Kuala Lumpur Sports Medicine Centre Privacy Policy
This privacy policy (and the amendment thereof which may be made from time to time) (“Privacy Policy”) outlines and explains on the policies and principles pertaining to the personal data that we hold from you, as the customer, patient, employees, vendors, suppliers or the individual providing the personal data or any information being the subject matter of this Privacy Policy to us. This Privacy Policy sets out the manner we deal with your personal data including the manner in which we collect, process, use, disclose, transfer and store your personal data. This Privacy Policy applies to our day-to-day operations including visitors to our website or our accounts on social media platforms.
Our products and services are provided to you subject to the Terms and Conditions of Service and other rules, policies and regulations which have been issued or will be issued by us from time to time, and this Privacy Policy should be read into those terms and conditions, rules, policies and regulations to the extent as relevant and applicable. In certain specific instances, this Privacy Policy may also be supplemented by additional policies and terms, or any short notice or statement used in connection with particular purpose(s) or on various forms issued by us from time to time.
This Privacy Policy constitutes written notice to you in accordance with the Data Protection Principles under the Personal Data Protection Act, 2010 (“Act”). In addition, this Privacy Policy shall also constitute as a written notice (as the context shall require) in relation to personal data of any other individual who is not a customer or patient but whose data is required to be collected by us by reason of, or incidental to, the provision of any products or services to our customers or patients. Kindly review this Privacy Policy on a periodic basis to stay informed of your rights and the protection accorded to you under the said Act.
By using our products and services, accessing our website and/or our accounts on social media platforms and/or by submitting your personal data to us, you have agreed to be bound by this Privacy Policy in our processing of your personal data as outlined and explained in this Privacy Policy.
(In this Privacy Policy, the term “we”, “our”, “us”, “ours” refers to Kuala Lumpur Sports Medicine Centre Sdn Bhd or any of its subsidiaries or affiliates or any related companies or any other third party authorised for the collection of the personal data or any information being the subject matter of this Privacy Policy.)
1. Consent to the Processing and Use of Personal Data
“Personal Data” in this Privacy Policy refers to any information that relates directly or indirectly to an individual, who is identified or identifiable from that and other information in our possession, including any personal data consisting of information as to your physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offence or biometric data (“Sensitive Personal Data”) and expression of opinion about the individual, where such individual refers to any of our customers, patients, employees, vendors, suppliers or any other individual providing the Personal Data or any information being the subject matter of this Privacy Policy to us, including individual who is not a customer or patient but whose data is required to be collected by us by reason of, or incidental to, the provision of any products or services to our customers or patients.
It is obligatory that you supply us with your Personal Data when you engage us for products or services and before we provide you the said products or services. In this regard, by providing us your Personal Data and your continued usage of our products and services, it is deemed that you have given your consent for us to use and process your Personal Data in accordance with this Privacy Policy. If you disagree with all or any part of this Privacy Policy, please do not provide any Personal Data to us and/or do not use or continue to use our products or services. As such, please note that failure to consent to the above may result in us being unable to provide you or continue to provide you the products or services.
In relation to Personal Data of any other individual who is not a customer or patient but whose data is required to be collected by us to facilitate the provision of our services to the customer or patient, the customer or patient confirms and warrants that he/she has obtained the consent of such individual for the Personal Data of such individual to be collected and processed by us.
When we need to collect your Personal Data for a purpose not set out in this Privacy Policy, we will endeavour to notify you and obtain your consent before such collection, or in the event that this is not practicable, as soon thereafter as is reasonable. In respect of your Sensitive Personal Data, we will only use your Sensitive Personal Data to provide the product(s) and service(s) you request from us (or in facilitating the provision of our products and services) to the extent as permissible under the Act, and where it is practicable, we will endeavour to notify you and obtain your explicit consent before the processing and use of your Sensitive Personal Data. For the purposes of this section, by you voluntarily providing us with your Sensitive Personal Data, shall constitute your explicit consent for us to process and use the same.
You have the choice, at any time, not to provide your Personal Data and/or Sensitive Personal Data, or to revoke your consent for us to process or use your Personal Data and/or Sensitive Personal Data by writing to us at the address as shown in Paragraph 14 of this Privacy Policy. However, failure to provide such data or revocation of your consent may result in us being unable to provide you or continue to provide you the products and/or services
2. Types of Personal Data
We obtain your Personal Data through various ways as stated in this Privacy Policy, and this may involve Personal Data that we receive from you through our communication with you via a variety of means and channels, including through our centre(s) (including branches), our marketing schemes, admission procedures, consultations, specific medical procedures forms, informed consent forms, employment applications, through the internet or via post, email, phone, fax, text messaging on your mobile phone, Closed-Circuit Television (CCTV) recordings, audio and/or video recordings or doctors’ letters. We may also obtain your Personal Data from a third party in the event you fall within one of the categories of person in Paragraph 10 of this Privacy Policy as well as from authorised third parties (e.g. credit reference agencies, regulatory and enforcement agencies, financial or banking institutions).
