Personal Data Protection Notice

Introduction

Nilai Medical Centre (“NMC”) prioritizes the security of your Personal Data (defined below) including your medical information, and controls the use of your personal data to ensure that you receive optimum patient care and services.

The Personal Data Protection Act 2010 (“PDPA”) has been in effect since 15 November 2013. The PDPA creates rules for the use and protection of personal data of individuals and applies to hospitals, clinics and medical centres such as NMC. One of the requirements under the PDPA is that hospitals, clinics and medical centres provide written notice to individuals whose personal data is being collected and used, explaining how their personal data is being processed and providing them with certain avenues to control such processing.

This privacy notice explains how your Personal Data is processed by NMC, to whom the Personal Data may be disclosed to and your rights to access and correct your Personal Data. NMC is owned and operated by Asiaprise Biotech Sdn Bhd, a member company of the TH Group of companies. As such, any reference to NMC as a user of your Personal Data in this notice would also refer to Asiaprise Biotech Sdn Bhd as a data user.

Personal Data We May Collect And When

NMC may collect information from you by way of the patient registration form, from third parties who are permitted to disclose your information to NMC, any other information which you may provide during the course of your interactions and communications with us. The information NMC processes includes, without limitation, the following information about you:-

  • personal information such as name, date of birth, marital status, birth place, nationality, race, gender, preferred language, NRIC number, passport number, driver license number;
  • contact information such as name, home and business addresses, telephone, fax and pager numbers, e-mail addresses, emergency contact information;
  • ancestry, race, nationality, or national or ethnic origin, religion or religious belief, political belief, association or activity;
  • education, employment or occupation, or educational, employment or occupational history, source of income or financial circumstances, financial information, activities or history and criminal history including regulatory offences;
  • photographs, CCTV recordings and other images;
  • medical and personal health information such as medical and healthcare history, blood type, finger prints, or hereditary characteristics, DNA, health and mental condition, diagnosis, medication and drugs prescribed;
  • demographic information such as age group, medical history, genetic characteristics; and/or
  • preferences and interests and other information relevant to patient surveys, education and/or offers.

(collectively referred to as “Personal Data“)

If you are not a patient, but have visited our hospital, submitted an enquiry on our website, communicated with us via email and other modes of communication, or have participated in any programs, events or activities organized by us or our business partners and/or other

channels, NMC may also be processing the information you provided to us in this manner for the Additional Purposes (defined below).

How We Use Your Personal Data

NMC may process your Personal Data for multiple purposes. For certain purposes, your authorization is not required, whilst for others, you have the right to opt out and restrict NMC’s use of your Personal Data for those purposes. Kindly note that it is obligatory that you provide us with your Personal Data for the Purposes (defined below), without which we will not be able to treat you at our facilities as patient or to process your requested services or transactions. Nonetheless, whether or not you are a patient, you have the right to opt-out of NMC processing your Personal Data for the Additional Purposes, and providing us with your Personal Data for these Additional Purposes is voluntary.

Purposes which do not require your consent

The following purposes for which your Personal Data may be processed and/or disclosed by NMC do not require your prior consent, namely:-

  • for your admission and/or treatment as a patient, and any action taken before in order to admit and/or treat you as a patient which may include contacting you to provide appointment reminders for treatment or medical care and matters relating to your financial position;
  • for compliance with any legal obligation to which NMC may be subject, for the purpose of obtaining legal advice or  establishing, exercising or defending legal rights or for the exercise of any functions conferred under law, or for the purpose of discharging regulatory functions;
  • for the administration of justice, the prevention or detection of crime or for the purpose of investigations and the apprehension or prosecution of offenders and any processing that is necessary for the purpose of or in connection with any order or judgment of a court or tribunal;
  • to protect your vital interests including any matter relating to your life, death or security;
  • for medical purposes and is undertaken by a healthcare professional or a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a healthcare professional such as NMC staff who are not healthcare professionals;
  • for preparing statistics or carrying out research provided that such Personal Data is not processed for any other purpose and that the resulting statistics or the results of the research are not made available in a form which identifies the data subject; and/or
  • other legitimate business purposes relating thereto.

