In this privacy statement (“Privacy Statement”):-
“CCM” shall mean Companies Commission of Malaysia.
“Communication Service(s)” shall include bulletin board services, chat areas, news groups, forums, communities, personal web pages, calendars and/or other messages or communication facilities which may be available to you through Hospital Information System (HIS) or through other mode of communication between you and THONEH which includes but not limited to any letters, emails and/or any application forms filled up by you;
“HIS” shall mean the Hospital Information System which is an integrated and comprehensive information system that manages, processes and retains all data relating to administrative, financial and clinical matters.
“THONEH”, “Us” and “We”, for the purpose of this Privacy Statement, shall include National Institute Ophthalmic Sciences (NIOS), THES Capital Sdn Bhd including its subsidiaries and other companies associated, affiliated and related to THONEH;
“HIS” comprises of various information data operated by HIS owned by THONEH;
“PDPA” means Personal Data Protection Act 2010 which includes any subsidiary legislation and/or regulations made thereunder, or as may be supplemented from time to time;
“Personal Data” whenever used in this Privacy Statement shall have the meaning as assigned to it by PDPA, which includes Personal Data which is in the possession and/or control of THONEH that relates directly or indirectly to you (or any other individual) to the extent that you (or the other individual) is identified or identifiable from that information or from that and other information in the possession of THONEH;
“processing”, whenever used in the Product Service(s) shall have the meaning as assigned to it by PDPA, which includes collecting, recording, holding, storing, using or disclosing Personal Data;
“Product Service(s)” shall include all and any requisite medical and/or surgical and nursing treatment for eye care services (including any other related services), development of educational and research programmed services, wellness and care services, fund raising activities, community engagement events, medical tourism series, , etc., whether offered online or otherwise by THONEH, by way of electronic application or manual or in any other mode howsoever made;
“Services” shall collectively mean Communication Service(s) and Product Service(s), or any services under Communication Service(s) or Product Service(s), as required by you;
“type of Personal Data” may include, but is not limited to your name, address, identity card or passport or other identification number, telephone number, mailing and email address, other contact details, age, occupation, marital status, health information and medical record, place of birth, and any other information relating to you which you have provided us in any forms of communication that you have submitted to us;
“THONEH” is the abbreviation for The Tun Hussein Onn National Eye Hospital, a company limited by guarantee duly incorporated under Companies Act 2016; and
“THONEH Website” shall mean various web pages including but not limited to social media pages operated by THONEH Website and owned by THONEH.
B1. THONEH is committed to protecting the privacy of our customers’ information (“Personal Data, as herein defined”), which includes the users of HIS and/or manually. This Privacy Statement governs Personal Data collection and usage and other related matters.
B2. This Privacy Statement explains:-
- the type of Personal Data about you which is processed by THONEH when you register and/or use any type of Product Service(s) and or Communication Service(s) from THONEH or HIS;
- where or how THONEH obtains this Personal Data (where available);
- the purposes for which THONEH collects and uses your Personal Data;
- circumstances where THONEH may disclose your Personal Data to third parties;
- whether you can limit the processing of your Personal Data;
- whether it is voluntary or obligatory to supply your Personal Data and the consequences of failing to supply your Personal Data when it is obligatory; and
- how to contact THONEH if you have any questions about your Personal Data held by THONEH or if you wish to exercise your right to get copies of your Personal Data or correct your Personal Data.
B3. You are advised that, by subscribing for the Product Service(s) and/or Communication Service(s), you shall be deemed to have agreed and accepted the terms as provided herein.
