In this privacy statement (“Privacy Statement”):-
“CCM” shall mean Companies Commission of Malaysia.
“Communication Service(s)” shall include bulletin board services, chat areas, news groups, forums, communities, personal web pages, calendars and/or other messages or communication facilities which may be available to you through Hospital Information System (HIS) or through other mode of communication between you and THONEH which includes but not limited to any letters, emails and/or any application forms filled up by you;
“HIS” shall mean the Hospital Information System which is an integrated and comprehensive information system that manages, processes and retains all data relating to administrative, financial and clinical matters.
“THONEH”, “Us” and “We”, for the purpose of this Privacy Statement, shall include National Institute Ophthalmic Sciences (NIOS), THES Capital Sdn Bhd including its subsidiaries and other companies associated, affiliated and related to THONEH;
“HIS” comprises of various information data operated by HIS owned by THONEH;
“PDPA” means Personal Data Protection Act 2010 which includes any subsidiary legislation and/or regulations made thereunder, or as may be supplemented from time to time;
“Personal Data” whenever used in this Privacy Statement shall have the meaning as assigned to it by PDPA, which includes Personal Data which is in the possession and/or control of THONEH that relates directly or indirectly to you (or any other individual) to the extent that you (or the other individual) is identified or identifiable from that information or from that and other information in the possession of THONEH;
“processing”, whenever used in the Product Service(s) shall have the meaning as assigned to it by PDPA, which includes collecting, recording, holding, storing, using or disclosing Personal Data;
“Product Service(s)” shall include all and any requisite medical and/or surgical and nursing treatment for eye care services (including any other related services), development of educational and research programme services, wellness and care services, fund raising activities, community engagement events, medical tourism series, , etc., whether offered online or otherwise by THONEH, by way of electronic application or manual or in any other mode howsoever made;
“Services” shall collectively mean Communication Service(s) and Product Service(s), or any services under Communication Service(s) or Product Service(s), as required by you;
“type of Personal Data” may include, but is not limited to your name, address, identity card or passport or other identification number, telephone number, mailing and email address, other contact details, age, occupation, marital status, health information and medical record, place of birth, and any other information relating to you which you have provided us in any forms of communication that you have submitted to us;
“THONEH” is the abbreviation for The Tun Hussein Onn National Eye Hospital, a company limited by guarantee duly incorporated under Companies Act 2016; and
“THONEH Website” shall mean various web pages including but not limited to social media pages operated by THONEH Website and owned by THONEH.
B1. THONEH is committed to protecting the privacy of our customers’ information (“Personal Data, as herein defined”), which includes the users of HIS and/or manually. This Privacy Statement governs Personal Data collection and usage and other related matters.
B2. This Privacy Statement explains:-
B3. You are advised that, by subscribing for the Product Service(s) and/or Communication Service(s), you shall be deemed to have agreed and accepted the terms as provided herein.
COLLECTION OF YOUR PERSONAL DATA
1.1 THONEH collects your Personal Data from the following sources:-
1.2 The type of your Personal Data which we may collect varies depending on the Service(s) you enjoy or agreements you have with us. But generally, the Personal Data which we collect will include (but are not limited to your name, date of birth, gender, nationality and race, preferred language, e-mail address, current home or work address, telephone or mobile phone number, fax number and particulars of identification documents (including NRIC and/or passport number), as well as financial and banking information as and when required.
1.3 There is also information about your computer hardware and software that is automatically collected by THONEH. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses.
2. PURPOSE OF COLLECTING AND PROCESSING OF YOUR PERSONAL DATA
2.1 To the extent permitted by law, THONEH may collect and process your Personal Data in the ordinary course of business, which shall include but not be limited to as follows:-
2.2 We may also use your Personal Data for the following purposes:
2.3 Your Personal Data will be respected, maintained and safeguarded. Thus, we shall ensure that our employees’ access to the Personal Data which you have disclosed or have been disclosed on your behalf are limited to our authorised employees who are fully trained and well equipped to handle your Personal Data.
2.4 You are advised that whilst you are neither bound nor obligated to provide us with any of your Personal Data or to consent to our processing of such Personal Data, your choice not to do so for whatever reasons may result in you not being able to make use of our Services due to such Service being dependent on or involving, directly or indirectly, the processing of your Personal Data which may affect our ability to perform any of our obligation under any agreements you have with us. We shall not be held liable in any way for any loss, damage or other liabilities that may arise resulting from your choice to withhold Personal. If you do not wish for us to process your data for any of the aforementioned purposes or any other purpose, you can contact us in the manner stated in Clause 7 below.
3. SHARING OF PERSONAL DATA
3.1 As a general rule, unless otherwise permitted by law, we do not disclose your Personal Data to any third parties. Companies within THONEH are bound by the provisions of the law under the Companies Act 2016 and/or The Private Healthcare Facilities and Services Act 1998 (Private Hospitals and other Private Health Care Facilities Regulation 2006) and/or Private Higher Education Institution Act 1996 and/or any other relevant legislations, amending, supplementing or otherwise, and guidelines as the case may be in order to protect your Personal Data.
