PERSONAL DATA PROTECTION NOTICE FOR LOURDES MEDICAL CENTRE SDN BHD ( Privacy Notice )
Lourdes Medical Centre Sdn Bhd (hereinafter referred to as “the Company” or “we” or “us” or “our”) values your privacy and strive to protect your personal data. The Company owns, manages and operates the hospital known as Lourdes Medical Centre (hereinafter referred to as “LMC”) that collects, uses, maintains and discloses your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (hereinafter referred to as “PDPA”). LMS is subject to the personal data protection principles under the PDPA which regulates the processing of personal data in commercial transactions. The term of “personal data”. “sensitive personal data”, “processing” and “commercial transactions” shall have the same meaning as set out in the PDPA.
This Privacy Notice describes how we collect and use your personal data in relation to the medical services or healthcare services or health-related services (hereinafter referred to as “the Services”) that you have requested or are about to request from us and/or LMC. This Privacy Notice applies to any person or body corporate or business enterprise whose personal data is being processed by us and/or LMC.
DESCRIPTION OF PERSONAL DATA
Personal data refers to any information (e.g means name, address, NRIC No., photographs, financial, bank account details, occupation, religion, employer, etc.) that relates directly or indirectly to an individual who may be identified or identifiable from that information or other information that is in our possession including sensitive personal data. Sensitive personal data refers to any information which relates to the health condition of an individual, his or her religious beliefs’ or other beliefs of a similar nature and the commission or alleged commission of any offence.
SOURCES OF PERSONAL DATA COLLECTED
The collection of your personal data shall depend on the nature of your visit to LMC. There are various sources from which your personal data may be procured or collected by us including but not limited to the following:
a) directly from you when you or your representative (parent, children, guardian, etc.) fill in the registration forms at our clinics or
contact us via emails and letters, telephone calls and conversations or when taking part in customer surveys and promotions
and during marketing activities;
b) from any third parties connected with you such as your employer or potential employer, agents, insurance companies, other
healthcare facilities;
c) From such other sources to whom you have given your consent to disclose information relating to you; and
d) From the information in the public domain
WHETHER SUPPLY OF PERSONAL DATA IS OBLIGATORY
The personal data that we collect can either be obligatory or voluntary as it would depend on the purpose of you disclosing the personal data. If the personal data requested by us is to ensure that we are able to efficiently provide our Services, then it would be obligatory for you to provide such information. If you fail to do so, it may affect the Services to be provided to you.
The personal data that would be voluntary are office fax number, email address and etc. However, such information will facilitate the delivery of our Services to you.
PURPOSES OF PERSONAL DATA COLLECTED
The purpose for which your personal data are collected and processed shall depend on the nature of the relationship which you have with us and your visit to LMC. The purpose may comprise part or all of the following:
a) To process the Services that you are currently receiving and/or Services that you have requested;
b) To administer and communicate with you in relation to our current and/or future Services and/or events;
c) To access your credit worthiness and process any payment relevant to you;
d) For insurance purposes, third party administration and any other third parties;
e) To respond to your enquires and feedbacks;
f) For marketing and promotional activities;
g) To administer and give effect to your commercial transaction (such as tender award, contract for service and other contractual
obligations;
h) To better understand your needs as our customer and to improve our Services provided to you;
i) For internal functions such as evaluating the effectiveness of marketing, market research, statistical analysis, reporting,
audit, compliance and risk management and to prevent fraud;
j) For the prevention of crime (such as the usage of CCTV coverage);
k) For investigating, reporting, preventing or otherwise in relation to any fraudulent and/or criminal activities;
l) For the purpose of enforcing our legal rights and/or obtaining legal advice;
m) For internal record management;
n) For any other purpose that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities; and
o) Any other related purposes.
DISCLOSURE OF YOUR PERSONAL DATA
As part of providing you with our Services and/or the management and/or operation of the same, we may be required to disclose your personal data to the following:
a) Disclosure to third parties.
- Insurance companies, bank and financial institutions, credit card companies, current or potential employer and/or external counterparts for situations where a patient is transferred to another government or private hospital, parents or guardians of minors;
- The regulatory and/or governmental authorities in order to comply with the statutory and/or governmental requirements;
- Third parties appointed by us to provide services to us or on our behalf such as event organizers, consultants, recruitment agencies, contractors and suppliers; and
- Our professional advisers such as external auditors, legal advisors and an/or financial advisors or any other third party required by law, regulation or by-law, subpoena, court order or other legal process;
b) Disclosure within the Company
Any disclosure made within the Company shall be done only when necessary to ensure that Services provided to you are not hindered.
We will otherwise treat your personal data as private and confidential and will not disclose your personal data without your consent UNLESS:
- You have given us upfront express or implied consent for the disclosure;
- The disclosure is necessary where there is a serious and imminent risk to your welfare;
- The disclosure is necessary for the purpose of preventing or detecting a crime or for the purpose of investigation;
- The disclosure was required and authorize by or under any law or by an order of the court;
- We have reasonable belief that we have the right by law to disclose the personal data to that third party;
- We acted in reasonable belief that we should have your consent if you had known of the disclosure and the circumstances of such disclosure
SECURITY OF YOUR PERSONAL DATA
The security of your personal data is our priority. We will take reasonable efforts and practical steps to insure that all physical and soft copy of your personal data is kept in a secured manner. If we disclose any of your personal data to our authorised agents or service providers, we will require them to appropriately safeguard the personal data that is provided to them.
RETENTION OF YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected and/or to comply with legal, regulatory and internal requirements. Upon the said purposes being fulfilled, we will destroy or permanently delete your personal data according to our internal policy.
ACCURACY OF PERSONAL DATA
Your are responsible to inform us about the changes to your personal data and for ensuring that such information is accurate and current. You may do so by submitting a Personal Data Change Form available in our Customer Service Department or from our Website.
RIGHT TO ACCESS, TO RECTIFY YOUR PERSONAL DATA & INQUIRIES
Subject to any exceptions under applicable laws, you may request for access to and/or request correction or update of your personal data or to withdraw consent, lodge a complaint, request to limit the processing of your personal data and/or make any general inquiries regarding your personal data by contacting:-
Lourdes Medical Centre
No. 244, Jalan Ipoh
51200 Kuala Lumpur
Telephone : 603-40425335
Facsimile : 603-40420478
Email : enquiries@lourdes.com.my
The Company may charge an administrative fee for providing access to the personal data as per your request.
Please note that access to your personal data may be withheld in certain situations as determined by the relevant authorities, legislations, acts and regulations.
CHANGES TO THE PRIVACY NOTICE
We reserve the right to amend and/or update this Privacy Notice from time to time without prior notice and the amended or update Privacy Notice shall be made available in our LMC’s premise or its website at the following link: http://www.lourdes.com.my.
By continuing to communicate with the Company and/or LMC or by continuing to use LMC’s Services following the modifications, updates or amendments to this Notice, such actions shall signify your acceptance of such modification, updates or amendments.
PREVAILING NOTICE
In the event of any conflict between the English and other language versions in respect of this Privacy Notice, the English version shall prevail.