PDPA

Personal Data Protection Notice

Terms & Conditions

PUTRA SPECIALIST HOSPITAL (MELAKA) SDN BHD
PERSONAL DATA PROTECTION NOTICE

Putra Specialist Hospital (Melaka) Sdn Bhd (“PSHMSB”) is committed in ensuring that your personal data is protected according to PSHMSB’s Personal Data Protection Policy, in compliance with all applicable laws and regulations including, but not limited to, the Malaysian Personal Data Protection Act (PDPA) 2010 and its amendments (Personal Data Protection Act) 2024.

This Personal Data Protection Notice (“Notice”) explains how PSHMSB collects, uses, records, holds, stores, processes, discloses, protects, and carries out any operations and security measures with respect to your personal data.

This Notice also explains the security and retention of your personal data, as well as your rights and obligations in relation to your personal data.

This Notice applies to all employees, patients, medical practitioners, vendors, and third party companies which are engaged through outsourcing services whose personal data is processed by the hospital. This Notice is prepared in accordance to the requirements of the Personal Data Protection Act 2010.

Please note that PSHMSB may amend this Personal Data Protection Notice at any time without prior notice, and any changes to the PDPA Notice will be posted on the official PSHMSB corporate website, which can be accessed at https://putrahospitalmelaka.com.
1. Consent
This PDPA Notice serves to inform you that your personal data is being processed by PSHMSB and/or on PSHMSB behalf. By providing us with your personal data or continuing to communicate with us, we shall regard that you have consented to the processing of such data pursuant to this PDPA Notice. Should PSHMSB require certain information that may identify you, such information will be duly processed and safeguarded in accordance with the provisions of the Personal Data Protection Act (PDPA).

2. Sources of Personal Data
The sources of personal data include, but are not limited to, the following categories of individuals:

  • Patients or Prospective Patients / Clients:
    PSHMSB collects your personal data directly from you or indirectly through your authorised representatives (such as family members, next-of-kin), agents (such as medical tourism agents), and/or employers when you, your representatives, or agents submit enquiry forms, applications and/or registrations through various channels, including online platforms or in person at our premises. Your personal data may also be collected through the use of cookies on the official PSHMSB website.
  • Hospital Vendors:
    Vendors’ personal data is collected from the vendors themselves or their authorised representatives during the vendor registration process, contract implementation, supply of goods/services, and other procurement communications. Data may also be collected through official correspondence such as emails, letters, or digital forms.
  • Visitors:
    Visitors’ personal data is obtained during check-in at the hospital premises via logbooks, digital registration systems, or security access forms. CCTV recordings within the hospital premises also form part of the collected data for security purposes.
  • Interns/Trainees:
    Data is collected from trainees or their educational institutions during applications for industrial training or practical placements. This includes application forms, cover letters, official communications, as well as performance and attendance records throughout the training period.
  • Hospital Specialist Doctors:
    Data is collected from medical practitioners (permanent or contract Specialist/Medical Officers) directly or through relevant agencies such as the Ministry of Health Malaysia, Malaysian Medical Council, or other professional bodies. This occurs during the appointment/recruitment process, clinic schedule coordination, performance evaluation, clinical assignments, and through the use of hospital support systems and websites.
  • Hospital Staff/Private Clinic Staff:
    Staff data is collected directly or through the Human Resource Department during recruitment, work placement, administrative management, attendance, performance records, and usage of internal hospital systems.
  • Contractors or Other Service Providers:
    PSHMSB also collects personal data from individuals or companies performing contract work on hospital premises (such as maintenance, security, or cleaning services) through registration processes, access approval to premises, and work records.

3. Types of Personal Data Collected
Your personal data processed by us may include, where relevant:
Name, date of birth, identity card or passport number, employer/company name, home and office address, telephone/mobile number, fax number, email address, occupation, age, gender, marital status, weight, height, photographs, race, nationality, religion, family and/or next-of-kin details, remuneration, EPF number, SOCSO number, income tax number, bank details, education background, training attended, work experience, medical check-up results, medical records, diagnoses, personal
health information, biometric data, CCTV/webcam image/audio/video recordings, criminal history, investigation outcomes, insurance details, and any other personal data necessary for the purposes set out in Item 4 below (collectively referred to as “Personal Data”).

