Tukar ke versi Bahasa Malaysia

Avisena Healthcare Sdn. Bhd. (201301018445 [1048278-D]) (“Avisena”) respects and is committed to the protection of your personal data. The terms “personal data”, “sensitive personal data”, “processing”, “commercial transactions” and “relevant person” used in this Personal Data Protection Notice (“Notice”) shall have the meaning prescribed in the Personal Data Protection Act 2010 (“Act”).

The purpose of this document (“Notice”) is to inform you of how Avisena including its successors, subsidiaries, related corporations, trading and practice entities, associates, affiliates, agents, beneficiaries, licensors, employees, and representatives (collectively, the “Avisena”, “Avisena Group”, “us”, “we” or “our “) collects and manages your Personal Data (as defined below) which is subject to the Act. The expression “you” or “your” shall refer and include the patients, potential patients, clients, potential clients, vendors, suppliers, service providers, directors, manufacturers, resellers, employees of corporate clients, employees of vendors, employees of suppliers, employees of service providers, authorized representatives and/or relevant person such as parent/guardian of our patients or potential patients, receiving, obtaining services from or providing services to Avisena. We process your personal data including personal data of any relevant person, dependents and next of kin. This Notice shall apply to the relevant person, dependents and next of kin; and you warrant to Avisena that you have the authority or have been authorized to act and give consent on behalf of the third parties, to the provision of personal data of the third parties to Avisena for the purposes and disclosure as stated in this Notice and you undertake to extend a copy of this Notice to the third parties. The provision of this Notice shall be deemed as notice given to and consent obtained from the third parties.

This Notice explains (i) the types of information we collect; (ii) how the information is collected and obtained; (iii) how we use the information; (iv) how the information is disclosed; and (v) the choices we offer regarding how to access and update your information. At Avisena, we value your privacy and strive to protect your personal information in compliance with the laws of Malaysia. As such, please take a moment to read this Notice so that you know and understand our practices.

By interacting with us, submitting information to us, or signing up for any equipment, products and services offered by us, you agree and consent to Avisena, as well as its representatives and/or agents collecting, using, disclosing and distributing amongst themselves your Personal Data (as defined below), and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this Notice.

This Notice supplements but does not supersede nor replace any other consents you may have previously provided to Avisena in respect of your Personal Data, and your consents herein are additional to any rights which any member of Avisena may have at law to collect, use or disclose your Personal Data.

In this Notice, “mobile application” refers to Avisena‘s mobile application, including but not limited to our service providers’ mobile application and/or such other mobile applications developed by us.

TYPES OF PERSONAL DATA PROCESSED

The personal data processed by us are personal data which includes but not limited to your name, title, date of birth, NRIC (new and old) / passport number, home and office address, phone numbers (such as handphone, office and home phone number), facsimile numbers, email address, occupation, age, gender, marital status, race, nationality, citizenship, residential status, religion, next of kin’s information (such as next of kin’s relationship with your ,name and phone number), your employer / company information (such as job grade, designation, employee number, name of department, department code, branch location, name of subsidiary), dependent’s information (such as dependent’s relationship with you, name, phone number, NRIC (new and old) / passport number, date of birth, age, gender), medical history and information (such as medical check-up result, medical record, Medical Record Number, medical report, diagnosis), personal health information, insurance details, photograph, financial and banking account details, criminal history including regulatory offence and any other personal data from images (including photographs), information in audio and/or video format, closed-circuit television (“CCTV”), security recording network traffic data, online identifiers and any other information relating to you or any other individuals (including sensitive personal data as defined under the Act) which you have provided us in any forms (including for the purposes of completing surveys) you may have submitted to us, or via other forms of interaction with you. Where necessary, we may process certain sensitive personal data where it is required or authorised under the law, or in case of legal claims.

SOURCES OF PERSONAL DATA

Your personal data is collected from various sources, including:

• Directly provided by you, your parents, guardians, employer, company, next of kin, relatives, in application forms, registration forms, surveys, online forms, and any other forms e.g. during competitions, promotions etc.
• Directly provided by you, your parents, guardians, employer, company, next of kin, relatives, through verbal or written communication with us or our representatives.
• From recordings of CCTV installed at our premises.
• From recordings of telephone conversations between you and our representatives.
• From feedback, comments, questions, ratings and reviews on our website, social media or to our customer service officers.
• From our interaction or communication with you via our websites, text and messaging tools, social media channels, pages, promotions and/or blogs.
• From any information that is supplied and/or collected when you visit our websites which include your computer’s IP address or from any information that is collected via cookies in some of our websites. We use cookies for a number of purposes, including to store your preference for certain types of information or products, further analysis for the purpose of providing products and services to you, to improve our products and/or to personalize our services to you.
• From other lawful sources such as business partners, public agencies, ex-employer, referees, public depositories, trade / online directories, credit reporting agencies, public domain and other authorized third parties including but not limited to medical tourism agents, in our forms, agreements, website, and / or other similar documents.
• From your account creation with us.
• When you respond to our promotions, initiatives or to any request for additional Personal Data.
• When you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position.
• When you are contacted by, and respond to, our marketing representatives and customer service officers.
• When we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
• When you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services.
• From publicly available sources such as directories.
• When you submit your Personal Data to us for any other reasons.

