Personal Data Protection Act
PERSONAL DATA PROTECTION NOTICE
DEMC Specialist Hospital Shah Alam (“DEMC”) respects and is committed to the protection of your personal data.
The terms “personal data”, “processing” “commercial transactions” and “relevant person” used in this Personal Data Protection Notice (“Notice”) shall have the meaning prescribed in the Personal Data Protection Act, 2010 (“Act”). For the purposes of this Notice the expression “we”, “our” or “us” shall refer to DEMC, whilst, the expression “you” or “your” shall refer and include the patients, potential patients, clients, potential clients, vendors, suppliers, service providers, directors, manufacturers, resellers, employees of corporate clients, employees of vendors, employees of suppliers, employees of service providers, authorized representatives and/or relevant person such as parent/guardian of our patients or potential patients, receiving, obtaining services from or providing services to DEMC.
We process your personal data including personal data of any relevant person, dependents and next of kin. This Notice shall apply to the relevant person, dependents and next of kin; and you warrant to DEMC that you have the authority or have been authorized to act and give consent on behalf of the third parties, to the provision of personal data of the third parties to DEMC for the purposes and disclosure as stated in this Notice and you undertake to extend a copy of this Notice to the third parties. The provision of this Notice shall be deemed as notice given to and consent obtained from the third parties.
TYPES OF PERSONAL DATA AND SOURCES OF PERSONAL DATA
The personal data voluntarily provided by you, your parents, guardians, your employer, your company and/or obtained independently by us from other lawful sources (if any such as from public depositories, trade/online directories, credit reporting agencies, public domain and other authorized third parties) in our forms, agreements, website, and/or other similar documents may include information concerning your name, title, date of birth, NRIC (new and old)/Passport number, home and office address, phone numbers (such as handphone, office phone number and home phone number), facsimile numbers, email address, occupation, age, gender, marital status, race, nationality, citizenship, residential status, religion, next of kin’s information (such as next of kin’s relationship with you, name and phone number), your employer/company information (such as job grade, designation, employee number, name of department, department code, branch location, name of subsidiary), dependent’s information (such as dependent’s relationship with you, name, phone number, NRIC (new and old)/Passport number, date of birth, age, gender), medical history and information (such as medical checkup result, medical record, Medical Record Number, medical report, diagnosis), personal health information, insurance details, photograph, financial and banking account details, criminal history including regulatory offence and any other personal data from images (including photographs), information in audio and/or video format, closed-circuit television (“CCTV”) and security recording (collectively “Personal Data”). By voluntarily providing us your Personal Data, you are giving consent for us to collect, use and process your Personal Data.
You hereby confirm that the Personal Data given by you or obtained from you, your parents, guardians, your employer and your company is sufficient, accurate, complete and not misleading and that such Personal Data is necessary for us to provide our services to you and to establish a commercial transaction. If you choose not to provide such Personal Data or if such Personal Data is in sufficient, inaccurate, incomplete and/or misleading, DEMC may not be able to provide you with the services you require or the required level of service.
PURPOSES OF COLLECTING PERSONAL DATA
We will process Personal Data in connection with any commercial transactions for any of the following purposes:
- to process your requested medical and healthcare services;
- to administer and communicate with you in relation to your medical practice;
- to verify your identity,updating your records, processing of payment and invoices, receipts, collecting debts, provide other requested goods and services in the ordinary course of our business;
- to establish and manage our internal records management;
- to facilitate payment process relating to the patients;
- to institute debt recovery proceedings against defaulters;
- to administer and give effect to your commercial transactions including but without limitation tender award, contract for service, consignment agreement;
- to report the Personal Data to the relevant authorities and/or third parties under the governing laws relevant to the healthcare industry;
- to conduct internal research, statistical analysis and analysis of patient case studies;
- to conduct research and analysis as to improve the quality of our services;
- to administer and respond to request, queries, complaints and legal issues;
- to market and advertise our products and services;
- to administer and communicate with you in relation to our services, events and/or promotions;
- to operate our premises in a manner which is physically safe, secure, and befitting of health and safety requirements;
- to comply with legal and regulatory obligations in the conduct of our business;
- for education and training;
- public disclosure and use of your Personal Data, images, photographs, voice and video recording for publicity purposes without payment or compensation;
- for internal investigations, audit or security purposes;
- the use of CCTV systems for crime prevention;
- to enforce contractual and legal rights and obligations; and
- to meet legal and regulatory requirements.
DISCLOSURE OF PERSONAL DATA (WITHIN AND/OR OUTSIDE MALAYSIA)
In order to deliver the services you require, you hereby consent and authorize us to disclose your Personal Data to the following parties (within and/or outside Malaysia):
- the Ministry of Health or any other statutory or non-statutory authorities or bodies having authority or jurisdiction established by the MOH and other relevant government department or agencies;
- relevant accreditation bodies such as the Malaysian Society for Quality in Health (MSQH);
- DEMC’s healthcare professionals (defined in the Act as follows a medical practitioner, dental practitioner, pharmacist, clinical psychologist, nurse, midwife, medical assistant, physiotherapist, occupational therapist and other allied healthcare professionals and any other person involved in the giving of medical, health, dental, pharmaceutical and any other healthcare services under the jurisdiction of the Ministry of Health);
- other private and public healthcare professionals, other healthcare provider and other private and public hospitals;
- third parties appointed by us to provide services to us or on our behalf (such as auditors, lawyers, company secretary, debt collection authorities and agencies, financial institution, printing companies, consignment vendors, contractors, training providers, conference/event organiser, other advisers, and insurance companies);
- family and next of kin;
- in case of pre-employment health screenings, to the patient’s employer/ prospective employer;
- to such parties as may be required by law, court, regulator or legal process to disclose;
- to respective foreign embassies of foreign patient receiving treatment in DEMC;
- law enforcement agencies, including the local police;
- the general public by publishing your Personal Data, images, photographs, voice and video recording for publicity purposes without payment or compensation; and
- to such parties as may be permitted under the law of Malaysia.
RIGHT TO ACCESS AND/OR CORRECT PERSONAL DATA
You have the right to:
- check whether we hold your Personal Data and request access to the same:
- correct any Personal Data that is inaccurate, incomplete and outdated;
- withdraw in full or in part your consent subject to any contractual conditions and legal restrictions;
- communicate to us your objection to the use of your Personal Data for marketing purposes.
If you would like to request for access to or correction of your Personal Data or limit the processing of your Personal Data, make any inquiries or complaints, you may contact:
- Shahrool Hezri Shawalli
- Tel: 03-5515 1870
- Fax: 03-5515 1871
- Email: email@example.com
You are to put your request in writing for security reasons and verification purposes. In accordance with the Act, we will charge prescribed processing fee for all Personal Data access request made by you as follows:
Maximum Fee (RM)
Data access request for your Personal Data with a copy
Data access request for your Personal Data without a copy
Data access request for your sensitive personal data with a copy
Data access request for your sensitive personal data without a copy
In the event we refuse to adhere to your request for access and/or correction to your Personal Data we will inform you of our reason for the refusal.
CHANGES TO PERSONAL DATA
We will ensure your Personal Data is accurate, complete and up-to-date therefore we request that if there are changes to your Personal Data you should notify us directly at contact details set out above.
MODIFICATION OF THE NOTICE
We may review and update this Notice from time to time to reflect changes in the Act. The latest version of the Notice will be made available upon your request at the above address or available at www.demc.com.my. By continuing receiving and obtaining services from DEMC following the modifications or changes to this Notice, shall signify your acceptance to such modifications or changes.
In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Notice, the English version shall prevail over the Bahasa Malaysia version.