4. Purposes of the Personal Data
For patients or potential patients/customers, independent consultants, potential independent consultants, vendors, suppliers or service providers, your personal information is collected and further processed by PSHMSB as required or permitted by law and to give effect to your requested commercial transaction, including the following:

  • To process your requested medical services
  • To facilitate your participation in any contests or events
  • To administer and communicate with you in relation to our services and / or events
  • To facilitate your medical practice within PSHMSB, including sharing your personal data with other independent consultants within PSHMSB for purposes of peer review
  • To administer and communicate with you in relation to your medical practice
  • To process your credit account application
  • To assess your credit worthiness
  • To administer and give effect to your commercial transaction (tender award, contract for service, consignment agreement)
  • To process any payments relevant to you
  • For insurance purposes
  • To operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements
  • For internal investigations, audit or security purposes
  • To conduct internal statistical analysis and analysis of patients’ case studies
  • To comply with PSHMSB’s legal and regulatory obligations in the conduct of its business
  • To contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you
  • To ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device
  • For PSHMSB’s internal records management
  • Where you have indicated your consent to receiving marketing or promotional updates from PSHMSB, you may opt-out from receiving such marketing or promotional material at any time. You may select the relevant “unsubscribe” option as may be provided in PSHMSB’s marketing or promotional material or you may contact PSHMSB at the details provided in Section (5) below.

Your Personal Data may be collected via hardcopy forms or digital platforms (e.g. call centre recordings, online forms, mobile apps, social media, messaging tools, guest lists, business cards, guest books, and event participation).

The processing of your Personal Data may be mandatory or voluntary, depending on the purpose. If it is mandatory and you fail to provide the required data or do not consent to the terms, PSHMSB may be unable to provide our services to you.

5. Disclosure of Personal Data
Your Personal Data may be shared with authorised healthcare professionals and external parties, including but not limited to:

  • Service providers, vendors, or suppliers for services such as security, transport, surveys, debt collection, payroll, benefits, and rewards;
  • Public and government authorities when required by law or to protect our rights;
  • Professional advisors including banks, insurers, auditors, lawyers, and accountants;
  • Other parties in connection with corporate transactions such as mergers, reorganisations, or business sales.

6. Cross-Border Transfer of Personal Data
While PSHMSB is a Malaysia-based hospital, in limited circumstances where data transfer is necessary (e.g. insurance, telehealth consultations, or data storage), your Personal Data may be accessed or processed in other countries in compliance with the PDPA conditions governing cross-border transfers.

7. Security Measures
PSHMSB takes appropriate technical, physical, and organisational measures to safeguard your Personal Data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. However, you are responsible for keeping your login credentials (e.g. passwords) confidential to help prevent breaches.

8. Retention Period
Your Personal Data will be retained for as long as necessary to fulfil the purposes stated. Once it is no longer required, your data will be securely destroyed or deleted in accordance with our internal retention policy.

9. Access and Update of Personal Data
PSHMSB strive to ensure your Personal Data is accurate, complete, not misleading, and up to date. If you wish to access, correct, update, or withdraw your consent for us to process your data, please contact PSHMSB. Requests should preferably be made in writing. PSHMSB may require verification of your identity before processing your request, in line with the PDPA and our internal policy.

PSHMSB will endeavour to fulfil your request to access or correct your Personal Data within 21 calendar days from the date the request is received and will provide you with a copy of the updated data.

10. Contact Us
If you have any questions, concerns, or requests regarding this PDPA Notice, please contact our Data Protection Officer via:

Data Protection Officer
Putra Specialist Hospital (Melaka) Sdn Bhd
169, Jalan Bendahara, 75100 Melaka, Malaysia
Email: dpo@psh-group.com

Note: In the event of any inconsistency between the English and Bahasa Malaysia versions of this PDPA
Notice, the English version shall prevail.
Revised Date: 1st August 2025

© 2024 Putra Hospital Melaka. All Rights Powered by IT Department                          KKLIU: 2346 / EXP 31.12.26