PDPA

(1) Personal information

1.1 Type of personal information

Personal information means any information which relates to you and which was collected or provided to MAHSA Specialist Hospital for the purposes stated in Section 2 below.

Your personal information may include your name, NRIC number, contact details, financial and banking account details, medical history and information, information in audio/video format (including voice, closed-circuit television (“CCTV”) or security recordings), images (including photographs), biometric information and location tracking or global positioning system (“GPS”) information.

1.2 Source of personal information

1. Patient or potential patient/customer: MAHSA Specialist Hospital collects your personal information directly from you or indirectly from your legal representatives (family members or next of kin), recruitment agencies and / or employer when you, your legal representatives, recruitment agencies and / or employers send us completed enquiry, application and / or registration forms via various means, including online and physical hardcopies at public venues or in our premises. Your personal information may also be collected from cookies through the use of our website.
2. Independent consultants or potential independent consultants: MAHSA Specialist Hospital collects your personal information directly from you or indirectly from headhunters when you and / or our headhunters send us completed enquiry and / or application forms or curriculum vitaes via various means, including online and physical hardcopies. Your personal information may also be collected from cookies through the use of our website.
3. Vendor, supplier or service provider: MAHSA Specialist Hospital collects your personal information directly from you or indirectly from your employer or credit reference agencies when tendering for projects, when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies. Your personal information may also be collected from cookies through the use of our website.

1.3 Obligatory personal information

All information requested for in the relevant forms is obligatory to be provided by you unless stated otherwise.

Should you fail to provide the obligatory information, we would be unable to process your request and/or provide you with relevant services.

(2) Purposes of collecting and further processing (including disclosing) your personal information

For patients or potential patients/customers, independent consultants, potential independent consultants, vendors, suppliers or service providers: Your personal information is collected and further processed by MAHSA Specialist Hospital as required or permitted by law and to give effect to your requested commercial transaction, including the following:

• to process your requested medical services;
• to facilitate your participation in any contests or events;
• to administer and communicate with you in relation to our services and / or events;
• to facilitate your medical practice within MAHSA Specialist Hospital, including sharing your personal data with other independent consultants within MAHSA Specialist Hospital for purposes of peer review;
• to administer and communicate with you in relation to your medical practice;
• to process your credit account application;
• to assess your credit worthiness;
• to administer and give effect to your commercial transaction (tender award, contract for service, consignment agreement);
• to process any payments relevant to you;
• for insurance purposes;
• to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;
• for internal investigations, audit or security purposes;
• to conduct internal statistical analysis and analysis of patients’ case studies;
• to comply with MAHSA Specialist Hospital’s legal and regulatory obligations in the conduct of its business;
• to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you;
• to ensure that the content from our website is presented in the most effective manner for your and for your computer and / or device; and
• for MAHSA Specialist Hospital’s internal records management.

Where you have indicated your consent to receiving marketing or promotional updates from MAHSA Specialist Hospital, you may opt-out from receiving such marketing or promotional material at any time. You may select the relevant “unsubscribe” option as may be provided in MAHSA Specialist Hospital’s marketing or promotional material or you may contact MAHSA Specialist Hospital at the details provided in Section (5) below.

(3) Disclosure or transfer of personal information (within or outside of Malaysia)

3.1 Within MAHSA Specialist Hospital

Your personal information provided to us may be processed by entities (in or outside of Malaysia) within MAHSA Specialist Hospital (including related companies, subsidiaries, holding companies, associated companies and outsourcing partners), especially when you are an employee of any company within MAHSA Specialist Hospital.

MAHSA Specialist Hospital will ensure that:

1. access to your personal information is restricted to staff who are contractually required to process your personal information in accordance with their respective job requirements; and
2. only necessary information is released to the relevant employees.

3.2 Classes of third parties

Your personal information may be disclosed or transferred to relevant third parties (within or outside of Malaysia) as required under law, pursuant to relevant contractual relationship (for example, where we appoint third party service providers) or for the purposes stated in Section 2 above (or directly related to those purposes).

In the event of a potential, proposed or actual sale of business, disposal, acquisition, merger or re-organisation (“Transaction”), your personal information may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit MAHSA Specialist Hospital to release your personal information (only as required) to the other party and its advisers/representatives.

For patients or potential patients/customers, independent consultants, potential independent consultants, vendors, suppliers or service providers: Your personal information may be disclosed to the following classes of third parties:

• The Ministry of Health or any other statutory or non-statutory authorities or bodies having authority or jurisdiction established by the MOH and other relevant government departments or agencies;
• Relevant accreditation bodies such as the Malaysian Society for Quality in Health (MSQH);
• Third party private healthcare institutions or government healthcare institutions;
• Our independent consultants and specialists within MAHSA Specialist Hospital;
• Your insurers;
• In the case of pre-employment/employees health screenings, to the prospective employer/patient’s employer;
• Third parties appointed by us to provide services to us or on our behalf (such as auditors, lawyers, company secretary, printing companies, consignment vendors, contractors, conference/event organisers, other advisers, and insurance companies);
• The respective foreign embassies of foreign patients who received treatment in MAHSA Specialist Hospital; and
• Law enforcement agencies, including the local police.

(4) Websites

4.1 Links to other sites

Content in MAHSA Specialist Hospital’s website may include links to third party websites. MAHSA Specialist Hospital is not responsible for the content on such linked third party websites and users should observe the separate privacy policies applicable to the respective third parties website.

4.2 Cookies

MAHSA Specialist Hospital may use cookies and similar tools across our websites to improve their performance and enhance your user experience. Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. Cookies can function to remember your username and preferences or to analyse how MAHSA Specialist Hospital’s website is performing.

Certain cookies contain personal data – for example, if you click to “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our websites, or a user’s general location. Where personal data is collected, such personal data will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services.

(5) Right to access and correct personal information

You have the right to access and correct your personal information held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal information is accurate and up to date therefore we ask that if there are changes to your information you should notify us directly.

If you would like to access or correct your personal information or have any enquiries, please make your request in writing to the PDP Officer in the hospital.

(6) Private Healthcare Facilities and Services Act 1998

Please note that the manner in which MAHSA Specialist Hospital processes your personal data will also be subject to other industry-specific laws and guidelines e.g. Private Healthcare Facilities and Services Act 1998 (“PHFSA”), Ministry of Health guidelines, etc.

Your right to access personal data may be restricted if it is regulated under any other law. For example, access to medical records will be in accordance with the PHFSA.

(7) Conflict

In the event of any conflict between this English language Personal Data Protection Notice and its corresponding Bahasa Malaysia Personal Data Protection Notice, the terms in this English language Notice shall prevail.