COLLECTION OF YOUR PERSONAL DATA
1.1 THONEH collects your Personal Data from the following sources:-
- Process request for medical services including but not limited to customer inquiry forms or other forms relating to any of our services;
- Administer and communicate in relation to our services and/or events;
- Facilitate participation in future medical procedures;
- Organize medical management within THONEH, including sharing personal data with other Independent consultants within THONEH or for peer review;
- Process credit facility application;
- Assess credit worthiness;
- Administer and give effect to commercial transaction (Tender Award, Contract for Service, Consignment Agreement, etc.);
- Insurance purposes to facilitate guarantee letters;
- Process any monies due to individual;
- Operate THONEH’s premises in a manner which is physically safe, secure and befitting of health and safety requirements in accordance with statutory guidelines;
- Internal investigations, audit or security purposes;
- Conduct internal statistical analysis and analysis of patient’s case studies;
- Comply with THONEH’s legal and regulatory obligations in the conduct of its business;
- Contact individuals regarding THONEHs products, services, upcoming events; promotions, advertising, marketing and commercial materials which are of interest to individuals;
- Ensure that the content from THONEH’s website is presented in the most effective manner for the individual, and/or electronic devices;
- Furnishing THONEH details of individual visitors for screening purposes;
- THONEH’ internal records management; and
- Utilizing such information for purposes of debt recovery in the event of any monies due and owing from individual and/or companies.
1.2 The type of your Personal Data which we may collect varies depending on the Service(s) you enjoy or agreements you have with us. But generally, the Personal Data which we collect will include (but are not limited to your name, date of birth, gender, nationality and race, preferred language, e-mail address, current home or work address, telephone or mobile phone number, fax number and particulars of identification documents (including NRIC and/or passport number), as well as financial and banking information as and when required.
1.3 There is also information about your computer hardware and software that is automatically collected by THONEH. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses.
2. PURPOSE OF COLLECTING AND PROCESSING OF YOUR PERSONAL DATA
2.1 To the extent permitted by law, THONEH may collect and process your Personal Data in the ordinary course of business, which shall include but not be limited to as follows:-
- for internal record keeping as may be required by law or under relevant regulatory bodies including but not be limited to CCM, Ministry of Health and/or the Ministry of Higher Education.;
- for the purpose of carrying out and/or processing your information in connection with your usage of our Services or the agreements you have with us;
- when cross-selling and cross servicing the products and/or services of THONEH;
- to verify your identity;
- to detect and/or prevent fraudulent, illegal and/or criminal activity;
- to respond to your inquiries;
- to contact you should we need to regarding the Services that you have acquired;
- to investigate and/or resolve any service issues;
- to enforce or extend or defend any of our rights;
- to comply with all applicable laws and regulations;
- to enhance the quality of our products and Services; and
- other purposes which are in the ordinary course of business which are not specifically mentioned herein.
2.2 We may also use your Personal Data for the following purposes:
- to conduct internal activities and/or for the purposes of market surveys and trend analysis;
- to provide general statistics regarding the use of the HIS;
- periodically to contact you to promote and market to you (including without limitation by way of direct mail, e-mail, fax SMS) our products, services and offers of third parties whose products and services we think may be of interest to you;
- inform you of other products or services available from THONEH and its affiliates;
- to contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered;
- to send you seasonal greetings messages or public service announcements either on our own behalf or on behalf of other people or entities on whom we think you may be interested.
2.3 Your Personal Data will be respected, maintained and safeguarded. Thus, we shall ensure that our employees’ access to the Personal Data which you have disclosed or have been disclosed on your behalf are limited to our authorized employees who are fully trained and well equipped to handle your Personal Data.
2.4 You are advised that whilst you are neither bound nor obligated to provide us with any of your Personal Data or to consent to our processing of such Personal Data, your choice not to do so for whatever reasons may result in you not being able to make use of our Services due to such Service being dependent on or involving, directly or indirectly, the processing of your Personal Data which may affect our ability to perform any of our obligation under any agreements you have with us. We shall not be held liable in any way for any loss, damage or other liabilities that may arise resulting from your choice to withhold Personal. If you do not wish for us to process your data for any of the aforementioned purposes or any other purpose, you can contact us in the manner stated in Clause 7 below.