If you provide us with any Personal Data of a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested, or delays in providing you with products and services you have requested or processing your applications.

We will not collect or solicit Personal Data from individuals under the age of eighteen (18) without first obtaining verifiable parental or legal guardian’s consent. If you are under the age of 18 you should not provide information to us. If we become aware that a person under 18 has provided Personal Data to us without verifiable parental or legal guardian’s consent (as may be the case where the information is provided via our website), we will remove such Personal Data from our records.

In emergency situations or where a patient is incapable of giving consent (for example, due to medical incapacity, injury, or being unconscious) at the time of admission, personal data may be collected, used, and disclosed for the purpose of treatment, care, and hospital administration. In such cases, consent may be obtained from the Relevant Person¹, in accordance with Code of Practice for Private Hospitals and the Personal Data Protection Act (PDPA) 2010. Where practicable, the patient’s consent will be obtained directly once they are conscious and medically fit.

All Personal Data collected will be handled in accordance with the PDPA 2010 and our internal policies, ensuring confidentiality, security, and proper use of such data at all times.

Note: ¹ Relevant person refers to the Next of Kin, Guardians, and other individuals as defined in the Personal Data Protection Act 2010. 

PURPOSES OF COLLECTING PERSONAL DATA

We will process Personal Data in connection with any commercial transactions for any of the following purposes, where relevant:

• to provide, administer and manage medical and healthcare services, including admissions, diagnosis, treatment, medical examinations, procedures, telehealth services and follow-up care;
• to establish, maintain and manage medical records, medical reports, patient case records and related documentation;
• to communicate with patients, caregivers or relevant persons in relation to medical care, appointments, medical reports, results and related matters;
• to facilitate patients’ personal needs and provide administrative support;
• to verify identity, update records and create and maintain profiles in our systems;
• to process payments, invoices, receipts, insurance coverage and insurance claims;
• to administer billing, debt management and recovery proceedings;
• to administer and respond to enquiries, requests, feedback, complaints and legal matters;
• to administer customer relationship management and personalise service experience;
• to administer and give effect to commercial transactions, including tenders, contracts for services, consignment arrangements and vendor engagements;
• to perform pre-contractual activities and contractual obligations and to enforce contractual and legal rights;
• to manage relationships with vendors, service providers, specialist doctors, clinics, hospitals and other business partners;
• to facilitate professional accreditation, credentialing and compliance audits;
• processing, managing or verifying your application for registration with us and providing you the benefits offered to users;
• to manage recruitment, employment, internships and other human resource-related matters;
• to conduct internal research, statistical analysis, education, training and quality improvement initiatives;
• to manage business operations, internal processes, internal controls, audits, investigations and business continuity arrangements;
• to report the Personal Data to the relevant authorities and/or third parties under the governing laws relevant to the healthcare industry;
• to operate and manage our premises in a safe and secure manner, including the use of CCTV systems for safety and crime prevention;
• to administer, grant access to, monitor and manage the use of websites, mobile applications, online platforms and related systems operated or managed by us or on our behalf (collectively, the “Platform”); and to administer and manage the Platform;
• to market, advertise and communicate information relating to services, events, promotions, campaigns and programs, where permitted by law;
• to comply with applicable laws, regulations, codes of practice, guidelines and requests from regulatory or governmental authorities;
• for submission and registration of relevant forms, licenses to the relevant authorities and/or third parties under the governing laws relevant to the healthcare industries;
• facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
• to maintain internal records and administrative documentation; and
• for any other purposes that are reasonably related or incidental to the foregoing.

(collectively, the “Purposes”).

In relation to any particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

Where you have indicated your consent to receiving marketing or promotional updates from Avisena, you may opt-out from receiving such marketing or promotional material at any time. You may select the “unsubscribe” option provided in Avisena’s email blasts, or you may contact Avisena at the details provided below.

Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 21 calendar days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period.

Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from Avisena Group.

