Personal Data Protection Notice

PUTRA SPECIALIST HOSPITAL (MELAKA) SDN BHD
PERSONAL DATA PROTECTION NOTICE

1. Introduction

• Putra Specialist Hospital (Melaka) Sdn Bhd (“PSHMSB”) is committed in ensuring that your personal data is protected according to PSHMSB’s Personal Data Protection Policy. In compliance with the Personal Data Protection Act 2010 (“The Act”) and its regulations including, but not limited to, the Malaysian Personal Data Protection Act (PDPA) 2010 and its amendments (Personal Data Protection Act) 2024.
• This Notice also explains the security and retention of your personal data, as well as your rights and obligations in relation to your personal data.
• This Notice applies to all employees, patients, medical practitioners, vendors, and third party companies which are engaged through outsourcing services whose personal data is processed by the hospital. This Notice is prepared in accordance to the requirements of the Personal Data Protection Act 2010.
• Please note that PSHMSB may amend this Personal Data Protection Notice at any time without prior notice, and any changes to the PDPA Notice will be posted on the official PSHMSB corporate website, which can be accessed at https://putrahospitalmelaka.com.

2. Collection of Personal Data
This Personal Data Protection Notice (“Notice”) explains how PSHMSB collects, uses, records, holds, stores, processes, discloses, protects, and carries out any operations and security measures with respect to your personal data.

3. Consent
This PDPA Notice serves to inform you that your personal data is being processed by PSHMSB and/or on PSHMSB behalf. By providing us with your personal data or continuing to communicate with us, we shall regard that you have consented to the processing of such data pursuant to this PDPA Notice.
Should PSHMSB require certain information that may identify you, such information will be duly processed and safeguarded in accordance with the provisions of the Personal Data Protection Act (PDPA).

4. Sources of the Personal Data
The sources of personal data include, but are not limited to, the following categories of individuals:

• Patients or Prospective Patients / Clients:
  PSHMSB collects your personal data directly from you or indirectly through your authorised representatives (such as family members, next-of-kin), agents (such as medical tourism agents), and/or employers when you, your representatives, or agents submit enquiry forms, applications and/or registrations through various channels, including online platforms or in person at our premises. Your personal data may also be collected through the use of cookies on the official PSHMSB website.

• Hospital Vendors:

  Vendors’ personal data is collected from the vendors themselves or their authorised representatives during the vendor registration process, contract implementation, supply of goods/services, and other procurement communications. Data may also be collected through official correspondence such as emails, letters, or digital forms.

• Visitors:

  Visitors’ personal data is obtained during check-in at the hospital premises via logbooks, digital registration systems, or security access forms. CCTV recordings within the hospital premises also form part of the collected data for security purposes.

• Interns/Trainees:

  Data is collected from trainees or their educational institutions during applications for industrial training or practical placements. This includes application forms, cover letters, official communications, as well as performance and attendance records throughout the training period.

• Hospital Specialist Doctors:

  Data is collected from medical practitioners (permanent or contract Specialist/Medical Officers) directly or through relevant agencies such as the Ministry of Health Malaysia, Malaysian Medical Council, or other professional bodies. This occurs during the appointment/recruitment process, clinic schedule coordination, performance evaluation, clinical assignments, and through the use of hospital support systems and websites.

• Hospital Clinic Staff under PSHMSB:

  Staff data is collected directly or through the Human Resource Department during recruitment, work placement, administrative management, attendance, performance records, and usage of internal hospital systems.

• Contractors or Other Service Providers:

  PSHMSB also collects personal data from individuals or companies performing contract work on hospital premises (such as maintenance, security, or cleaning services) through registration processes, access approval to premises, and work records.

5. Types of Personal Data Collected

Your personal data processed by us may include, where relevant:

Name, date of birth, identity card or passport number, employer/company name, home and office address, telephone/mobile number, fax number, email address, occupation, age, gender, marital status, weight, height, photographs, race, nationality, religion, family and/or next-of-kin details, remuneration, EPF number, SOCSO number, income tax number, bank details, education background, training attended, work experience, medical check-up results, medical records, diagnoses, personal health information, biometric data, CCTV/webcam image/audio/video recordings, criminal history, investigation outcomes, insurance details, and any other personal data necessary for the purposes set out in Item 4 below (collectively referred to as “Personal Data”

6. Purposes of Personal Data

For patients or potential patients/customers, independent consultants, potential independent consultants, vendors, suppliers or service providers, your personal information is collected and further processed by PSHMSB as required or permitted by law and to give effect to your requested commercial transaction, including the following:

• To process your requested medical services
• To facilitate your participation in any contests or events
• To administer and communicate with you in relation to our services and / or events
• To facilitate your medical practice within PSHMSB, including sharing your personal data with other independent consultants within PSHMSB for purposes of peer review
• To administer and communicate with you in relation to your medical practice
• To process your credit account application
• To assess your credit worthiness
• To administer and give effect to your commercial transaction (tender award, contract for service, consignment agreement)
• To process any payments relevant to you
• For insurance purposes
• To operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements
• For internal investigations, audit or security purposes
• To conduct internal statistical analysis and analysis of patients’ case studies
• To comply with PSHMSB’s legal and regulatory obligations in the conduct of its business
• To contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you
• To ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device
• For PSHMSB’s internal records management
• Where you have indicated your consent to receiving marketing or promotional updates from PSHMSB, you may opt-out from receiving such marketing or promotional material at any time. You may select the relevant “unsubscribe” option as may be provided in PSHMSB’s marketing or promotional material or you may contact PSHMSB at the details provided in Section (5) below.

Your Personal Data may be collected via hardcopy forms or digital platforms (e.g. call centre recordings, online forms, mobile apps, social media, messaging tools, guest lists, business cards, guest books, and event participation).

The processing of your Personal Data may be mandatory or voluntary, depending on the purpose. If it is mandatory and you fail to provide the required data or do not consent to the terms, PSHMSB may be unable to provide our services to you.

7. Disclosure of Personal Data

Your Personal Data may disclosed to authorise healthcare professionals and external parties, including but not limited to:

1. Service providers, vendors, or suppliers for services such as security, transport, surveys, debt collection, payroll, benefits, and rewards;
2. Public and government authorities when required by law or to protect our rights;
3. Professional advisors including banks, insurers, auditors, lawyers, and accountants.
4. Other parties in connection with corporate transactions such as mergers, reorganisations, or business sales.

These subsidiaries will treat your personal data as confidential, in accordance with this PDPA Privacy and with all applicable Data Protection legislation and will process such as personal data only for the Purposes and within the terms set out herein.

PSHMSB are responsible for the personal data under our control, including personal data disclosed by us to a Vendor (often referred to as the “data processor”). We take every measure to provide a comparable level of protection for personal data should the information be processed by a Vendor. PSHMSB is committed to complying with the Personal Data Protection Act 2010, in particular, its policies as well as corresponding guidelines and orders.

8. Cross-Border Transfer of Personal Data
While PSHMSB is a Malaysia-based hospital, in limited circumstances where data transfer is necessary (e.g. insurance, telehealth consultations, or data storage), your Personal Data may be accessed or processed in other countries in compliance with the PDPA conditions governing cross-border transfers. PSHMSB are very serious about providing a comparable level of protection for personal data should be information be processed or used outside Malaysia by our vendors or experts.

9. Security Measures

PSHMSB takes appropriate technical, physical, and organisational measures to safeguard your Personal Data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. 

However, you are responsible for keeping your login credentials (e.g. passwords) confidential to help prevent breaches.

10.Retention Period

Your Personal Data will be retained for as long as necessary to fulfil the purposes stated. Once it is no longer required, your data will be securely destroyed or deleted in accordance with our internal retention policy.

11. Right to Access and Update Personal Information

PSHMSB strive to ensure your Personal Data is accurate, complete, not misleading, and up to date.
If you wish to access, correct, update, or withdraw your consent for us to process your data, please contact PSHMSB. Requests should preferably be made in writing.

PSHMSB may require verification of your identity before processing your request, in line with the PDPA and our internal policy.

PSHMSB will endeavour to fulfil your request to access or correct your Personal Data within 21 calendar days from the date the request is received and will provide you with a copy of the updated data.

12. Contact Us
If you have any questions, concerns, or requests regarding this PDPA Notice, please contact our Data Protection Officer via:

Data Protection Officer
Putra Specialist Hospital (Melaka) Sdn Bhd
169, Jalan Bendahara, 75100 Melaka, Malaysia
Email: dpo@psh-group.com

Note: In the event of any inconsistency between the English and Bahasa Malaysia versions of this PDPA
Notice, the English version shall prevail.
Revised Date: 2nd OCtober 2025

PUTRA SPECIALIST HOSPITAL (MELAKA) SDN BHD

NOTIS PRIVASI PERLINDUNGAN DATA PERIBADI

1. Pengenalan

Putra Specialist Hospital (Melaka) Sdn Bhd, (dirujuk sebagai “PSHMSB”), komited untuk memastikan bahawa  semua data peribadi diproses dan dilindungi selaras dengan polisi Perlindungan Data Peribadi PSHMSB, selaras dengan Akta Perlindungan Data Peribadi 2010 (“Akta”) dan peraturan-peraturannya termasuk, tetapi tidak terhad kepada, Akta Perlindungan Data Peribadi Malaysia 2010 dan pindaan-pindaan terkininya (Akta Perlindungan Data Peribadi) 2024.

