259/13 San Pong, Mae Rim District, Chiang Mai, Thailand 50180 info@onesteprehab.com +66 93 372 8988

Privacy Policy for OneStep Rehab Thailand Effective Date: July 16th, 2025

1. Introduction This Privacy Policy explains how OneStep Rehab Thailand (“we,” “our,” or “us”) collects, uses, shares, and protects personal data provided by users through our website https://onesteprehab.com and in the provision of addiction treatment and related services. We are committed to protecting your privacy and complying with the Thailand Personal Data Protection Act B.E. 2562 (PDPA). If you are a resident of another jurisdiction (e.g. EU, U.S., or California), additional protections may apply to you.
2. Data We Collect We collect the following types of personal data:
  • Identity and Contact Information: Name, phone number, email address, postal address
  • Sensitive Personal Data: Health history, mental health status, addiction background, ethnicity (only if voluntarily provided)
  • Technical Data: IP address, browser type, device information, time zone
  • Usage Data: Site usage, referral links, interaction with our content
  • Cookies and Tracking Data: See Section 6 below
We collect data:
  • Directly through forms, calls, and consultations
  • Automatically through your use of the site
3. Purpose of Data Collection We process personal data for the following lawful purposes under PDPA:
  • To provide addiction treatment and mental health services (consent)
  • To respond to inquiries and contact requests (legitimate interest)
  • To manage admissions, payments, and internal records (contractual necessity)
  • To comply with legal and regulatory obligations (legal obligation)
  • To analyze site usage and improve service delivery (legitimate interest)
4. Legal Basis for Processing Depending on the nature of data, we process it based on:
  • Consent – Sensitive data and health-related information
  • Contractual Obligation – Treatment agreements and intake processing
  • Legitimate Interest – Security, fraud prevention, service analytics
  • Legal Requirement – Medical record retention, public health reporting
You may withdraw consent at any time by contacting us at admin@onesteprehab.com
5. Data Sharing and Disclosure We do not sell your data. We may share personal data with:
  • Licensed medical professionals involved in your care
  • IT service providers for secure hosting and data storage
  • Legal authorities where required by law
  • Referral partners, only with your explicit consent
All third parties are contractually obligated to ensure data confidentiality and security.
6. Cookies and Tracking We use cookies and similar technologies to enhance your browsing experience and improve our services. We categorize cookies as:
  • Necessary Cookies: Enable core functionality
  • Analytics Cookies: Help us understand site usage (e.g., Google Analytics)
  • Functional Cookies: Remember preferences and language settings
You can manage or disable cookies in your browser settings or via our site’s cookie consent banner.
7. International Data Transfers If your data is processed outside Thailand (e.g., via cloud services), we ensure adequate data protection by:
  • Using secure, encrypted transmission protocols
  • Entering into Data Processing Agreements (DPAs) with providers
  • Ensuring compliance with PDPA standards or equivalent safeguards
8. Data Retention We retain your data only as long as necessary to fulfill the purposes described or to meet legal, regulatory, or operational requirements. Health records are stored for at least 10 years unless deletion is requested under lawful rights.
9. Your Rights Under PDPA You have the following rights:
  • Right to Access – Request a copy of your data
  • Right to Correct – Request corrections to inaccurate information
  • Right to Delete – Request erasure of data (where lawful)
  • Right to Withdraw Consent – Stop processing based on previous consent
  • Right to Object – Object to data use in certain contexts
To exercise any of these rights, email us at admin@onesteprehab.com. We respond within 30 days.
10. Data Security We take appropriate measures to secure your data including:
  • Encryption of health records and transmissions
  • Secure access control and staff training
  • Routine audits and penetration testing
Despite our efforts, no system is 100% secure. We will notify you of any data breach as required by law.
11. Children’s Privacy We do not knowingly collect data from individuals under the age of 20 without parental or guardian consent. If we discover such data, we will delete it promptly unless required for clinical or legal reasons.
12. Policy Updates We may update this policy from time to time. Any significant changes will be posted on our website with at least 30 days’ notice. Continued use of the site constitutes acceptance.
13. Contact Information If you have questions or concerns about this policy or your data rights, contact us at: Data Protection Officer OneStep Rehab Thailand Email: admin@onesteprehab.com Phone: +66 93 372 8988