The types of Personal Data which we collect vary depending on the scope of products and services you engage us for. Nevertheless, the information that we may collect generally comprises the following:
(a) Name;
(b) Date of birth;
(c) Passport or identity card number;
(d) Home address, telephone number, facsimile number or email address;
(e) Photograph;
(f) Age, gender, marital or family status;
(g) Ancestry, race, nationality or ethnic origin;
(h) Religion or religious belief, political belief, association or activity;
(i) Blood type, finger prints, hereditary characteristics or Deoxyribonucleic Acid (DNA);
(j) Education, employment or occupational history or professional qualifications;
(k) Source of income or financial circumstances, activities or history;
(l) Information relating to bank accounts details or related information required for terms of payment;
(m) Employees provident fund number, social security organisation number and income tax number;
(n) Insurance details;
(o) Personal Health Information (as defined hereunder);
(p) Next of kin’s/guardian’s information; and/or
(q) Other information which we may request at any point to enable us to proceed or to continue with the provision of our services and/or which is necessary for the Purposes as set out in Paragraph 3 below.
“Personal Health Information” means any recorded information which includes (without limitation) any case notes, laboratory reports, radiographs and other types of recorded information about an identifiable individual that relates to:
(i) the individual’s health or health care history;
(ii) the provision of health care to the individual;
(iii) any information relating to the payment for health care provided to the individual; or
(iv) such other information required to diagnose, treat or maintain the individual’s physical or mental condition, including the history of drug, device or other item pursuant to a prescription.
(the above-listed types of Personal Data is also applicable to the collection of Personal Data of any other individual who is not our customers or patients but whose data is required to be collected by us to facilitate the provision of our products and services to the customer or patient, to the extent as relevant and applicable, and includes information in respect of the relationship between such individual with the particular customer or patient.)
Where we collect information through our website or our accounts on social media platforms, we may automatically collect certain non-personal information regarding website user that does not identify you, and this includes the internet protocol (IP) address of your computer, and the date and time you access, and time spent on the website (“Non-Personal Information”). We may use the Non-Personal Information to compile tracking information report for our better understanding and study to best meet the needs of visitors to our website or our accounts on social media platforms, whereby you will remain anonymous to us unless you specifically choose to share information with us.
3. Purposes of Personal Data Collected
We collect the Personal Data to be used for the following purposes, which shall include without limitation:
(a) to carry out services and/or to complete transactions entered into with customers or patients;
(b) to carry out our daily operations, services and/or facilities as a medical centre;
(c) marketing our products and/or services;
(d) market research and statistical analysis and surveys with the aim of improving our products and services;
(e) to personalise our products and services;
(f) to maintain and update our records;
(g) to respond to requests or complaints;
(h) to enhance our products and services and to enforce our legal rights;
(i) to support our business, financial and risk monitoring, planning and decision making;
(j) to facilitate human resources and personnel management processes, including assessing your suitability for employment and evaluating the performance of existing employees; and/or
(k) for all other purposes relating to the above but not specifically mentioned herein.
Our use of the Personal Data may also be extended to other purposes, including to comply with all applicable legislation, laws and regulations, to prevent fraud or illegal activities, or, to enforce or defend any of our rights.
(all the above purposes stated in this Section shall collectively be referred to as “the Purposes”).
4. Disclosure of Personal Data
Without prejudice to any authorisation and consent given by you in relation to or pursuant to any of the terms, notice or statement in authorising us to release and disclose your Personal Data, we may disclose, disseminate and/or transfer your Personal Data to any of our subsidiaries or affiliates or related companies or business associates or organisations howsoever connected to us or to any third party organisations or persons for the purpose of carrying out and/or fulfilling our obligations in respect of the Purposes and/or to all other purposes that are related to the Purposes, including without limitation any personnels who are involved in taking care of and/or in coordinating the provision of the products and services to the customer or patient.
We may also disclose your Personal Data to external services providers (including but not limited to auditors, consultants, lawyers, accountants, other professional or financial advisers, mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that we engage for the purpose of carrying out and/or fulfilling our obligations in respect of the Purposes and/or to all other purposes that are related to the Purposes, to the extent as applicable and necessary.
We may also disclose your information to other third parties where such disclosure:
(a) is requested or authorised by you;
(b) is lawfully permitted or required;
(c) is in compliance with any judicial order or legal requirement;
(d) is required to protect and defend us and our property; and
(e) for all other purposes incidental and associated with any of the above or the provision of our products and services to you.
To the extent permitted by the law and in the case where the disclosure of your Personal Data may involve disclosure and/or transfer of your Personal Data to places outside of Malaysia, you agree to such a transfer where it is necessary to carry out and to fulfil our obligations in respect of the Purposes.