Notis ini juga menjelaskan tentang keselamatan dan tempoh penyimpanan data peribadi anda, serta hak dan tanggungjawab anda berkaitan data peribadi tersebut.

Notis ini terpakai kepada semua kategori subjek data termasuk kakitangan, pesakit, pelawat,  ahli keluarga pesakit, doktor pakar, vendor, pihak ketiga ketiga yang diberi kuasa, dan mana-mana individu lain yang Data Peribadinya diproses oleh atau bagi pihak PSHMSB.

Sila ambil perhatian bahawa PSHMSB boleh meminda Notis Perlindungan Data Peribadi ini pada bila-bila masa tanpa notis terlebih dahulu dan sebarang perubahan kepada Notis PDPA akan dipaparkan di laman web rasmi korporat PSHMSB yang boleh diakses di https://putrahospitalmelaka.com.

2.Pengumpulan Data Peribadi

Notis Perlindungan Data Peribadi ini (‘Notis PDPA PSHMSB’) bertujuan untuk menjelaskan kaedah bagaimana PSHMSB mengumpul, menggunakan, merekod, memegang, menyimpan, memproses, mendedahkan, melindungi dan menjalankan sebarang operasi serta langkah-langkah keselamatan ke atas data peribadi anda.

3.Persetujuan

Notis PDPA ini bertujuan untuk memaklumkan bahawa data peribadi anda sedang diproses oleh PSHMSB atau bagi pihak PSHMSB. Dengan memberikan data peribadi anda kepada PSHMSB atau terus berkomunikasi dengan PSHMSB, anda dianggap telah memberikan persetujuan kepada pemprosesan data peribadi anda selaras dengan Notis ini.

Sekiranya PSHMSB meminta maklumat tertentu yang boleh mengenal pasti anda, maklumat tersebut akan digunakan dan dilindungi dengan sewajarnya selaras dengan peruntukan Akta Perlindungan Data Peribadi (PDPA) .

4.Sumber Data Peribadi

 Sumber-sumber data peribadi termasuk, tetapi tidak terhad kepada, kategori individu berikut:

• Pesakit atau Bakal Pesakit/Pelanggan:

 PSHMSB mengumpul data peribadi anda secara langsung daripada anda atau secara tidak langsung melalui wakil yang sah (seperti ahli keluarga, waris), ejen (contohnya ejen pelancongan perubatan), dan/atau majikan apabila anda, wakil anda, atau ejen menghantar borang pertanyaan, permohonan dan/atau pendaftaran melalui pelbagai saluran, termasuk secara dalam talian dan fizikal di premis kami. Data peribadi anda juga boleh dikumpulkan melalui penggunaan kuki (cookies) di laman web rasmi PSHMSB.

• Vendor Hospital:

 Data peribadi vendor dikumpul daripada vendor sendiri atau wakil mereka yang sah semasa proses pendaftaran vendor, pelaksanaan kontrak, pembekalan barangan/perkhidmatan dan komunikasi perolehan lain. Data juga boleh dikumpul melalui komunikasi rasmi seperti e-mel, surat-menyurat atau borang digital.

• Pelawat:

Data peribadi pelawat diperoleh semasa pendaftaran masuk ke premis hospital melalui log buku, sistem pendaftaran digital, atau borang akses keselamatan. Rakaman CCTV di kawasan hospital juga merupakan sebahagian daripada data yang dikumpul bagi tujuan keselamatan.

• Staf Pelatih (Intern/Trainee):

 Data dikumpul daripada pelatih atau institusi pendidikan mereka semasa permohonan untuk latihan industri atau penempatan praktikal. Ini termasuk borang permohonan, surat iringan, komunikasi rasmi serta maklumat prestasi dan kehadiran sepanjang tempoh latihan.

• Doktor Pakar Hospital:

 Data dikumpul daripada pengamal perubatan (Pakar Perubatan/Pegawai Perubatan tetap atau kontrak) secara langsung atau melalui agensi berkaitan seperti Kementerian Kesihatan Malaysia, Majlis Perubatan Malaysia atau badan profesional lain. Pengumpulan data berlaku semasa proses lantikan, pembaharuan lesen  berkaitan, penyelarasan jadual klinik, serta tugasan klinikal serta melalui penggunaan sistem sokongan hospital dan laman web.

