Last Updated: November 2020
Clinique La Prairie Aesthetics and Medical Spa respects your privacy and is committed to protecting your Personal Data. This privacy statement will inform you as to how we look after your Personal Data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.
By using any of our products or services and/or by agreeing to this Statement, e.g. in the context of registering for any of our products or services, you understand and acknowledge that we will collect and use personal information as described in this Statement.
It is important that you read this Statement together with any other privacy statement or fair processing statement we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This privacy statement supplements other notices and privacy policies and is not intended to override them.
|1. Data controller|
|2. How is your personal data collected?|
|3. Purposes for which we will use your personal data|
|4. The data we collect about you|
|5. Disclosures of personal data|
|6. International transfers|
|7. Data retention|
|8. Your rights|
|9. Data security|
|12. Changes to this Privacy Statement|
This privacy statement is issued on behalf of MSPA International Limited so when we mention “we”, “us” or “our” in this privacy statement, we are referring to this relevant entity responsible for processing your data.
The Data Controller of this website is MSPA International Limited, with registered address at 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand. If you have any questions regarding this privacy statement you can reach us via email@example.com
Please note that our websites are not intended for children and minors and we do not knowingly solicit or collect Personal Data from anyone under the age of 18, other than from a parent or legal guardian with consent. As a parent or legal guardian, please do not allow your children to submit Personal Data without your permission.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit.
This privacy statement also aims to give you information on how we collect and process your Personal Data through your use of this website, and other services provided by Clinique La Prairie Aesthetics and Medical Spa (“Services”) from which you are accessing this Privacy Statement, including any data you may provide when you use our:
We use different methods to collect data from and about you including through this website:
We use Personal Data to provide you with Services, to develop new products and services, and to protect Clinique La Prairie Aesthetics and Medical Spa and our guests as detailed below.
Clinique La Prairie Aesthetics and Medical Spa will process your Personal Data for different purposes. These data processing may be for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out below:
We will use this information for the following purposes:
Booking process: To manage booking requests made by the users including any modifications and cancellations as well as confirmation communications of these transactions. To register and manage your online check-in; To manage the payment or prepayment, if it is requested; To review your guest profile, in order to unify guests’ profiles and personalize services provided. If the user consent is given for direct marketing communications – sending you personalised promotional offers and event details, subscribing and unsubscribing you, when you request it. The lawful grounds for these processes are the performance of the contract, our legitimate interest and user consent.
Check-in online. To manage your check-in online and personalize your services if you request it. To manage any other services required by the user. The lawful grounds for these processes are the performance of the contract and user consent.
Newsletter. Direct marketing communications – sending you promotional offers and event details, subscribing and unsubscribing you, when you request it. The lawful grounds for these processes are user consent.
Management of general enquiries. To manage communications, provide information and respond to general requests from users through the channels available for this purpose on the website or other Contact Us functions. To manage the booking or services request related to the appointments at the centers. To receive feedback about the products and services provided. The lawful grounds for these processes are user consent, the performance of the contract and legitimate interest.
Electronic Gift Cards. To manage the sales of electronic gift cards including communication to the seller and recipient and processing of payment. The lawful grounds for these processes are the performance of the contract.
Membership Programmes. To administer and operate voluntary membership programs. The data may be processed for the purposes of recording usage and transactional data, earning and redeeming rewards, points, or credits in connection with the programs. Direct marketing communications – sending you promotional offers and event details, subscribing and unsubscribing you, when you request it. The lawful grounds for these processes are the performance of the contract and user consent.
Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“Aggregate Data”).
We may collect, use, store and transfer different kinds of Personal Data about you which we have arranged according to the different purposes as follows:
Special categories of personal data
We may collect data about your health (such as allergies), sex life, and genetic and biometric data or other information that you provide to us.
We do not collect the following special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership,). Nor do we collect any information about criminal convictions and offences.
Our goal is to provide you with the highest level of hospitality and services, and to do so, we share Personal Data with the following parties:
We require all third parties to respect the security of your Personal Data and to process it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
As a global wellness company, we may transfer your Personal Data across multiple jurisdictions, insofar as it is necessary for the purposes your Personal Data may be transferred to the following locations:
Where Personal Data is transferred to a country with a lower level of data protection as compared to the country in which the information was collected, we take all reasonable steps to ensure that your information and privacy are protected in line with the applicable legal obligations. Whenever we transfer your Personal Data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data.
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements of the applicable country.
Clinique La Prairie would like to inform you about the following retention period:
Details of retention periods for different aspects of your Personal Data are available in our retention statement which you can request from us by contacting us.
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. Please click on the links below to find out more about these rights:
Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:
Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you no longer want to receive marketing-related emails, you may opt out by visiting our [unsubscribe page] or by following the instructions in any email you receive from us.
If you wish to exercise any of the rights set out above, please contact us.
Email: firstname.lastname@example.org or
Post: 88 The Parq Building, 12th Fl. Ratchadaphisek Road, Klongtoey Subdistrict, Klongtoey District, Bangkok Metropolis 10110, Thailand.
Under certain circumstances where applicable law permits, you also have the right to lodge a complaint with a competent data protection supervisory authority.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances and we will indicate the reason for refusal.
We try to respond to all legitimate requests within one month or within the timeframe as specified by the applicable data protection legislation. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
This helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognize you if you visit our website again.
The type of cookies we use on this site include:
Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Analytics Cookies: We use these cookies to analyse and identify the behaviour of our web visitors. We will track the IP address on the device you are using to identify you when visiting our website. When possible we combine your online web behaviour data with the Personal Data that you have previously supplied to us. This data will be used to analyse behaviour on our website and to personalise your experience.
Advertising Cookies: These cookies may be set through our site by our advertising partners. They can be used and shared by those companies to build a profile of your interests and show you relevant adverts on other sites. This is based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
If you wish to block the cookies please visit:
You may disable any of these cookies via your browser settings.
You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to Clinique La Prairie for the indicated purposes.
You will be liable for any false or inaccurate information provided and for direct or indirect damage caused to Clinique La Prairie Aesthetics and Medical Spa or to third parties.
We keep our Privacy Statement under regular review. At the top of this page you will see the date on which the Privacy Statement was last revised, and it is also the date from which any changes will become effective. Your use of the Services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the Privacy Statement that was effective immediately prior to this revision, please contact us at email@example.com.
It is also important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.