Analytics and Branch.io to measure the Service's performance, such as counting the number of times a user presses a button. There is no personal information attached to this information to understand the status of the service. Google and Branch.io may set cookies or read existing cookies to collect information. Through the services, information such as the URL of the page you are accessing and the IP address is automatically sent to Google where Google performs an “IP Anonymization” process to reduce the risk of information leaks.

Please read carefully Google Analytics and Branch.io Terms of Service and Privacy Policies for a better understanding of how data is processed and protected.

Spam, spyware, or virus is not allowed in the Application. Please set and preserve your Preference in the communication, so that the Company sends the communication information as required by the User. The User shall not send any massages which have spam, spyware, or virus through the Application. If the User wants to report any suspicious massages to the Company, please contact the Company via the email given below.

The Company shall examine the efficiency of the Privacy Policy regularly. The Company reserves its rights to change the Privacy Policy at all time. The changes shall be publicized on the Application.

The User acknowledges and agrees that the Company has the rights to disclose the Personal Information to legal authorities, regulatory agencies, government agencies, legal enforcement agencies, and other relevant agencies, or relevant right owners. If it is reasonably believed by the Company that disclosure of the Personal Information of the User is necessary for operating the duties, responsibilities, management, and agreement, either by willingness or enforcement, for the purpose of cooperation with the order, inquiry, and/or any requests of such agencies under the applicable laws. The User agrees not to prosecute nor take any actions against the Company and waives its rights in claiming and other rights bound with OOCA that may occur from the disclosure of the Personal Information under the mentioned circumstances.

If the User wants to revoke his/her consent in the use of the User’s Personal Information, asks to retrieve the User’s Personal Information, has any question, comment, concern, or asks for technical helps or problems about cookies, please contact the Company via email:
support@ooca.co