DISCLOSURE OF PERSONAL DATA (WITHIN AND/OR OUTSIDE MALAYSIA)

Avisena Group will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable) to the following entities or parties (within and/or outside Malaysia):

• the Ministry of Health of Malaysia (“MOH”) or any other statutory or non-statutory authorities or bodies having authority or jurisdiction established by the MOH and other relevant government department or agencies;
• relevant accreditation bodies such as the Malaysian Society for Quality in Health (“MSQH”);
• Avisena’s healthcare professionals (including medical practitioner, dental practitioner, pharmacist, clinical psychologist, nurse, midwife, medical assistant, physiotherapist, occupational therapist, care assistants and other allied healthcare professionals and any other person involved in the giving of medical, health, dental, pharmaceutical and any other healthcare services under the jurisdiction of the MOH);
• other private and public healthcare professionals, other healthcare provider and other private and public hospitals;
• third parties appointed by us to provide services to us or on our behalf (such as banks, auditors, lawyers, company secretary, debt collection authorities and agencies, financial institution, printing companies, consignment vendors, contractors, training providers, conference/event organiser, other advisers, and insurance companies);
• service providers, vendors and suppliers which we contract with that provide products and services to us such as information technology security and support, data analytics support, customer survey, debt recovery, payroll and employee expense support, and benefits and rewards administration;
• our corporate clients;
• patient’s family and/or next of kin;
• in case of pre-employment health screenings, to the patient’s employer/ prospective employer;
• to such parties as may be required by law, court, regulator or legal process to disclose;
• to respective foreign embassies of foreign patient receiving treatment in Avisena;
• law enforcement agencies, including the local police;
• other parties in connection with corporate transactions: we may also, from time to time, share your Personal Data in the course of corporate transactions, such as during a sale of a business or a part of a business to another company, or any reorganisation, merger, joint venture, or other disposition of our business, assets, or stock; and/or
• to such parties as may be permitted under the law of Malaysia.

In addition to the above, and if you are a user of our mobile application, your Personal Data may be disclosed to the healthcare professionals who responds to your request on the mobile application. The healthcare professionals may contact you via telephone prior to being dispatched to your location, to ensure that that they are equipped to handle your medical case. The healthcare professionals’ treatment of your information is subject to the healthcare professionals and healthcare professional’s own policies and procedures. Any medical information that we collect from you will be kept private and secure, as required by law.

A list of permitted third parties to whom we may disclose your Personal Data is available [HERE].

RETENTION OF YOUR PERSONAL DATA

We will retain your personal data in compliance with this Notice and/or the terms and conditions of your agreement(s) with us for the duration of your relationship with us, for such period as may be necessary to protect the interests of Avisena as may be deemed necessary, where otherwise required by the law and/or where required by our relevant policies. If a retention period has ended, your personal data will be disposed, de-identified and/or transferred to an archive (as relevant and applicable).

DATA PROTECTION

We are committed to maintaining the security of your Personal Data and restrict the processing of Personal Data to those data that are reasonable, adequate for, and/or relevant to applicable to our business purposes. To protect your Personal Data, we have implemented reasonable physical, technical and procedural measures to secure your personal information from accidental loss and from unauthorized or accidental access, use, alteration, and disclosure. We also require our external parties to protect the confidentiality and security of your Personal Data.

We implement robust data protection mechanisms to safeguard the sensitivity of users’ personal data, including:

1. Encryption: We use encryption to protect users’ personal data both at rest and in transit.
2. Access Controls: We implement strict access controls to limit access to users’ personal data to authorized personnel.
3. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.
4. Regular Security Audits: We conduct regular security audits to identify and address potential vulnerabilities.
5. Compliance with personal data protection law: We adhere to applicable personal data protection laws and regulations, such as the Personal Data Protection Act 2010.

We also ensure that any third-party service providers storing or processing your personal information has implemented similar acceptable standards of security.

You must remember to exit the browser window after use to disable any unauthorized party access. It is your responsibility at any time, not to divulge your personal user ID and password to any third party.

USE OF COOKIES, WEB BEACONS, AND SIMILAR TECHNOLOGIES ON THE WEBSITE

When you visit or interact with our sites, services, we or our authorized service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide you with a better, faster, and safer web experience.

The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

The use of cookies, web beacons and similar technologies by us on our website have different functions. They are either necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our sites.

Cookies – A cookie may be used in the processing of your information. A cookie is a text file placed into the memory of your computer and/or device by our computers. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. We use cookies to identify you. We may also collect the following information during your visit to our website and/or the fully qualified domain name from which you are accessed our site, or alternatively, your IP address:

• The date and time you accessed each page on our website.
• The URL of any webpage from which you accessed our site (the referrer); and
• The web browser that you are using and the pages you accessed. Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc.).

