Privacy and Policy

Home / Privacy and Policy

ASIA ONEHEALTHCARE GROUP PRIVACY AND PERSONAL DATA PROTECTION POLICY

The Personal Data Protection Act 2010 (the “Act“), which regulates the processing of personal data in commercial transactions, applies to Asia OneHealthcare Sdn Bhd (formerly known as Columbia Asia Healthcare Sdn Bhd) and its subsidiaries and related corporations (“our“, “us“, “we“, or “Asia OneHealthcare“). For the purpose of this Asia OneHealthcare Group Privacy and Personal Data Protection Policy (“Policy“), the terms “personal data” and “processing” shall have the same meaning as prescribed in the Act.

This Policy sets out how the Asia OneHealthcare Group uses and protects your personal information that you provide to us. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this Policy.

This Policy is issued to all our immediate and/or prospective clients, employees, medical specialists, consultants, and goods and/or service providers pursuant to the Act and serves as our personal data protection notice in accordance with the Act.

1. Consent

This Policy is intended to inform you that your personal data is being processed by us or on our behalf. By providing us with your personal data or continuing to communicate with us, we will consider that you have consented to the processing of such data in accordance with this Policy.

2. Description of Personal Data

We may collect a variety of information and/or data about you (“Personal Data”), including but not limited to your name, date of birth, race, religion, gender, company name, Malaysian Identification Card number or passport number, nationality, biometrics information, DNA profiles, email address, address, contact number, credit card details, bank account details, health information, minor’s data, food preference, allergy, photographs, occupation, education, marital status, video recording, CCTV images, medical records, and all other personal data we again collect from you on any subsequent occasion.

3. Purposes

Your Personal Data is being or is to be collected and further processed for:

(a)	performing pre-contractual activities and fulfilling our contractual obligations with you, as well as ensuring your performance of pre-contractual and contractual obligations to us;
(b)	ensuring that you continue to receive medical treatment;
(c)	contacting you in the event of any change to appointment dates;
(d)	managing medical records and medical reports;
(e)	facilitating the payment process relating to patients;
(f)	reporting personal data to the relevant bodies and/or third parties under the laws applicable to the healthcare industry;
(g)	sharing personal data with the group holding company and related companies as defined under the Companies Act 2016;
(h)	conducting research, analysis, and improvements;
(i)	marketing, advertising, and survey purposes;
(j)	facilitating overseas patient’s personal requirements (for example, visa applications);
(k)	administering and responding to request, queries, complaints and legal issues;
(l)	facilitating human resource management activities relating to employees;
(m)	for submission, registration of relevant forms, licences to regulatory authorities and/or third parties under laws applicable to healthcare industries;
(n)	for education and training (with anonymised data where possible);
(o)	assessing your credit worthiness and processing any payments relevant to you;
(p)	insurance purposes, third party administration and any other third parties;
(q)	purposes of enforcing our legal rights and / or obtaining professional or legal advice;
(r)	internal records management;
(s)	conducting internal activities such as evaluating the effectiveness of marketing, market surveys/research, trend analysis, statistic compilation, reporting, audit, compliance, risk management, and data analytics to improve our services;
(t)	complying with any legal or regulatory requirements such as audit and/or requests from regulatory bodies;
(u)	instituting debt recovery proceedings against defaulters;
(v)	providing and improving our products and/or services to you and advertising and providing you with information (such as events, offers or promotions) relating to our and our related corporations’ and business partners’ products and/or services, including without limitation sending you e-newsletters, promotional marketing materials, facilitating your participation in any contests or events, seasonal/birthday greetings and messages, gifts and/or vouchers;
(w)	managing and giving effect to your commercial transaction with us;
(x)	granting you access to, and monitoring your use of, any online platforms, mobile applications or sites owned, operated or managed by us or on our behalf (“Platform”) and administering and managing the Platform; and/or
(y)	such other purposes incidental or in furtherance to the above purposes.

