Health Management International Pte Ltd (“HMI”)
This Data Privacy Notice is applicable to Health Management International Pte Ltd’s subsidiary companies in Malaysia including the subsidiary companies which may be established from time to time (“HMI”).
Your privacy is important to us. We are committed to handling your Personal Data under our control with care.
This document serves to inform you of our practices on Personal Data management. You should read this Data Privacy Notice to know and understand the purposes for which we collect, use and disclose your Personal Data. It supplements any other consents which you may have previously provided to us on your Personal Data.
From time to time, we may update/amend this Data Privacy Notice to be consistent with our internal practices and to stay abreast with future developments in the industry and/ or changes in legal and regulatory requirements without prior notice. All your interactions with us shall be subject to the latest version of the Data Privacy Notice in force at the relevant time.
By continuing to communicate with HMI or by continuing to use HMI’s services following the modifications, updates or amendments to this Data Privacy Notice, such action shall signify your acceptance of such modifications.
1. Personal Data
In this Data Privacy Notice, “Personal Data” refers to any information in respect of commercial transactions, which (a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose; (b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to you, who can be identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about you; but does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010.
For the context of this Data Privacy Notice, examples of such “Personal Data” you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, sensitive personal data (as defined under Personal Data Protection Act 2010 which refer to any personal data consisting of information as to your physical or mental health or condition, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offence or any other personal data as the Minister may determine by order published in the Gazette)and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
2. Collection of Personal Data
2.1 Generally, we collect Personal Data in the following ways:
- 1.when you submit any form, including but not limited to customer inquiry forms or other forms relating to any of our services;
- 2.when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
- 3.when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
- 4.when you interact with us via our websites or use services on our websites;
- 5.when you request that we contact you or request that you be included in an email or other mailing list;
- 6.when you respond to our promotions, initiatives or to any request for additional Personal Data;
- 7.when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;
- 8.when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend our events;
- 9.when you are contacted by, and respond to, our marketing representatives and customer service officers;
- 10.when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
- 11.when you registered with us as patients, employees, business associates and other related parties; and
- 12.when you submit your Personal Data to us for any other reasons.
2.2 When you browse our website, you generally do so anonymously but please see paragraph 6 below for information on cookies and other technologies which we have implemented on our website.
2.3 If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested, or delays in providing you with products and services you have requested, or processing your applications.marketing or promotional materials / communication, it may take up to 21 calendar days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time.
3. Purposes for the Collection, Use, Process and Disclosure of Your Personal Data
3.1 Generally, HMI collects, uses and discloses your Personal Data for the following purposes:
- 1.If you are a prospective, current or former patient or customer of HMI:
- 1.providing customer service and support (including but not limited to customer relationship management, processing your admissions, processing and settlement of bills, facilitating, arranging and providing reminders of your appointments, medical examinations, screenings or check-ups, applying for visas on your behalf, contacting you regarding medical reports and results, providing follow-up calls, providing you with administrative support, and administering insurance coverage and processing insurance claims);
- 2.administering and processing your requests including creating and maintaining profiles of our customers in our system database for administrative purposes (including tracking your attendance at various HMIfacilities);
- 3.personalising your experience at HMI’s touchpoints and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our service offerings;
- 4.administering medical care (including keeping patient case and procedure records, providing medication, ordering medical tests, reports and biological samples;
- 5.liaising with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
- 6.if you use our mobile applications or online registration and payments systems, displaying your medical data, sending you health-related notifications, and facilitating the provision of our services to you;
- 8.administering debt recovery and debt management;
- 9.the disclosure of your Personal Data whenever and to whomever the law or a court order may require;
- 10.the disclosure of your Personal Data to the suppliers/vendors of HMI if it is required by the law and/or authorities that the end-user consuming the medicine/drug/equipment must be recorded;
- 11.the disclosure of your Personal Data to the suppliers/vendors of HMI if it is required for them to carry out their duties;
- 12.to enable HMI to respond to the request for Personal Data which may include the Personal Data of the patient in accordance to HMI’s policies and practices which shall be in compliance with the Personal Data Protection Act 2010 and its regulations; and/or
- 13.purposes which are reasonably related to the aforesaid.
- 2.If you are a nominated caregiver or next-of-kin of a patient or customer of HMI:
- 1.informing you of the patient’s medical status and whereabouts;
- 2.the disclosure of your Personal Data whenever and to whomever the law or a court order may require; and/or
- 3.purposes which are reasonably related to the aforesaid.
- 3.If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by HMI:
- 1.assessing your organisation’s suitability as an external service provider or vendor for HMI;
- 2.managing project tenders and quotations, processing orders or managing the supply of goods and services;
- 3.creating and maintaining profiles of our service providers and vendors in our system database;
- 4.processing and payment of vendor invoices and bills;
- 5.facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
- 6.the disclosure of your Personal Data whenever and to whomever the law or a court order may require;
- 7.administering debt recovery and debt management; and/or
- 8.purposes which are reasonably related to the aforesaid.