• Kakitangan Klinik di bawah PSHMSB

Data kakitangan klinik dikumpul secara langsung atau melalui Jabatan Sumber Manusia semasa proses pengambilan, penempatan kerja, pengurusan pentadbiran, kehadiran, rekod prestasi, dan penggunaan sistem dalaman hospital.

• Kontraktor atau Pembekal Perkhidmatan Lain:

PSHMSB turut mengumpul data peribadi daripada individu atau syarikat yang menjalankan kerja-kerja kontrak di premis hospital (seperti penyelenggaraan, keselamatan, kebersihan) melalui proses pendaftaran, kelulusan akses premis, dan rekod kerja.

 5. Jenis Data Peribadi Yang Dikumpulkan

Data peribadi anda yang diproses oleh PSHMSB mungkin merangkumi, jika berkaitan:

“nama, tarikh lahir, nombor kad pengenalan atau nombor pasport, nama majikan/syarikat, alamat rumah dan pejabat, nombor telefon mudah alih, nombor faks, alamat emel, pekerjaan, umur, jantina, status perkahwinan, berat, tinggi, gambar, bangsa, kewarganegaraan, agama, maklumat keluarga dan/atau waris, maklumat gaji, nombor KWSP, nombor PERKESO, nombor cukai pendapatan, butiran bank, latar belakang pendidikan, latihan yang dihadiri, pengalaman kerja, keputusan pemeriksaan kesihatan, rekod perubatan, diagnosis perubatan, maklumat kesihatan peribadi, data biometrik, rakaman imej/suara/video melalui CCTV atau webcam, sejarah jenayah, hasil siasatan, butiran insurans, dan apa-apa data peribadi lain yang diperlukan untuk tujuan yang dinyatakan dalam Perkara 4 di bawah (secara kolektif dirujuk sebagai “Data Peribadi”).

6. Tujuan Pemprosesan Data Peribadi

Data Peribadi anda mungkin diproses untuk tujuan berikut (termasuk tetapi tidak terhad kepada):

1. Menyediakan perkhidmatan perubatan dan penjagaan kesihatan;
2. Memenuhi keperluan peribadi pesakit (contohnya lanjutan penginapan untuk pelancongan kesihatan);
3. Mengurus rekod dan laporan perubatan;
4. Memudahkan proses bil, pembayaran dan kutipan tunggakan;
5. Menjalankan kajian, analisis, tinjauan dan penambahbaikan perkhidmatan;
6. Menguruskan maklum balas kepada permintaan, pertanyaan, aduan, siasatan dan isu perundangan;
7. Memudahkan pengurusan sumber manusia dan aktiviti berkaitan pekerja;
8. Menyediakan dan menghantar borang dan pendaftaran kepada pihak berkuasa atau pihak ketiga di bawah undang-undang berkaitan industri penjagaan kesihatan;
9. Menawarkan pemasaran, promosi, program keahlian, ganjaran, dan tawaran berkaitan perkhidmatan kami;
10. Mewujudkan data yang tidak dikenal pasti atau teragregat untuk tujuan analisis dan penambahbaikan perkhidmatan;
11. Menjalankan pemprofilan dan keputusan automatik yang dibenarkan oleh undang-undang; dan
12. Tujuan lain yang diperlukan bagi operasi, keselamatan, dan pengurusan hubungan anda dengan kami (secara kolektif dirujuk sebagai “Tujuan”).

Data Peribadi anda boleh dikumpulkan melalui borang fizikal atau platform digital seperti rakaman panggilan pusat panggilan, borang atas talian, aplikasi mudah alih, media sosial, alat pemesejan, senarai tetamu, kad perniagaan, buku pelawat dan/atau sebarang acara yang dianjurkan oleh PSHMSB.

Pemprosesan Data Peribadi anda mungkin bersifat wajib atau sukarela bergantung pada tujuan pemprosesan. Sekiranya ianya wajib dan anda gagal memberikan maklumat yang diminta atau tidak bersetuju dengan Notis ini, PSHMSB mungkin tidak dapat menyediakan perkhidmatan kepada anda.

7.Pendedahan Data Peribadi

Data Peribadi anda boleh didedahkan, dipindahkan atau dibekalkan tertakluk kepada keperluan undang-undang dan prinsip kepada pihak-pihak berikut, termasuk tetapi tidak terhad kepada:

1. Penyedia perkhidmatan, vendor, atau pembekal yang menyediakan perkhidmatan seperti keselamatan, pengangkutan, tinjauan, kutipan hutang, penggajian, manfaat dan ganjaran;
2. Pihak berkuasa awam dan kerajaan jika dikehendaki oleh undang-undang atau untuk melindungi hak PSHMSB;
3. Penasihat profesional seperti bank, syarikat insurans, juruaudit, peguam, dan akauntan;
4. Pihak lain berkaitan dengan transaksi korporat seperti penggabungan, penstrukturan semula, atau penjualan perniagaan.