Web beacons – Small graphic images (also known as “pixel tags” or “clear GIFs”) may be included on our sites and services. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.

Similar technologies – Technologies that store information in your browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers.

We may use the terms “cookies” or “similar technologies” interchangeably in our policies to refer to all technologies that we may use to collect or store information in your browser or device or that collect information or assist in identifying you as a unique user in the manner described above.

We offer certain site features and services that are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.

MOBILE DEVICE INFORMATION

Your use of our mobile application may also include collection of information from your mobile device. For example, the mobile application may request your permission to collect location data and/or may request access to multimedia (photos or videos) stored on your mobile device. Location data is not required for participation in activities through the mobile application, and you have the option of declining collection of geolocation data. If you do not wish for your location data to be shared with us, please respond accordingly when prompted on your mobile device, or visit your mobile device settings. Multimedia will only be collected from your device if you affirmatively select it to upload to the mobile application (i.e. you choose an image or video to store within the mobile application). Multimedia will not be shared with other mobile application users (with the exception of your profile photo, which will appear in your user profile).

We may use mobile application tracking and/or analytics services. These services may record unique mobile gestures such as tap, double tap, zoom, pinch, scroll, swipe and tilt but do not collect personally identifiable information that you do not voluntarily enter in the mobile application. These services do not track your browsing habits across mobile applications that do not use the same services. We are using the information collected by these services to understand user behaviour and optimize site performance.

THIRD-PARTY SITES

Our website may contain links to other websites operated by third parties, including for example our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage you to learn about the data protection practices of such third-party websites. Some of these third-party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third-party website to determine how they will handle any information they collect from you.

YOUR RIGHTS TO ACCESS AND/OR CORRECT PERSONAL DATA

You have the right to access and correct your personal information held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal information is accurate and up to date therefore if there are any changes to your personal data or if you believe that the personal data we have about you is inaccurate, incomplete, misleading, or not up-to-date, please contact us so that we may take steps to update your personal data.

Subject to applicable legal restrictions, contractual conditions, and a reasonable time given to us, you may withdraw or amend, in full or in part, your consent given previously for use of your Personal Data.

By voluntarily providing us your Personal Data:

• you are giving consent for us to collect, use and process your Personal Data.
• you confirm that such data is sufficient, accurate, complete and not misleading; and
• you acknowledge that such Personal Data is necessary for us to provide our services to you and to establish a commercial transaction.

If you choose not to provide such Personal Data or if such Personal Data is insufficient, inaccurate, incomplete and/or misleading, Avisena may not be able to provide you with the services you require or the required level of service.

Limiting the processing of personal information, withdrawal of consent, further enquiries and complaints

If you would like to request access to or correction of your Personal Data, limit the processing of your Personal Data, make any enquiries, or lodge any complaint or concern regarding the processing of your personal information, you may contact:

Data Protection Officer

• Address: Avisena Healthcare Sdn Bhd, No. 3 Jalan Perdagangan 14/4, Seksyen 14, 40000 Shah Alam, Selangor
• Tel: 03-5515 1888 (ext.: 20604)
• Fax: 03-5515 1815
• Email: pdpc@avisena.com.my

For security and verification purposes, you are required to submit your request in writing. In accordance with the Act, we may charge a prescribed processing fee for any request to access Personal Data, depending on the nature of the information requested.

Depending on the circumstances, we may refuse to comply with a data access or data correction request. In such cases, we will provide written notice of our refusal and state the reasons for our decision.

If the requestor is not the owner of the Personal Data, we may require a signed consent form from the data owner, authorizing the request and indemnifying us for the release or correction of the Personal Data.

Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to Avisena Group on your behalf.

If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Avisena Group may not be in a position to continue to provide its products and services to you or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with Avisena Group, and you’re being in breach of your contractual obligations or undertakings. Avisena Group‘s legal rights and remedies in such event are expressly reserved.

MODIFICATION OF THE NOTICE

We may review and update this Notice from time to time to reflect changes in the Act. The latest version of the Notice will be made available at www.avisena.com.my. By continuing receiving and obtaining services from Avisena following the modifications or changes to this Notice, shall signify your acceptance to such modifications or changes.

CONFLICT

We provide this Notice in both English and Bahasa Malaysia. In case of any inconsistencies between these two, the English version shall prevail over the Bahasa Malaysia version.

This Personal Data Protection Notice was last updated on 31 December 2025.