- 4.If you are an existing employee of HMI:
- 1.conducting interviews;
- 2.processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
- 3.obtaining references and for background screening;
- 4.assessing your suitability for the position applied for;
- 5.enrolling successful candidates as our employees and facilitating human resource planning and management (including but not limited to preparing letters of employment, name cards and building access passes); and/or
- 6.purposes which are reasonably related to the aforesaid.
- 5.If you submit an application to us as a candidate for employment, internships or scholarships:
- 1.providing remuneration, reviewing salaries and bonuses, conducting salary benchmarking reviews, staff appraisals and evaluation, as well as recognising individuals for their services and conferring awards;
- 2.staff orientation and entry processing;
- 3.administrative and support processes relating to your employment, including its management and termination, as well as staff benefits, including travel, manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical screenings and immunisations, leave administration, long-term incentive plans, training, learning and talent development, and planning and organising corporate events;
- 4.providing you with tools and/or facilities to enable or facilitate the performance of your duties;
- 5.facilitating professional accreditation and complying with compliance audits;
- 6.compiling and publishing internal directories and emergency contact lists for business continuity;
- 7.managing corporate social responsibility projects;
- 8.conducting analytics and research for human resource planning and management, and for us to review, develop, optimise and improve work-related practices, environment and productivity;
- 9.ensuring that the administrative and business operations of HMI function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within HMI, your work emails and personal digital and storage devices);
- 10.compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);
- 11.administering cessation processes;
- 12.the disclosure of your Personal Data whenever and to whomever the law or a court order may require;
- 13.administering debt recovery and debt management; and/or
- 14.any other purposes relating to any of the above.
- 6.If you are a medical/dental practitioner or traditional and complementary medicine practitioner at HMI:
- 1.facilitating professional accreditation and complying with compliance audits;
- 2.facilitating disbursements of fees collected on your behalf;
- 3.managing and providing you with tools, services and/or facilities to enable or facilitate the performance of your duties;
- 4.planning and organising events for specialists;
- 5.creating and maintaining profiles of our accredited doctors in our system database;
- 6.facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
- 7.the disclosure of your Personal Data whenever and to whomever the law or a court order may require;
- 8.administering debt recovery and debt management; and/or
- 9.any other purposes relating to any of the above.
3.2 Furthermore, where permitted under Personal Data Protection Act 2010, HMI may also collect, use and disclose your Personal Data for the following “Additional Purposes”:
- 1.taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles and publicity materials;
- 2.providing or marketing services and benefits to you, including promotions, service upgrades, loyalty, reward and/or membership programmes and sending of healthcare-related updates, event invitations, newsletters and marketing and promotional information to you;
- 3.organising roadshows, tours, campaigns (including health check or vaccination campaigns) and promotional or events and administering contests and competitions;
- 4.matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;
- 5.sending you details of services, clinic updates, health-related information and rewards, either to our customers generally, or which we have identified may be of interest to you;
- 6.conducting market research, aggregating and analysing customer profiles and data to determine health-related patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you other products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile; and/or
- 7.purposes which are reasonably related to the aforesaid.
3.3 If you have provided us with your telephone number(s)and/or email address(es) (“contact details”) and have indicated that you consent to receiving marketing or promotional information via your contact details, then from time to time, HMI may contact you using such contact details (including via voice calls, text, fax, email or other means) with information about our products and services.
3.4 In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
3.5 You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found in paragraph 11 below.
3.6 Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 21 calendar days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time.
3.7 Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from HMI.
4. Disclosure of Personal Data
4.1 HMI will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:
- 1.amongst the HMI Group members and affiliates (including their staff and medical /dental/ traditional and complementary medicine practitioners, registered nurses, medical assistants, technologists, allied health staff, paramedical staff or other healthcare staff engaged or referred to for the provision of healthcare services in accordance with the Private Healthcare Facilities and Services Act 1998 and any other relevant legislations and regulations);
- 2.third party medical/dental practitioners, clinics, hospitals and/or medical institutions;
- 3.companies providing services relating to insurance to HMI;
- 4.agents, contractors, sub-contractors or third party service providers who provide operational services to HMI, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, call centre, security, third party administrator or other services to HMI;
- 5.vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;
- 6.our corporate clients;
- 7.any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
- 8.external banks, credit card companies, other financial institutions and their respective service providers;
- 9.our professional advisers such as consultants, auditors and lawyers;
- 10.third party insurers, employers of patients, guarantors and/or credit reporting agencies/credit data management company;
- 11.relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority (including the Ministry of Health);
- 12.in connection with a corporate transaction, such as merger, consolidation, or in the unlikely event of winding up; and/or
- 13.any other party to whom you authorise us to disclose your Personal Data.
