INTRODUCTION
We, HSC Healthcare Berhad and our subsidiaries, associates, jointly controlled entities, affiliates (collectively "Group") collect, hold and process your Personal Data. We respect your privacy rights and have therefore developed this Notice to inform you how we collect, use, distribute and protect your Personal Data. For the purposes of this Privacy Notice, "we", "us", "our" and other similar expression shall refer to any of the companies within the Group and "you" shall refer to yourself and such other persons or companies represented by you of which you are providing the Personal Data.For the purpose of this Notice, "Personal Data" shall have the meaning as ascribed to in the Personal Data Protection Act 2010 ("PDPA").
PERSONAL DATA COLLECTED, HELD OR PROCESSED
In order to provide you with our services, we may need to collect, hold or process your Personal Data. If you do not wish to provide your Personal Data to us, we may not able to provide the services you request, or to tell you about other services offered by us.The Personal Data about you which we or the Group may collect via print and digital channels (including but not limited to website, text message, social media and mobile applications) includes, without limitation to:
- Information collected when you are admitted as our patient or are receiving healthcare services at our hospitals.
- Information collected when you register or update an online profile or when you fill in or update your information with us via our websiteor any other website maintained by our Group, associate companies or such other parties which you are redirected to from our website, the contents of all printed and electronic forms or documents submitted to us via printed collateral or forms, the Group's website and any digital and mobile platforms (eg. email, and/or any social media and mobile applications).
- Information collected when you subscribe to our MobileHealth2U application
- Information input or submitted to online facilities such as search tools and calculators
- Personalisation preferences you select as you use the Group's website, digital and mobile platforms
- Information submitted if you participate in survey or competition whether via online or otherwise
- Any messages, enquiries or comments you submit to us via the Group's website or in whatever manner
- Information obtained independently by the Group from other lawful sources
- Video images captured and kept by closed-circuit television system installed within the premises of the Group and/or
- The contents of all forms and/or documents submitted and/or collected by the Group
Your Personal Data which we may collect includes the following information:-
- Identity card/ passport number
- Name
- Gender
- Race and religious belief
- Occupation
- Email address
- Telephone number (including mobile telephone number)
- Correspondence address
- Photographs
- Family or next of kin information
- Weight and height
- Medical history and information
- Sensitive data information (as defined in the PDPA)
- Contact preference; and/or
- Financial and banking details
The list of Personal Data stated above is not exhaustive and may include other personal data depending on the nature of dealings or transaction from time to time.
PURPOSE OF COLLECTION OF PERSONAL DATA
We collect Personal Data for the following purposes:- To process your requested healthcare services and to establish and manage medical records and medical reports;
- To facilitate your personal needs
- To conduct internal statistical analysis and analysis of patients' case studies
- To allow us to keep you posted on our latest product or service announcements and upcoming events by sending to you any updates, new products, special offers, advertising, promotional material and/or commercial material which we may feel to be of interest to you
- To seek your opinions or comments about our products and services
- To carry out our management, administrative, quality assurance and complaint handling activities in a professional and efficient manner
- To conduct market research
- To administer and respond to any queries, requests and legal issues
- To provide other services to enhance and support the relationship of the Group and you and/or such other persons or companies represented by you
- To prepare and submit any claims or payments to any party or for any audit/checks by any party for whatever purpose related to the Group's business
- To enable the Group to perform functions or obligations as required under the laws, rules, regulations, by laws and/or guidelines (whether or not having the force of law) or as required by any governmental and/or non-governmental authorities, agencies or departments or a third party requires in order to ensure compliance with agreement(s) or document(s);
- For purposes connected with the enforcement of the Group's rights pursuant to any letter, agreement and/or document including seeking legal and financial advice, taking any preliminary steps or commencing any legal action and/or
- To make such disclosures as may be required for any of the above purposes or by law and/or
- To implement customer loyalty programmes. (Collectively as "Purposes").
From time to time, we may contact you for any of the purpose as set out above or to send important notices to you via telephone calls, emails, short message services, social media or by whatsoever form of available communication. You may opt out of receiving these communications if you do not wish to receive them from us.
DISCLOSURE OF PERSONAL DATA
Your Personal Data may be disclosed to Healthcare Professional (as defined in the PDPA) and we will not disclose Personal Data to a third party that is not a related entity unless:- The disclosure is for a primary purpose for which the information was collected.
