Normah Medical Specialist Centre
PERSONAL DATA PROTECTION NOTICE
Normah Medical Specialist Centre (“NMSC“, or “we”, “us” or “our”) is committed to protect your personal data with us in pursuant to Personal Data Protection Act 2010 (“PDPA”).
1. Personal Data
Your personal data include your name, identification card number, gender, marital status, date of birth, occupation, education background, contact details (such as address, email address, phone numbers, etc), race, nationality, religion, family or next of kin, financial and banking information, payment details (such as your guarantor, employer, insurance company, credit cards, etc), personal health information, and other information that are required for us to provide the services requested by you.
2. Source of Personal Data
The collection of your Personal Data shall depend on the use for which they are intended. These data are collected through but not limited to the following process:
- Directly from you or your “relevant person” (as defined in PDPA) when you register at our facilities, during the process of your requesting, receiving and paying for our services, or contact us via emails and letters, telephone calls and conversations, or when taking part in customer surveys, marketing and promotion
“Relevant person” in relation to a “data subject” (in this case, you) as defined in PDPA, however described, means
- in the case of a data subject who is below the age of eighteen years, the parent,
guardian or person who has parental responsibility for the data subject
- in the case of a data subject who is incapable of managing his own affairs, a person who is appointed by a court to manage those affairs, or a person authorized in writing by the data subject to act on behalf of the data subject
- in any other case, a person authorized in writing by the data subject to make a data access request, data correction request, or both such requests, on behalf of the data
- From any third parties connected with you such as your employer or potential employer, agents, insurance companies, or other healthcare facilities
- From such other sources to whom you have given your consent to disclose information relating to
- From public
3. Purpose of Processing of Personal Data
“Processing” in relation to personal data as defined in PDPA means collecting, recording, holding or storing the personal data or carrying out any operation or set of operations on the personal data, including
- the organization, adaptation or alteration of personal data
- the retrieval, consultation or use of personal data
- the disclosure of personal data by transmission, transfer, dissemination or otherwise making available
- the alignment, combination, correction, erasure or destruction of personal
The processing of your personal data shall depend on the purpose it is intended and the nature of the relationship which you have with us and your visits to our facilities. We may use the data for part or all of the purposes which include but not limited to the following:
- for the provision of healthcare services (as defined in the Private Healthcare Facilities and Services Act 1998 [Act 586]) you have requested or are currently receiving
- for effective communication among our healthcare professionals (as defined in PDPA) to better provide the healthcare services you have requested or are currently receiving
- for information need by our external service providers
- for monitoring and assessing customer credit worthiness
- for payment processing
- for insurance, third party administration or related purposes
- for compliance with regulatory requirements in the conduct of our business
- for compliance with our legal requirements and court order
- for internal review, investigations, audit or security purposes
- for internal statistical analysis and research (for which the resulting statistics or research results are not in a form which identifies you)
- for prevention, investigation, or reporting in relation to any fraudulent or criminal activities
- for purpose of enforcing our legal rights such as debt recovery against defaulters
- for marketing and promotion of our products and services
- for our internal records
4. Obligatory or Voluntary Personal Data
Whether or not the personal data we collect from you is obligatory or voluntary would depend on the purpose of the disclosure of your personal data to us. If the personal data requested by us is to enable us to provide our services to you, then it would be obligatory for you to provide that data to us.
Failure to provide your obligatory personal data to us may cause us not being able to process your data for purposes set out in Section 3 above and may affect the services requested by you.
5. Security of Your Personal Data
We treat with priority the security of your personal data. We will take reasonable efforts and practical steps to protect your personal data during its processing, from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction through the establishment and implementation of our internal policies, systems, procedures, and facilities relating to data security in NMSC.
6. Disclosure of Personal Data
While we endeavour to keep confidential and not disclose your data to unaffiliated third parties, we may disclose your personal data for any purpose other than the purpose for which the data was disclosed at the time of collection or any other purpose directly related to that purpose under the following circumstances:
- You have given consent to the disclosure
- The disclosure is necessary for the purpose of preventing or detecting a crime, or for the purpose of investigations
- The disclosure was required by or under any law or by the order of a court
- We have reasonable belief that we have in law the right to disclose your personal data to the other person or party
- We have reasonable belief that you would have consented to the disclosure of your personal data should you would have known the disclosing of your personal data and the circumstances of such disclosure
- The disclosure is justified as being in the interest of the public interest in circumstances as determined by the Minister (as defined in PDPA).
Your personal data may be disclosed by transmission, transfer, dissemination or otherwise making available to (but not limited to) the following third parties:
- Healthcare professionals (as defined in PDPA)
- “Relevant Person” (as defined in PDPA)
- Insurance companies and agents
- Payment guarantors
- Financial Institutions
- Debt collection agencies
- Legal firms
- Other private and public hospitals/clinics
- Other healthcare service providers (e.g. laboratory & pathology service providers)
- Government agencies and local authorities
- Accrediting bodies (such as Joint Commission International and Malaysian Society for Quality in Health) during accreditation survey
- Our information system and other service
7. Retention of Your Personal Data
Your personal data will be retained only as long as necessary for the fulfillment of the purpose(s) for which it is processed or to comply with any legal, regulatory and our internal requirements. We will delete your personal data once the purpose(s) has been fulfilled in accordance with our data retention policy.
8. Right to Limit Processing, Request Access to and Correction of Your Personal Data
We shall endeavour to keep your personal data with us as accurate, complete, non-misleading, and up-to-date as possible.
You may request to limit the processing of your personal data at any time subject to the following exemptions:
- personal data processed for the prevention or detection of crime
- personal data processed for the purposes of investigations, apprehension or prosecution of offenders, or assessment or collection of any tax or duty or other similar impositions
- personal data required under any court order
- personal data processed for regulatory
You also have the right to access and correct your personal data except where compliance with a request to such access or correction is refused under PDPA or other relevant acts.
Please notify us directly if there are any changes to your personal data or if you believe that your personal data we have of you is inaccurate, incomplete, misleading or not up-to-date.
If you would like to limit the processing of, access or correct your personal data, or make enquiries or complaints in respect of the personal data, please contact the following:
Medical Centre Administrator
Normah Medical Specialist Centre
Jalan Tun Abdul Rahman Yakub