(collectively, the “Purposes”).

4.Source of Personal Data

Your Personal Data is being or is to be collected:

(a)	directly from you or your representative when you or your representative fill in form to register to use our products and/or services including any online forms and registration forms at our facilities, or contact us via emails, letters or telephone calls, or when taking part in customer surveys and promotions and during marketing activities;
(b)	when you inquire or use our products/services or events, including without limitation when you use our Platform (via the Platform and/or cookies);
(c)	from any information or document submitted or provided by you to us for any of the Purposes (such as your identity card, passport, salary slip and/or bank statement), including without limitation questionnaires or survey forms;
(d)	from any third parties connected with you such as your employer / potential employer, agents, insurance companies, and/or other healthcare facilities/providers;
(e)	from such other sources to whom you have given your consent to disclose information relating to you;
(f)	from events;
(g)	from CCTV recordings;
(h)	from audio/video recordings;
(i)	from doctors’ letters;
(j)	from medical reports/records; from all other personal data we again collect from you on any subsequent occasion; and
(k)	from all other information that you may provide us from time to time.

5. Access to, correction of and limiting the processing of Personal Data

a. Subject to provisions of the Act, you have the right to request access to and to request correction of your Personal Data and to contact us with any inquiries or complaints in respect of your Personal Data (including the possible choices and means for limiting the processing of your Personal Data or, to cease or not begin processing your Personal Data for purposes of direct marketing) by contacting us as per the details set out in the List of Contacts here.

b. Subject to provisions of the Act, you may, upon payment of a prescribed fee, make a data access request in writing to us by completing a Data Access Request Form which is attached as Appendix A, and returning the same to us.

c. Subject to applicable legal restrictions, contractual conditions and reasonable time period given to us, you may withdraw or amend, in full or in part, your consent given previously for use of your Personal Data.

d. Depending on your request, there may be circumstances where we refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.

e. We may also require the requestor of Personal Data (where the requestor is not the owner of Personal Data) to provide consent form of the owner of Personal Data authorising and indemnifying us to release or correct the Personal Data.

6. Compulsory Personal Data

It is obligatory that you supply us the details marked with asterisk (*) or specified as compulsory in our forms (collectively, “Compulsory Personal Data”).

7. Consequences of Refusal / Failure to Provide Personal Data

If you refuse or fail to provide any Compulsory Personal Data or limit the processing of your Personal Data by us, it may result in the following for which we shall not be held liable for any of the consequences arising from:

(a) the inability of parties to formalise any contract and/or agreement, to facilitate provision of our services or to hire human resources;

(b) the inability for us to continue to administer any relationship in place between you and us, provide you with services and/or products requested or continue to perform any contractual obligations owed to you (if any);

(d) the inability to complete transactions in relation to our products and/or services;

(e) the inability to comply with any applicable law, regulation, direction, court order, guidelines and/or codes applicable to us; and/or

(f) the termination of any arrangements/agreements/contracts between you and us.

8. Disclosure of Personal Data

We disclose or may disclose your Personal Data to the following

(a)	other entities within the Asia OneHealthcare Group and our related corporations.
(b)	our medical specialists/consultants who treat patients in our hospitals.
(c)	insurance companies and/or managed care organisations.
(d)	banks, financial institutions, credit card or debit card issuers for processing of payment.
(e)	credit check companies.
(f)	debt collection agencies to recover outstanding debt owing to us.
(g)	your employer.
(h)	your next of kin or your emergency contact person as may be notified to us from time to time.
(i)	research organisations.
(j)	social welfare organisations.
(k)	medical and healthcare professionals.
(l)	external counterparts for situations where a patient is transferred to another government or private healthcare facility.
(m)	parents or guardians of minors.
(n)	service providers, suppliers, agents, contractors, and vendors who process data for us such as medical specialists in our hospitals, outsourced data centres, and outside labs providing diagnostic services.
(o)	laboratories and diagnostic service providers who may be outside the control of the private hospital environment.
(p)	data centres, which host data for the hospitals.
(q)	external lawyers.
(r)	external auditors and accountants.
(s)	governmental bodies, their agencies, and other related organisations such as Ministry of Health, Ministry of Human Resources, Ministry of Home Affairs, Malaysian Anti-Corruption Commission, Inland Revenue Department, Malaysian Department of Insolvency, Royal Malaysian Police, Malaysian Medical Council, Malaysian Dental Council, and Malaysian Medical Association.
(t)	Regulatory and/or statutory bodies and approved bodies that collect employee benefits which include Social Security Organisation (SOCSO), Zakat, Employees Provident Fund, Lembaga Tabung Haji, and Employees Insurance Scheme.
(u)	Accreditation bodies.
(v)	Any such third party requested or authorised by you for any of the Purposes.

