RSDH PRIVACY AND PERSONAL DATA PROTECTION POLICY
The Personal Data Protection Act 2010 (the “ Act ”), which regulates the processing of personal data in commercial transactions apply to the RSDH Group which consists of Ramsay Sime Darby Health Care Sdn Bhd and its subsidiaries and related corporations (“our”, “us” or “we”). For the purpose of this RSDH Privacy and Personal Data Protection Policy (“Policy”), the terms “personal data” and “processing” shall have the same meaning as prescribed in the Act.
This Policy sets out how RSDH Group uses and protects your personal information that you give us. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Policy.
This Policy is issued to all our immediate and/or prospective clients, employees, goods and/or service providers pursuant to the Act and serves as our personal data protection notice in accordance with the Act.
This Policy serves to inform you that your personal data is being processed by us or on our behalf. By providing us with your Personal Data or continuing to communicate with us, we shall regard that you have consented to the processing of such data pursuant to this Policy.
2. Description of Personal Data
We may collect a variety of information and/or data about yourself (“Personal Data”) including but not limited to your name, date of birth, race, religion, gender, company name, Malaysian Identification Card number, nationality, biometrics information, e-mail address, address, contact number, credit card details, bank account details, health information, food preference, allergy, photographs, occupation, marital status, video recording, CCTV images, and all other personal data we again collect from you on any subsequent occasion.
Your Personal Data is being or is to be collected and further processed for:
(a) ensuring that you continue to receive medical treatment;
(b) contacting you in case of any change of appointment dates;
(c) managing medical records and medical reports;
(d)facilitating payment process relating to the patients;
(e)reporting personal data to the relevant bodies and/or third parties under the laws applicable to healthcare industry;
(f)sharing personal data with the group holding company and related companies as defined under the Companies Act 2006;
(g)conducting research, analysis and improvement;
(h)marketing and advertisement purposes and surveys;
(i) facilitating overseas patient’s personal requirements (for example, visa applications);
(j)administering and responding to request, queries, complaints and legal issues;
(k)facilitating human resource management activities relating to employees;
(l)_for submission, registration of relevant forms, licences to regulatory authorities and/or third parties under laws applicable to healthcare industries;
(m)for education and training (with anonymized data where possible);
(o)assessing your credit worthiness and processing any payments relevant to you;
(p) insurance purposes, third party administration and any other third parties;
(q) purposes of enforcing our legal rights and / or obtaining professional or legal advice;
(r) internal records management;
(s) conducting internal activities such as evaluating the effectiveness of marketing, market surveys/research, trend analysis, statistic compilation, reporting, audit, compliance, risk management, and data analytics to improve our services;
(t) complying with any legal or regulatory requirements such as audit and/or requests from regulatory bodies;
(u) instituting debt recovery proceedings against defaulters
(collectively, the “Purposes”).
4.Source of Personal Data
Your Personal Data is being or is to be collected :
(i) directly from you when you or your representative fill in the registration forms at our facilities, or contact us via emails, letters or telephone calls, or when taking part in customer surveys and promotions and during marketing activities,
(ii) from any third parties connected with you such as your employer / potential employer, agents, insurance companies, other healthcare facilities/providers,
(iii) from such other sources to whom you have given your consent to disclose information relating to you,
(iv) from events,
(v) from CCTV recordings,
(vi) from audio/video recordings,
(vii) from doctors’ letters,
(viii) from medical reports/records,
(ix) from all other personal data we again collect from you on any subsequent occasion, and
(x) from all other information that you may provide us from time to time.
5. Access to, correction of and limiting the processing of Personal Data
You have the right to request access to and to request correction of your personal data and to contact us with any inquiries or complaints in respect of your personal data (including the possible choices and means for limiting the processing of your personal data or, to cease or not begin processing your Personal Data for purposes of direct marketing) through the following :
a. Subject to provisions of the Act, you may, upon payment of a prescribed fee, make a data access request in writing to us by completing an Access Request Form which is attached as Appendix A, and returning the same to us.
b. Subject to applicable legal restrictions, contractual conditions and reasonable time period given to us, you may withdraw or amend, in full or in part, your consent given previously for use of your Personal Data.
c. Depending on your request, there may be circumstances where we refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.
d. We may also require the requestor of Personal Data (where the requestor is not the owner of Personal Data) to provide consent form of the owner of Personal Data authorizing and indemnifying us to release or correct the Personal Data.