Pihak ketiga yang dilantik akan mengendalikan data peribadi anda dengan penuh kerahsiaan, selaras dengan Notis Privasi PDPA ini serta mematuhi semua peruntukan undang-undang Perlindungan Data yang berkuat kuasa. Data peribadi tersebut hanya akan diproses untuk tujuan yang telah ditetapkan dan mengikut terma-terma yang dinyatakan dalam notis ini.

PSHMSB memikul tanggungjawab penuh ke atas data peribadi yang berada di bawah kawalan hospital, termasuklah data peribadi yang telah didedahkan kepada Pembekal (yang juga dikenali sebagai “pemproses data”). Kami sentiasa mengambil langkah-langkah sewajarnya bagi memastikan tahap perlindungan yang setara terhadap data peribadi sekiranya ia diproses oleh Pembekal berkenaan. PSHMSB komited untuk mematuhi sepenuhnya Akta Perlindungan Data Peribadi 2010, khususnya polisi PSHMSB serta garis panduan dan arahan yang berkaitan.

8. Pemindahan Data Peribadi Luar Negara

Walaupun PSHMSB merupakan hospital yang beroperasi di Malaysia, dalam keadaan tertentu seperti insurans, konsultasi teleperubatan, atau penyimpanan data, Data Peribadi anda mungkin akan diakses atau diproses di negara lain selaras dengan syarat-syarat Akta Perlindungan Data Peribadi (PDPA) yang mengawal pindahan data merentasi sempadan. PSHMSB amat mengambil serius dalam memastikan tahap perlindungan yang setara bagi data peribadi sekiranya maklumat tersebut diproses atau digunakan di luar Malaysia oleh pembekal atau pakar PSHMSB.

9. Langkah Keselamatan

PSHMSB melaksanakan langkah-langkah kawalan keselamatan teknikal, fizikal, dan organisasi yang sewajarnya untuk melindungi Data Peribadi anda daripada kehilangan, penyalahgunaan, akses tidak dibenarkan, pendedahan, perubahan, atau kemusnahan.

Walau bagaimanapun, anda juga bertanggungjawab untuk menjaga kerahsiaan kata laluan atau maklumat log masuk anda bagi mengurangkan risiko pelanggaran data.

10. Tempoh Penyimpanan

Data Peribadi anda akan disimpan selagi diperlukan untuk memenuhi tujuan-tujuan yang dinyatakan. Setelah tidak diperlukan, data anda akan dimusnahkan atau dipadam secara selamat mengikut dasar polisi penyimpanan dalaman PSHMSB.

11. Hak Untuk Mengakses Dan Kemas Kini Maklumat Peribadi

PSHMSB berusaha untuk memastikan bahawa Data Peribadi anda adalah tepat, lengkap, tidak mengelirukan dan sentiasa dikemas kini. Sekiranya anda ingin mengakses, membetulkan, mengemas kini atau menarik balik kebenaran yang telah diberikan kepada PSHMSB untuk memproses Data Peribadi anda, anda boleh mengemukakan permintaan secara bertulis kepada PSHMSB.

Bagi tujuan keselamatan dan pematuhan undang-undang, PSHMSB berhak untuk meminta pengesahan identiti anda sebelum memproses sebarang permintaan, selaras dengan Akta Perlindungan Data Peribadi 2010 serta dasar dalaman hospital.

PSHMSB akan berusaha untuk memenuhi permintaan anda dalam tempoh dua puluh satu (21) hari dari tarikh permintaan diterima. Setelah selesai diproses, salinan Data Peribadi yang telah dikemas kini akan diberikan kepada anda.

12. Hubungi Kami

Sekiranya anda mempunyai sebarang pertanyaan, permintaan atau kebimbangan berkaitan Notis ini, sila hubungi Pegawai Perlindungan Data kami melalui:

Pegawai Perlindungan Data

Putra Specialist Hospital (Melaka) Sdn Bhd

Jalan Bendahara, 75100 Melaka, Malaysia

Emel: dpo@psh-group.com

Nota: Sekiranya terdapat sebarang percanggahan antara versi Bahasa Inggeris dan Bahasa Malaysia bagi Notis PDP ini, versi Bahasa Inggeris akan diguna pakai.

Tarikh Dikemas Kini: 2 Oktober 2025