- Consent
This PDP Notice serves to inform you that your personal data is being processed by us or on
our behalf. By providing us with your personal data or continuing to communicate with us, we
shall regard that you have consented to the processing of such data pursuant to this PDP
Notice. Should we ask you to provide certain information by which you can be identified,
then you can be assured that it will only be used in accordance with this PDP Notice.
- Source of Personal Data
We collect personal data directly from you or through information gathered during our
ongoing relationship via offline or online platform. This includes data you provide through
third parties, social media, call centre, mobile applications, text and messaging tools or
public sources.
Further, we may request your assistance to procure the consent of third parties whose
personal data is made available by you to us, and you hereby agree to use your best
endeavours to do so.
- Types of Personal Data Collection
Your personal data processed by us may include, where relevant:- name, date of birth,
identity card number or passport, name of employer/company, home and office address,
telephone/handphone number, facsimile number, email address, occupation, age, gender,
marital status, weight, height, photos, race, nationality, religion, family and/or next of kin
information, remuneration information, EPF number, SOCSO Number, Income Tax Number,
Bank details, education background, training attended, working experiences, medical
checkup result, medical record, medical diagnosis, personal health information, biometric
data, Image/voice/video recording via CCTV Camera/Webcams, criminal history,
investigations result, insurance details and any personal data required for the purposes set
out in Item 4 below (referred to as “Personal Data”).
- Purposes of the Personal Data
Your Personal Data may be processed for the following purposes but not limited to the
following:
a. to provide medical and healthcare services;
b. to facilitate the patient’s personal needs (i.e. extension stay for health tourists)
c. to establish and manage medical records and medical reports;
d. to facilitate payment, billing and invoicing process and outstanding recovery relating to the patients;
e. to conduct research, analysis and improvement, including survey to enhance customer care and experience;
f. to administer and respond to requests, queries, complaints, investigations and legal issues;
g. to facilitate human resource management activities relating to employees;
h. for submission and registration of relevant forms, licenses to the relevant authorities and/or third parties under the governing laws relevant to the healthcare industries;
i. to provide marketing, advertisement, membership programmes, rewards schemes, offers and/or promotion on our products and services;
j. creating de-identified, aggregated and/or anonymised data for data analysis to optimize patient care and improve healthcare services;
k. undertake automated decision-making, including profiling where permissible under law, and/or
l. for other purposes required to operate, maintain and better manage our business, security and your relationship with us (collectively, “the Purposes”)
Your Personal Data may be collected in hardcopy forms or digitally, such as voice recording
via call centre or on-line forms available during your visits to IHH MY premises, websites,
mobile applications, social media, text and messaging tools, existing guest lists, business
cards, guest books and/or any events organised by us (as defined earlier).
The processing of your Personal Data may be mandatory or voluntary, depending on the
Purposes for which your Personal Data is collected. Where it is mandatory for you to provide
us with your Personal Data, and you fail or chose not to provide us with such data, or do not
consent to the above or this PDP Notice, we will not be able to provide our services or
otherwise engage with you.
- Disclosure of Personal Data
As stated in the Third Party Disclosure List, your Personal Data may be shared within IHH
MY, related healthcare professional and authorised external parties, which may include the
following:
a. service providers, vendor, suppliers that provide products and services to us such as for security support, delivery and transportation, customer survey, debt recovery, payroll, employee expense support and benefits and rewards administration;
b. Public and governmental authorities when required by law or to protect our rights;
c. Professional advisors and others, such as banks, insurance companies, auditors, lawyers, accountants and payroll advisors;
d. Other parties in connection with corporate transaction, such as sale of a business, reorganisation, merger, join venture or disposition of our business, assets or stock.
- Cross-border Transfer of Personal Data
Due to our international presence, your Personal Data May be transferred to or accessed by
our Affiliate and authorized external parties from various countries around the world in order
for us to fulfil the purposes described in this Notice and to comply with PDPA Conditions for
cross border personal data transfer.
- Security Measure
We take appropriate measures, including our appointed external parties to protect the
confidentiality and security of your Personal Data. We implement physical, technical and
organisational measures to prevent risks, such as destruction, loss, misuse, alteration and
unauthorised disclosure of or access to your Personal Data.
Nevertheless, you are required to ensure the security of your password and not to disclose it
to another party to reduce the risk of data breaches.
- Retention Period
Any Personal Data retained by us may be destroyed and/or deleted from our records and
system in accordance with our retention policy in the event such data is no longer required
for the said Purposes.
- Access and Update of Personal Data
We do our best to ensure that the Personal Data we hold about you is accurate, complete,
not misleading and up to date. If there are any changes to your Personal Data or if you
believe that the Personal Data we have about you is inaccurate, incomplete, misleading or
not up to date, please contact us so that we may take steps to update your Personal Data.
If you would like to request access to your Personal Data, porting of your Personal Data or
withdraw your consent for us to process your Personal Data, please contact us. We
recommend that your request to be made in writing or you may download the Personal Data
Access Request Form from IHH MY entities’ websites. We may also take steps to verify your
identity before fulfilling your request for access to your Personal Data in accordance with
IHH’s PDP Policy and the PDPA.
- To contact us
If you have any inquiries, requests or comments in relation to this Notice, please contact the
Data Protection Office via the following channels:
- Email: [email protected]
- Written communication mailed to:
Data Protection Officer, IHH Healthcare Malaysia, Pantai Medical Centre Sdn Bhd,
Level 33A, Mercu Aspire, No.3, Jalan Bangsar, KL Eco City, 59200 Kuala Lumpur.
We will do our best to address your requests and concerns within reasonable time. Upon
receipt of your request, we may ask you to verify your identity before we can act on your
request.
In the event of any inconsistency between the English version and the Bahasa Malaysia
version of this PDP Notice, the English version shall prevail.