Our third-party data processors are required to process your Personal Data in line with principles specified by us and/or the applicable law. They are also held responsible for securing your Personal Data at an appropriate level of security in relation to applicable data protection laws and accepted industry standards.

9. Protection of Personal Data

Your Personal Data will be kept and processed in a secured manner by us. We are committed to take appropriate administrative and security safeguards and procedures to prevent unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. Access to your Personal Data is limited to and provided only to relevant controllers for the purpose of performing their duties or otherwise in line with this Policy.

10. Third party personal data

We may require your assistance if the personal data relating to other persons (for example, your next of kin) is required to process your Personal Data for the Purposes and you hereby agree to use your best endeavours to assist us when required. In the event that personal data of any third party is supplied by you to us, you shall ensure that such third party has read this Policy and consented to us collecting his/her personal data for any of the Purposes prior to the supply of his/her personal data to us.

11. Transfer of Personal Data to places outside Malaysia

To the extent where this is permitted under law, we may transfer your Personal Data to a place outside Malaysia pursuant to the Purposes stated in this Policy and you hereby give your consent to the transfer.

12. Accuracy of your Personal Data

We will take reasonable steps to ensure the accuracy and completeness of your Personal Data. You are responsible for ensuring that the information you provide to us is accurate, complete, not misleading and kept up to date.

13. Personal Data of minors and others

In respect of: (i) personal data relating to a minor (i.e. individuals under 18 years of age, “Minor”), please note that consent is required from the Minor’s parent or guardian or person who has parental responsibility over the Minor; and (ii) an individual who is deemed incapable of managing his/her own affairs (“Special Person”), please note that we require consent from the person appointed by a court to manage the Special Person’s affairs or the person who has been legally or validly authorised to act on the Special Person’s behalf. Where applicable, you hereby confirm that you are authorised to act on the Minor’s or the Special Person’s behalf as described above and that you consent, on the Minor’s or the Special Person’s behalf, to the processing (including disclosure and transfer) of the Minor’s or the Special Person’s personal data in accordance with this Policy. In the event that you submit any of your Personal Data to us (in addition to the Minor’s personal data or the Special Person’s personal data), you also consent to the processing of your Personal Data in accordance with this Policy. We may process your Personal Data (in addition to the Minor’s Personal Data or the Special Person’s Personal Data) pursuant to this Policy by virtue of this provision, or if we rely on any other legal bases available under any applicable laws.

14. Conflict

In the event of any inconsistency between the English version and the Bahasa Malaysia version of this Policy, the English version shall prevail.

15. Changes to this Policy

We may change this Policy as needed for example, to comply with the changes in business operations or laws or regulations. We will notify you of any changes to this Policy via notices on our Platform or other appropriate means (e.g. by updating this page). You should check this page from time to time to ensure that you are updated on any changes. By continuing to use our products/services, communicate with us and/or access or use any of our Platform, and/or agreeing by ticking the box we provide specifically for processing of Personal Data, after being notified of any changes to this Policy, you will be considered as having agreed to such changes.

Download PDF version