- The individual concerned has consented to the disclosure.
- The third party is our agent, service provider or contractor, in which case we will require them to disclose and to use the Personal Data only for the purpose for which it was disclosed.
- The third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business.
- The third party is a credit reporting agency.
- The third party acquires or wishes to acquire, or makes inquiries in relation to acquiring, an interest in any company within the Group.
- The third party requires your Personal Data in order for such third party to perform functions or services as required by the Group.
- The third party requires in order for purposes of preparation and submission of any claims or payments to any party or for any audit/checks by any party for whatever purpose related to the Group's business.
- The third party requires your Personal Data to perform functions or obligations as required under the laws, rules, regulations, by laws and/or guidelines (whether or not having the force of law) or as required by any governmental and/or non-governmental authorities, agencies or departments or a third party requires in order to ensure compliance with agreement(s) or document(s).
- The disclosure is to your family and next of kin.
- The disclosure is to relevant debt recovery authorities or agencies in the event of any default in payment for our products and/or services.
- The disclosure is to a related body corporate, supplier or business partner and/or
- The disclosure is permitted, required or authorised by or under law.
MARKETING
We may use Personal Data to advise the individual concerned of new products and services and marketing initiatives that we think may be of interest to them. This may include product or service offerings, newsletters and general information about us or third parties.Those who prefer not to receive information about such products and services can either:
- Contact Us and ask to be removed from the relevant circulation list or
- Follow the unsubscribe directions in the relevant electronic message.
Unsubscribing however, will not end transmission of service-related notifications from us, such as administrative email alerts in relation to your account settings.
STORAGE AND RETENTION OF PERSONAL DATA
Your Personal Data shall be stored either in hard copies our offices or stored in the servers located in or outside Malaysia and operated by us or its service and product providers in or outside Malaysia.Generally, we will retain your Personal Data for as long as required to provide you the services requested. Any Personal Data supplied by you will be retained by us as long as necessary for the fulfilment of the Purposes stated in Paragraph 3 above or is required to satisfy any legal, regulatory and/or accounting requirements or to protect our interest. We will take all reasonable steps to ensure that your Personal Data is destroyed or permanently deleted if it is no longer required.
CONFIDENTIALITY OF PERSONAL DATA
Personal Data held by us will be kept confidential in accordance with this Notice pursuant to any applicable law, to include, any amendments, modifications or substitution to it and any subsidiary legislation, guidelines, regulations and similar things made under or in relation to such law that may from time to time be in force.SECURITY OF PERSONAL DATA
Access to Personal Data is limited to those of our personnel who specifically need it to carry out their business responsibilities.We will endeavour to take all reasonable steps to keep secure any Personal Data which we hold about you and to protect your Personal Data from loss, misuse or unauthorised alteration. Any Personal Data you provide to us electronically is stored on secure servers. Our employees are obliged to respect the confidentiality of any Personal Data held by us.
However, if you provide your personal data to us via the internet, we cannot guarantee that your Personal Data is completely secured. So while the Group strives to protect such Personal Data, the Group cannot ensure or warrant the security of any Personal Data transmitted to the Group and you do so at your own risk. Once any Personal Data comes into the Group's possession, the Group will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification or disclosure.
RIGHT OF ACCESS TO PERSONAL DATA
Under the PDPA, you have the right of access to your Personal Data held by us and may request that we to correct any of your Personal Data that is inaccurate, incomplete or out-of-date, subject to any applicable legal restrictions and contractual conditions.If you wish to request access to your Personal Data or if you wish to correct Your Personal Data, you may Contact Us (please refer to section 13 of this Notice).
However, where:
- The access impacts on the privacy of others
- The request for access is frivolous or vexatious
- There are existing or anticipated legal proceedings or
- Such access can be denied under law or by a law enforcement agency
We may not be able to provide you with access to the Personal Data we hold about you.
If we deny your request for access, we will let you know the reasons for such denial. We may also charge a fee to cover the reasonable costs we incur in processing your request.
WEBSITE & COOKIES
To ensure we are meeting the needs and wants of our website users, and to develop our online services, we may collect aggregated information by using cookies or similar electronic tools.Cookies are small amounts of information sent from a web server to your computer. These cookies are used to retain login and location information in order to make your experience more convenient and personal. We do not use cookies to track your internet activity before or after you leave our website. No other company has access to our cookies.