3. SHARING OF PERSONAL DATA
3.1 As a general rule, unless otherwise permitted by law, we do not disclose your Personal Data to any third parties. Companies within THONEH are bound by the provisions of the law under the Companies Act 2016 and/or The Private Healthcare Facilities and Services Act 1998 (Private Hospitals and other Private Health Care Facilities Regulation 2006) and/or Private Higher Education Institution Act 1996 and/or any other relevant legislations, amending, supplementing or otherwise, and guidelines as the case may be in order to protect your Personal Data.
3.2 Notwithstanding the generality of this Privacy Statement and while we shall endeavor to safeguard the privacy of your Personal Data, to the extent permitted by law, we may nevertheless disclose your Personal Data where such disclosure is:
- required or requested or authorized by you;
- required by CCM, Ministry of Health and Ministry of Higher Education and/or other regulatory or competent authorities;
- is lawfully permitted or required under the law;
- if required or authorized to discharge any regulatory function, under any law or in relation to any order or judgment of a court;
- if required for the purpose of detection or prevention of crime, illegal/unlawful activities or fraud or for the apprehension or prosecution of offenders, or for an investigation relating to any of these;
- in compliance within any jurisdiction or legal requirement; and/or
- required to protect our rights and defend us and our property.
3.3 However, to improve our services and ensure that you fully benefit from our full range of Services, your information, may from time to time be provided to any third party service providers, contractors, who provide IT services (including software and hardware) maintenance and repair services and/or other services in connection with the operation of THONEH businesses. In such circumstances we shall endeavor to ensure that they comply with the same standard regarding the privacy of your information as that which is imposed by us. Should you wish for us not to share your information with any of these entities, please write in to us or contact us as provided in Clause 7 below.
3.4 Save as otherwise stated herein, THONEH will not disclose your Personal Data to any other third party without your consent unless otherwise provided by the law.
3.5 THONEH does not sell, rent or lease its contact lists to third parties unless we have your permission or are required by law to do so. THONEH may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) will not be transferred to the third party without your written consent.
3.6 THONEH does not use or disclose sensitive Personal Data, such as religion, or political affiliations, commission or alleged commission of any offence without your explicit consent and/or in accordance with Section 40 of the PDPA.
3.7 Please be advised that if you directly disclose personally identifiable information or personally sensitive data through THONEH Website’s public message boards, this information may be collected and used by others, which is beyond the control of THONEH. In this regard, THONEH disclaims any liability with regard to your participation in the Communication Service(s) and any actions resulting from your own action in the Communication Service(s). You are further advised that THONEH does not read any of your private online communications.
4. YOUR RIGHTS AND OBLIGATIONS REGARDING YOUR PERSONAL DATA
4.1 If you would like to:-
- be informed of your Personal Data that is being processed by THONEH;
- receive a copy of such Personal Data; or
- correct the Personal Data,
kindly send us a request in the manner stated under Clause 7 below. Please note that we reserve the right to charge a fee for attending to and complying with any request made pursuant to this Clause 4.
4.2 Subject to Clause 4.3 below, we will endeavor to comply with any request made pursuant to Clause 4.1 within twenty one (21) days upon receipt of such request. If we are unable to comply, we will inform you of the reasons within the aforementioned period and comply to the extent that we are able to.
4.3 Kindly note that we may refuse to provide access to Personal Data pursuant to a request made under Clause 4.1 if:-
- the requestor has not supplied sufficient information as to satisfy us of the identity of the requestor;
- the requestor has not supplied sufficient information as to enable us to locate the relevant Personal Data;
- the burden or expense of providing such access is disproportionate to the risk to the requestor’s privacy;
- we cannot comply with the request without disclosing the Personal Data of another individual;
- the Personal Data, in whole or in part, is controlled by another party in a manner which prohibits us from complying with the request;
- providing access would violate an order of a court;
- providing access would disclose confidential commercial information; or
- such access to the Personal Data is regulated by another law.