Notwithstanding the foregoing, we will endeavour to treat your Personal Data held by us as confidential, and to ensure our subsidiaries, affiliates or related companies to treat your Personal Data as confidential in accordance with this Privacy Policy and with all applicable data protection legislation, to the extent as practicable and necessary.
5. Access to, Correction and Updating of Personal Data
Please note that the accuracy of your Personal Data provided to us is essential. You are responsible for informing us about changes to your Personal Data or in the event you believe that the Personal Data we have about you is inaccurate, incomplete, misleading or not up-to-date.
You have the right to access and request for a correction (in the event that your Personal Data provided to us is inaccurate, incomplete, misleading or not-up-to-date) of your Personal Data, including but not limited to, your medical records subject to the provisions of the Act and all applicable legislation, laws and regulations. We recommend you to provide us with written notice and/or to complete the data access and/or correction form, whichever is applicable and practicable, in requesting for access and correction to your Personal Data. Please note that we may require you to provide us with additional information as reasonably necessary and as required under the Act for us to satisfy your data access and correction request.
We reserve the right to charge you a reasonable fee for processing of any data access and/or correction request.
6. Data Portability
7. Security and Protection of Personal Data
We will take the necessary precautions, both administrative and technical, to safeguard your Personal Data against loss, theft, misuse and unauthorized access or disclosure, unauthorised alteration or destruction.
Notwithstanding, you should be aware that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your Personal Data and are constantly reviewing and enhancing our information security measures.
8. Retention of Personal Data
9. Cookies and Links to Other Websites
We may use cookies on our website to allow you to set your individual preferences and to help us provide a better user experience. In this regard, you may choose to accept or decline cookies if your browser permits, but declining cookies may affect your use of the facilities at our website and your ability to access certain features of the site or to engage in transactions.
Our website or our accounts on social media platforms may contain links to other third party owned and operated websites or internet resources. When you click on one of those links you are contacting another website or internet resource, and we have no responsibility or liability for or control over those other websites or internet resources or their collection, use, or in any way processing of your Personal Data. The inclusion of third party websites or internet resources on our website or our accounts on social media platforms shall not in any way constitute an endorsement of such website’s contents, actions or policies. The third party owned and operated websites or internet resources may have their own privacy policies and we recommend that you review their privacy policies carefully to understand how they use and process your Personal Data.
10. Personal Data involving Minor and Persons with Disabilities
This Section applies to Personal Data collected in relation to the following individuals:
(a) Individual under the age of majority i.e. eighteen (18);
(b) Individual who lacks the capacity to give or withhold consent due to:
(i) his/her disability to comprehend and retain information material to give his/her consent and/or to make any decision;
(ii) he/she is unable to use and weigh information in the decision-making process; and/or
(iii) he/she is unconscious.
In addition and without prejudice to the provisions of this Privacy Policy, the Personal Data of the individuals as listed in this Section will be collected by us in accordance with our rules, policies and guidelines. In the event we become aware that the Personal Data of such individuals has been collected in contravention with our rules, policies and/or guidelines, we will endeavour to cause the necessary correction in order to be in compliance with our rules, policies and/or guidelines.
If you are under the age of eighteen (18) years, please obtain, in addition to your own explicit consent, your parent’s, guardian’s or legal representative’s consent before providing your Personal Data to us. If a parent, guardian or legal representative becomes aware that the Personal Data of a child or ward under the age of eighteen (18) years have been provided without the consent of the parent, guardian or legal representative, please contact our Data Protection Officer (contact details under Paragraph 14 of this Privacy Policy) and such Personal Data will be removed and disposed of from our records. Notwithstanding, we may collect Personal Data of children under the age of eighteen (18) years from the parent, guardian or legal representative directly.
11. Experience/Testimonial of Patients
12. Update and Changes to this Privacy Policy
We reserve the right to amend and update this Privacy Policy from time to time. This Privacy Policy together with any changes, amendments or updates will be posted on our website (https://klsmc.com/my/en/).
13. Severability
Each paragraph of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other paragraphs of this Privacy Policy except where otherwise expressly indicated or indicated by the context of this Privacy Policy.
The decision or declaration that one (1) or more of the paragraphs are null and void shall have no effect on the remaining paragraphs of this Privacy Policy.
14. Contacting us
If you need to contact us on any questions or concerns regarding this Privacy Policy, please call or email our Data Protection Officer at the contact number and email address as specified below:
Kuala Lumpur Sports Medicine Centre Sdn Bhd
7th Floor, Wisma Perintis,
47 Jalan Dungun,
Damansara Heights,
50490 Kuala Lumpur.
Tel: 603-2096 1033
Fax: 603-2093 9700
Email: pdpa.officer@klsmc.com