6. Compulsory Personal Data
It is obligatory that you supply us the details marked with asterisk (*) in our registration form (collectively, “Compulsory Personal Data”). If you fail to supply us the Compulsory Personal Data, this can result in us being unable to provide you with the services requested and/or unable to perform the contract entered into.
7 .Consequences of Refusal / Failure to Provide Personal Data
The refusal or failure to provide Personal Data may result in the following for which we shall not be held liable for any of the consequences arising from:
a. the inability of parties to formalize any contract and/or agreement, to facilitate provision of our services or to hire human resources;
b. the inability for us to provide you with services and/or products requested;
c. the inability for us to update you on our latest services and/or products and/or appointment dates;
d. the inability to complete transactions in relation to our products and/or services; and
e. the inability to comply with any applicable law, regulation, direction, court order, guidelines and/or codes applicable to us.
8 .Disclosure of Personal Data
We disclose or may disclose your Personal Data to the following
other entities within the RSDH Group and our related corporations,
our medical specialists who treat patients in our hospitals;
banks, financial institutions, credit card or debit card issuers for processing of payment,
credit check companies,
debt collection agencies to recover outstanding debt owing to us,
your next of kin,
social welfare organization,
medical and healthcare professionals,
external counterparts for situations where a patient is transferred to another government or private hospital,
parents or guardians of minors,
agents, contractors and vendors who process data for us,
laboratories and diagnostic service providers who may be outside the control of the private hospital environment
data centers which host data for the hospitals;
external auditors and accountants
governmental bodies, their agencies and other related organisations such as Ministry of Health, Ministry of Human Resources, Ministry of Home Affairs, Malaysian Anti-Corruption Commission, Inland Revenue Department, Malaysian Department of Insolvency, Royal Malaysian Police, Malaysian Medical Council, Malaysian Dental Council and Malaysian Medical Association,
regulatory and/or statutory bodies,
accreditation bodies and
any such third party requested or authorized by you for any of the Purposes.
Third parties are required to process your Personal Data in line with principles specified by us and/or the applicable law. They are also held responsible for securing your Personal Data at an appropriate level of security in relation to applicable data protection laws and accepted industry standards.
9 .Protection of Personal Data
Your Personal Data will be kept and processed in a secured manner. We are committed to take appropriate administrative and security safeguards and procedures to prevent unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. Access to your Personal Data is limited to and provided only to relevant users for the purpose of performing their duties.
10. Third party personal data
We may require your assistance if the personal data relating to other persons (for example, your next of kin) is required to process your Personal Data for the Purposes and you hereby agree to use your best endeavors to assist us when required. In the event that personal data of any third party is supplied by you to us, you shall ensure that such third party has read this Policy and consented to us collecting his/her personal data for any of the Purposes prior to the supply of his/her personal data to us.
11. Transfer of Personal Data to places outside Malaysia
To the extent where this is permitted under law, we may transfer your Personal Data to a place outside Malaysia and you hereby give your consent to the transfer.
12. Accuracy of your Personal Data
You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and kept up to date.
In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Policy, the English version shall prevail.
14. Changes to this Policy
We may change this Policy as needed for example, to comply with the changes in business operations or laws or regulations by updating this page. You should check this page from time to time to ensure that you are updated on any changes.
RSDH PERSONAL DATA PROTECTION ACT 2010 DATA ACCESS REQUEST FORM
The following information is required to help us provide you a timely and accurate response to your Data Access Request pursuant to the PDPA 2010.
Full Name of Data Subject or Relevant Person (as per NRIC)
NRIC/Passport No of Data Subject or Relevant Person
Relevant Person’s Relationship with Data Subject
Name of hospital/company under RSDH Group which you are requesting personal data from (“Data User”)
If you have been a patient at the Data User hospital, please provide your Medical Record Number
If you are or have been employed at the Data User, please provide your Employment number and period of engagement
Please provide details of the information you require from the Data User.
I am the Data Subject/Relevant Person named above and hereby request under the provisions of Section 12 and 30 of the Personal Data Protection Act 2010 that [Data User] provide me a copy of the personal data held about me as specified above. I understand that there may be a charge for this service and that [Data User] will contact me to request for payment, I also note that the Hospital will respond within the time stipulated under the Act after the receipt of the payment from me and will notify me of a date and time to collect a copy of the document personally.