RSDH PRIVACY AND PERSONAL DATA PROTECTION POLICY
The Personal Data Protection Act 2010 (the “ Act ”), which regulates the processing of personal data in commercial transactions, applies to the RSDH Group which consists of Ramsay Sime Darby Health Care Sdn Bhd and its subsidiaries and related corporations (“our”, “us” or “we”). For the purpose of this Privacy and Personal Data Protection Policy (“Policy”), the terms “personal data” and “processing” shall have the same meaning as prescribed in the Act.
This Policy sets out how RSDH Group uses and protects your personal information that you give us. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Policy.
This Policy is issued to all our immediate and/or prospective clients, employees, goods and/or service providers pursuant to the Act and serves as our personal data protection notice in accordance with the Act.
This Policy serves to inform you that your personal data is being processed by us or on our behalf. By providing us with your Personal Data or continuing to communicate with us, we shall regard that you have consented to the processing of such data pursuant to this Policy.
2. Description of Personal Data
We may collect a variety of information and/or data about yourself (“Personal Data”) including but not limited to your name, date of birth, race, religion, gender, company name, Malaysian Identification Card number, nationality, biometrics information, e-mail address, address, contact number, credit card details, bank account details, health information, food preference, allergy, photographs, occupation, marital status, video recording, CCTV images, and all other personal data we again collect from you on any subsequent occasion.
Your Personal Data is being or is to be collected and further processed for:
(a) ensuring that you continue to receive medical treatment;
(b) contacting you in case of any change of appointment dates;
(c) marketing purposes and surveys;
(d) inviting you to participate in our events, education programmes and activities;
(e) assessing your credit worthiness and processing any payments relevant to you;
(f) insurance purposes, third party administration and any other third parties;
(g) purposes of enforcing our legal rights and / or obtaining professional or legal advice;
(h) internal records management;
(i) conducting internal activities such as evaluating the effectiveness of marketing, market surveys/research, trend analysis, statistic compilation, reporting, audit, compliance, risk management, and data analytics to improve our services;;
(j) complying with any legal or regulatory requirements and/or requests from regulatory bodies;
(k) instituting debt recovery proceedings against defaulters
(collectively, the “Purposes”).
4. Source of Personal Data
Your Personal Data is being or is to be collected :
(i) directly from you when you or your representative fill in the registration forms at our facilities, or contact us via emails, letters or telephone calls, or when taking part in customer surveys and promotions and during marketing activities,
(ii) from any third parties connected with you such as your employer / potential employer, agents, insurance companies, other healthcare facilities/providers,
(iii) from such other sources to whom you have given your consent to disclose information relating to you,
(iv) from events,
(v) from CCTV recordings,
(vi) from audio/video recordings,
(vii) from doctors’ letters,
(viii) from medical reports/records,
(ix) from all other personal data we again collect from you on any subsequent occasion, and
(x) from all other information that you may provide us from time to time.
5. Access to, correction of and limiting the processing of Personal Data
You have the right to request access to and to request correction of your personal data and to contact us with any inquiries or complaints in respect of your personal data (including the possible choices and means for limiting the processing of your personal data or, to cease or not begin processing your Personal Data for purposes of direct marketing) through the following :
a. Subject to provisions of the Act, you may, upon payment of a prescribed fee, make a data access request in writing to us.
b. Subject to applicable legal restrictions, contractual conditions and reasonable time period given to us, you may withdraw or amend, in full or in part, your consent given previously for use of your Personal Data.
c. Depending on your request, there may be circumstances where we refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.
6. Compulsory Personal Data
It is obligatory that you supply us the details marked with asterisk (*) in our registration form (collectively, “Compulsory Personal Data”). If you fail to supply us the Compulsory Personal Data, this can result in us being unable to provide you with the services requested and/or unable to perform the contract entered into.
7. Consequences of Refusal / Failure to Provide Personal Data
The refusal or failure to provide Personal Data may result in the following for which we shall not be held liable for any of the consequences arising from:
a. the inability of parties to formalize any contract and/or agreement, to facilitate provision of our services or to hire human resources;
b. the inability for us to provide you with services and/or products requested;
c. the inability for us to update you on our latest services and/or products and/or appointment dates;
d. the inability to complete transactions in relation to our products and/or services; and
e. the inability to comply with any applicable law, regulation, direction, court order, guidelines and/or codes applicable to us.
8. Disclosure of Personal Data
We disclose or may disclose your Personal Data to other entities within the RSDH Group, our related corporations, business partners, insurance companies, credit card companies, credit check companies, debt collection agencies, your employer, your next of kin, research organizations, social welfare organization, medical and healthcare professionals, external counterparts for situations where a patient is transferred to another government or private hospital, parents or guardians of minors, service providers, our financial and professional advisors, banks, governmental departments and/or agencies, regulatory and/or statutory bodies, accreditation bodies and any such third party requested or authorized by you for any of the Purposes.
Third parties are required to process your Personal Data in line with principles specified by us and/or the applicable law. They are also held responsible for securing your Personal Data at an appropriate level of security in relation to applicable data protection laws and accepted industry standards.
9. Protection of Personal Data
Your Personal Data will be kept and processed in a secured manner. We are committed to take appropriate administrative and security safeguards and procedures to prevent unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. Access to your Personal Data is limited to and provided only to relevant users for the purpose of performing their duties.
10. Third party personal data
We may require your assistance if the personal data relating to other persons (for example, your next of kin) is required to process your Personal Data for the Purposes and you hereby agree to use your best endeavors to assist us when required. In the event that personal data of any third party is supplied by you to us, you shall ensure that such third party has read this Policy and consented to us collecting his/her personal data for any of the Purposes prior to the supply of his/her personal data to us.
11. Transfer of Personal Data to places outside Malaysia
We may transfer your Personal Data to a place outside Malaysia and you hereby give your consent to the transfer.
12. Accuracy of your Personal Data
You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and kept up to date.
In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Policy, the English version shall prevail.
14. Changes to this Policy
We may change this Policy as needed for example, to comply with the changes in business operations or laws or regulations by updating this page. You should check this page from time to time to ensure that you are updated on any changes.