4.4 Kindly note that we may refuse to correct or update any Personal Data pursuant to a request made under Clause 4.1 if:-
- the requestor has not supplied sufficient information as to satisfy us of the identity of the requestor;
- the requestor has not supplied sufficient information as to enable us to ascertain in what way the Personal Data is inaccurate ;
- we are of the view that the Personal Data to be corrected is accurate;
- we are of the view that the requested correction is inaccurate; or
- the Personal Data, in whole or in part, is controlled by another party in a manner which prohibits us from complying with the request.
4.5 Should you wish to withdraw your consent to our processing of your Personal Data, kindly notify us in the manner specified under Clause 7 below. Please note that your withdrawal of consent may result in you not being able to make full use of our Services due to such Service being dependent on or involving, directly or indirectly, the processing of your Personal Data which may affect our ability to perform any of our obligation under any agreements you have with us. We shall not be held liable in any way for any loss, damage or other liabilities that may arise resulting from your choice to withhold Personal Data.
In the event that you consider the processing of your Personal Data to cause or be likely to cause you or another person unwarranted substantial damage or unwarranted substantial distress, you may request us to cease processing by sending us a request in the manner stated under Clause 7 below.
4.7 Subject to Clause 4.8 below, we will endeavor to comply with any request made pursuant to Clause 4.6 within twenty one (21) days upon receipt of such request. If we are unable to comply, we will inform you of the reasons within the aforementioned period and comply to the extent that we are able to.”
4.8 Kindly note that we may refuse to comply with a request made under Clause if:-
- you have consented to the processing of the Personal Data in question;
- the processing of the Personal Data in question is necessary for the performance of a contract with you;
- the processing of the Personal Data in question is necessary to take steps at your request to enter into a contract;
- the processing of the Personal Data in question is necessary to comply with any legal obligation to which we are subject;
- the processing of the Personal Data in question is necessary to protect your vital interests; or
- the processing of the Personal Data in question is prescribed by the Minister.
5. SECURITY OF YOUR PERSONAL DATA
5.1 THONEH protects your Personal Data by ensuring we have sufficient security measures in place and shall ensure that your Personal Data is stored and handled in such a way as to prevent any unauthorized disclosure.
5.2 THONEH shall take all reasonable action to prevent unauthorized use, access or disclosure of and to protect the confidentiality of your Personal Data in connection with the purpose for which the Personal Data, has been disclosed to, or has been collected by us.
5.3 In relation to HIS, THONEH secures your Personal Data from unauthorized access, use or disclosure. THONEH secures the identifiable Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
6. IF YOU CEASE TO RECEIVE SERVICES FROM THONEH
6.1 THONEH shall not keep your Personal Data longer than is necessary for the fulfillment of the purpose for which it was to be processed unless such retention is necessary for us to discharge any regulatory function, under any law or in relation to any order or judgment of a court.
6.2 If you no longer wish for any of the company under THONEH to process your Personal Data in this situation, please contact us as provided in Clause 7 below. We will then take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted.
7. CHANGES TO THIS STATEMENT
7.1 THONEH will occasionally update (including make amendments, variations and/or addition) this Privacy Statement to reflect company and customer feedback and also to reflect our current policy or subsequent changes to any rules, regulations, acts applicable at that time.
7.2 THONEH encourages you to periodically review this Privacy Statement to be informed of how THONEH is protecting your information.
7.3 For avoidance of doubt, if there is any inconsistency between any statement contained in this Privacy Statement and any provisions of the laws, including but not limited to the PDPA, the provision of the laws shall prevail and THONEH reserves the rights to make appropriate amendments or changes herein.
8. CONTACT INFORMATION
THONEH welcomes your comments regarding this Privacy Statement. You may address any queries, concerns or complaints relating to your Personal Data or information by emailing to us at firstname.lastname@example.org or writing to the address provided below:-
The Tun Hussein Onn National Eye Hospital,
Lot 2, Lorong Utara B, 46200 Petaling Jaya, Selangor Darul Ehsan.
Attention: General Manager
9. LAWS APPLICABLE
This Privacy Statement shall be construed and interpreted in accordance with the laws of Malaysia.