In addition, you will also need to consent to NMC processing your Personal Data for the purpose of referring you to another healthcare professional or healthcare provider including where a second opinion may be required, to facilitate collection of outstanding amounts due from patients, or procuring financial undertakings from third party payers and to manage and respond to any specific requests which you may make. Without your consent, we may not be able to advise, treat or admit you at NMC.

(collectively referred to as “Purposes“)

Additional Purposes which you may choose to opt-out of

NMC also processes your Personal Data for the following Additional Purposes (defined below), and you have the right to withdraw your consent or opt-out from NMC processing your Personal Data for these purposes by writing to the Privacy Contact provided below.

  • contacting you to recommend treatment alternatives;
  • notifying you of health-related benefits and services that may be of interest to you;
  • contacting you about disease management programs, wellness programs, or other community-based initiatives or activities in which NMC participates including fundraising;
  • sending you promotional material, special offers and invitations to events, promotions and contests including health talks; and/or
  • inviting you to participate in customer research or focus groups, or clinical trial programs.

(Collectively referred to as “Additional Purpose“)

Website-specific purposes

If you are not a patient of NMC, but have submitted an online enquiry via our website, we may still process any Personal Data you may have provided to us for the following purposes:-

  • managing and responding to your enquiries, including referring you to another healthcare professional or healthcare provider as may be required;
  • internal record keeping and other legitimate business purposes;
  • developing, enhancing and marketing our products and services;
  • sending you promotional messages, marketing material and special offers, and inviting you to participate in customer research or focus groups, or clinical trial programs (subject to your consent); and/or
  • personalising your experience and our services to suit you, including customizing our website according to your interests.

Disclosures And Transfers Of Your Personal Data

Your Personal Data may be disclosed to the following classes of third parties:-

  • other companies within the TH Group of companies;
  • service providers such as laboratory service providers, physiotherapy service providers and housekeeping service providers, independent specialist consultants, interns and other healthcare providers;
  • governmental agencies, governmental authorities and other regulatory bodies;
  • third party payers including employers, insurance companies, managed care organizations and clinical trial sponsors;
  • selected third parties such as business partners (provided you have agreed to NMC processing your Personal Data for the Additional Purposes); and/or
  • NMC’s agents, servants and/or such persons, whether located within or outside Malaysia for the Purpose.

Your Personal Data may also be disclosed or transferred to relevant third parties as a result of any restructuring, sale or acquisition of any company within the TH Group of companies, provided that the recipient uses your Personal Data for the Purpose only. In the event that we engage external service providers or vendors, specific security and confidentiality safeguards will be put in place to ensure your personal data protection rights remain unaffected.

Your rights as a data subject

Although your medical record is the property of NMC, you have rights over the Personal Data and you may:

  • request, in writing, to access your Personal Data as provided by law;
  • request, in writing, that your Personal Data be amended as provided by law, if you feel the Personal Data we have about you is incorrect or incomplete; or
  • request, in writing, that we cease processing your Personal Data for certain Additional Purposes, including for direct marketing (if any).

You may exercise these rights by directing a request to the Privacy Contact listed below:-

Designation Personal Data Protection Officer
Address Nilai Medical Centre
PT 13717, Jalan BBN 2/1, 71800 Nilai,
Negeri Sembilan, Malaysia
Telephone +606-8500999/ +06-7990999 (ext 2319)
Email pdpa@nilaimc.com

Kindly note that a small fee may be charged and in certain circumstances which are permitted by law, we may not accede to your request. You will be notified if the request cannot be granted.

We hope this notice enables you to understand NMC’s practices in respect of your Personal Data. If you have any queries or complaints relating to your Personal Data, please contact the Privacy Contact.