1. Who we are
Sanwiz Lab ("we", "us", "our") is a B2B functional and wellness laboratory partner based in Bangkok, Thailand. We act as the Data Controller for personal data you provide through this website (www.sanwizlab.com).
2. What data we collect
We only collect the minimum personal data needed to respond to your inquiry or fulfill a service:
- Contact form: name, professional credentials, email, clinic/company name, optional LINE ID, and the content of your message.
- Technical data: IP address, browser type, pages visited (via Cloudflare basic analytics — aggregated, not tied to identity).
- We do NOT collect on this website: patient health records, lab results, medical history, or any sensitive personal data (Section 26 PDPA).
3. Lawful basis & purpose
We process your data under the following lawful bases (Section 24 PDPA):
- Consent (Section 19) — you tick the consent box on our contact form before submitting.
- Legitimate interest (Section 24(5)) — responding to your B2B inquiry and maintaining basic website security.
- Contractual necessity (Section 24(3)) — if you become a partner clinic, to fulfill our service agreement.
4. How long we keep it
Contact form submissions are retained for up to 24 months from your last interaction, after which they are deleted unless we have a legal obligation to retain them longer (e.g., tax records — 5 years).
5. Who we share it with
We share data only with the following processors, each bound by a Data Processing Agreement:
- Resend (USA — email delivery for the contact form). Data Processing Addendum in place.
- Cloudflare (USA — website hosting, edge security, basic analytics).
- Google (only the Maps embed on Contact page — see Cookies below).
We do not sell or rent personal data to third parties.
6. International transfers
Some processors (Resend, Cloudflare) are based outside Thailand. Transfers are protected by Standard Contractual Clauses and the processor's adequacy commitments under Section 28 PDPA.
7. Cookies & tracking
This website uses only the minimum cookies needed to function:
- Functional (no consent needed): remembering you've dismissed the cookie banner, preferred language.
- Embedded content (your consent given via banner): Google Maps on the Contact page loads from Google's servers and may set its own cookies.
- We do NOT use: Google Analytics, Facebook Pixel, advertising trackers, or any marketing/profiling cookies.
8. Your rights (Sections 30–36 PDPA)
You have the right to:
- Access the personal data we hold about you (Section 30)
- Rectify inaccurate data (Section 36)
- Erase your data ("right to be forgotten" — Section 33)
- Restrict processing (Section 34)
- Object to processing (Section 32)
- Withdraw consent at any time (Section 19) — without affecting prior lawful processing
- Data portability — receive your data in a machine-readable format (Section 31)
- Lodge a complaint with the Personal Data Protection Committee (PDPC) Thailand — www.pdpc.or.th
9. Data security
We protect your data with: HTTPS encryption in transit, strict access controls for our staff, vendor security agreements, and audit logging. No web service is 100% secure — please use a strong password and contact us promptly if you suspect unauthorised access.
10. Children's data
This website is intended for healthcare professionals (B2B). We do not knowingly collect personal data from anyone under 20 (the age of majority under Thai law, Section 20 PDPA). If a child has submitted data, contact us and we will delete it.
11. Changes to this notice
Material changes will be announced on this page with an updated "Last updated" date. Continued use of the site after changes constitutes acceptance.
12. Contact our Data Protection contact
Questions or to exercise your rights, please contact:
Email: info@sanwizlab.com
Phone: +66 63 343 1500
Address: 399/4 CP HUB, Room 4, Silom Soi 7, Silom Rd., Silom, Bangrak, Bangkok 10500, Thailand
We respond to PDPA requests within 30 days as required by Section 30(3).