4.2 As far as permitted by the laws of Malaysia, HMI will not be responsible for any unauthorised use of your Personal Data by third parties which are wholly attributable to factors beyond the control of HMI.
5. Retention of Personal Data
5.1 HMI retains such Personal Data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
5.2 Whilst HMI will securely dispose of or anonymise Personal Data which it can reasonably determine is no longer needed and does not generally hold on to Personal Data “just in case”, it is in the interests of any caregiver or person treating the patient to be able to refer to a complete set of medical records to avoid risks to health and safety of the patient.
5.3 With respect to the medical records of patients, unless specific contrary instructions from the patient are received, HMI may (but is not obliged to) retain such medical records for as long as HMI may be potentially consulted for further follow up by (or on behalf of) the patient even where such consultation may not occur until after a substantial period of time or there is no current or present indication that the patient may well return for further consultation or follow up. In addition, HMI will retain Personal Data relating to claims for a period deemed necessary due to regulatory requirements.
6.2 The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies – Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.
There are several types of cookies:
- Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session
- Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites
- First-party cookies are set by the site you are visiting
- Third-party cookies are set by a third party site separate from the site you are visiting
Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options.
Web beacons – Small graphic images (also known as “pixel tags” or “clear GIFs”) may be included on our sites and services. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.
Similar technologies – Technologies that store information in your browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers.
6.4 We offer certain site features and services that are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.
7. Third-party Sites
Our website may contain links to other websites operated by third parties, including for example our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage you to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trade mark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable Data Privacy Notice of the third party website to determine how they will handle any information they collect from you.
8. Incompetent Patients
In order to provide healthcare services to our patients, HMI knowingly collect Personal Data from Incompetent Patients. “Incompetent Patients” include patients who are certified medically to be mentally incompetent or who is legally incompetent or he/she is a minor who has not attained the age of 18 years old. In the event that such Personal Data is provided to HMI, you, as legal guardian hereby consent to the processing of the Incompetent Patient’s Personal Data and personally accept and agree to be bound by this Data Protection Policy and take responsibility for his or her actions.
9. Accuracy of Information
You are responsible for informing us about changes to your Personal Data and for ensuring that such information is accurate and current. You may do so by submitting a Personal Data Change Form available in our Customer Service Department or by using the contact details found under paragraph 11 below. We will not be responsible for relying on inaccurate or incomplete data provided.
10. Transfer of Personal Data Outside Malaysia
Your Personal Data may be transferred to, stored, used and processed in a jurisdiction other than Malaysia, which is, to companies under HMI which are located outside of Malaysia or any other companies outside Malaysia for us to duly perform our contract with you in accordance to Personal Data Protection Act 2010. You understand and consent to the transfer of your Personal Data out of Malaysia as described herein.
11. Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data
11.1 If you:
- 1.have any questions or feedback relating to your Personal Data or our Data Privacy Notice;
- 2.would like to withdraw your consent to any use of your Personal Data as set out in this Data Privacy Notice;
- 3.would like to obtain access and make corrections to your Personal Data records; or
- 4.would like to lodge a complaint regarding the collection, use, process and disclosure of your Personal Data;
Please contact us as follows:
Write to us at:
Customer Service department
Regency Specialist Hospital Sdn Bhd
No.1, Jalan Suria,
Bandar Seri Alam,
81750 Masai, Johor.
Telephone: +60 7-381 7700
Customer Service department
Mahkota Medical Centre Sdn Bhd
3 Mahkota Melaka,
Telephone: +60 6-285 2999
REN TCM Sdn Bhd
No 13 (GF) & 15 (GF),
Jalan Suria 1/3, Bandar Seri Alam,
81750 Masai, Johor.
Telephone: +60 16-212 2617 / +60 7-382 3840
11.2 Please note that it may take up to 21 calendar days for the requested changes under paragraphs 11.1(1) and 11.1(2) above to be reflected in our systems. Also, we reserve the right to charge a minimal fee to attend to any data access requests as permitted by the relevant personal data protection laws applicable.
11.3 Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to HMI on your behalf.
11.4 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, HMI may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with HMI, and your being in breach of your contractual obligations or undertakings. HMI’s legal rights and remedies in such event are expressly reserved.
12. Governing Law
12.1 For Health Management International Pte Ltd’s subsidiary companies in Malaysia, this Data Privacy Notice shall be governed in all respects by the laws of Malaysia.
If we have not received any response from you in withdrawing your consent to HMI collecting, using, processing and disclosing your Personal Data as set out above, we reserve the right to assume that you consent to and agree with the terms set out above.
Date: 16th August 2021