3.2 Notwithstanding the generality of this Privacy Statement and while we shall endeavour to safeguard the privacy of your Personal Data, to the extent permitted by law, we may nevertheless disclose your Personal Data where such disclosure is:
3.3 However, to improve our services and ensure that you fully benefit from our full range of Services, your information, may from time to time be provided to any third party service providers, contractors, who provide IT services (including software and hardware) maintenance and repair services and/or other services in connection with the operation of THONEH businesses. In such circumstances we shall endeavour to ensure that they comply with the same standard regarding the privacy of your information as that which is imposed by us. Should you wish for us not to share your information with any of these entities, please write in to us or contact us as provided in Clause 7 below.
3.4 Save as otherwise stated herein, THONEH will not disclose your Personal Data to any other third party without your consent unless otherwise provided by the law.
3.5 THONEH does not sell, rent or lease its contact lists to third parties unless we have your permission or are required by law to do so. THONEH may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) will not be transferred to the third party without your written consent.
3.6 THONEH does not use or disclose sensitive Personal Data, such as religion, or political affiliations, commission or alleged commission of any offence without your explicit consent and/or in accordance with Section 40 of the PDPA.
3.7 Please be advised that if you directly disclose personally identifiable information or personally sensitive data through THONEH Website’s public message boards, this information may be collected and used by others, which is beyond the control of THONEH. In this regard, THONEH disclaims any liability with regard to your participation in the Communication Service(s) and any actions resulting from your own action in the Communication Service(s). You are further advised that THONEH does not read any of your private online communications.
4. YOUR RIGHTS AND OBLIGATIONS REGARDING YOUR PERSONAL DATA
4.1 If you would like to:-
kindly send us a request in the manner stated under Clause 7 below. Please note that we reserve the right to charge a fee for attending to and complying with any request made pursuant to this Clause 4.
4.2 Subject to Clause 4.3 below, we will endeavor to comply with any request made pursuant to Clause 4.1 within twenty one (21) days upon receipt of such request. If we are unable to comply, we will inform you of the reasons within the aforementioned period and comply to the extent that we are able to.
4.3 Kindly note that we may refuse to provide access to Personal Data pursuant to a request made under Clause 4.1 if:-
4.4 Kindly note that we may refuse to correct or update any Personal Data pursuant to a request made under Clause 4.1 if:-
4.5 Should you wish to withdraw your consent to our processing of your Personal Data, kindly notify us in the manner specified under Clause 7 below. Please note that your withdrawal of consent may result in you not being able to make full use of our Services due to such Service being dependent on or involving, directly or indirectly, the processing of your Personal Data which may affect our ability to perform any of our obligation under any agreements you have with us. We shall not be held liable in any way for any loss, damage or other liabilities that may arise resulting from your choice to withhold Personal Data.
In the event that you consider the processing of your Personal Data to cause or be likely to cause you or another person unwarranted substantial damage or unwarranted substantial distress, you may request us to cease processing by sending us a request in the manner stated under Clause 7 below.
4.7 Subject to Clause 4.8 below, we will endeavor to comply with any request made pursuant to Clause 4.6 within twenty one (21) days upon receipt of such request. If we are unable to comply, we will inform you of the reasons within the aforementioned period and comply to the extent that we are able to.”
4.8 Kindly note that we may refuse to comply with a request made under Clause if:-
5. SECURITY OF YOUR PERSONAL DATA
5.1 THONEH protects your Personal Data by ensuring we have sufficient security measures in place and shall ensure that your Personal Data is stored and handled in such a way as to prevent any unauthorized disclosure.
5.2 THONEH shall take all reasonable action to prevent unauthorised use, access or disclosure of and to protect the confidentiality of your Personal Data in connection with the purpose for which the Personal Data, has been disclosed to, or has been collected by us.
5.3 In relation to HIS, THONEH secures your Personal Data from unauthorized access, use or disclosure. THONEH secures the identifiable Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
6. IF YOU CEASE TO RECEIVE SERVICES FROM THONEH
6.1 THONEH shall not keep your Personal Data longer than is necessary for the fulfillment of the purpose for which it was to be processed unless such retention is necessary for us to discharge any regulatory function, under any law or in relation to any order or judgment of a court.
6.2 If you no longer wish for any of the company under THONEH to process your Personal Data in this situation, please contact us as provided in Clause 7 below. We will then take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted.
7. CHANGES TO THIS STATEMENT
7.1 THONEH will occasionally update (including make amendments, variations and/or addition) this Privacy Statement to reflect company and customer feedback and also to reflect our current policy or subsequent changes to any rules, regulations, acts applicable at that time.
7.2 THONEH encourages you to periodically review this Privacy Statement to be informed of how THONEH is protecting your information.
7.3 For avoidance of doubt, if there is any inconsistency between any statement contained in this Privacy Statement and any provisions of the laws, including but not limited to the PDPA, the provision of the laws shall prevail and THONEH reserves the rights to make appropriate amendments or changes herein.
8. CONTACT INFORMATION
THONEH welcomes your comments regarding this Privacy Statement. You may address any queries, concerns or complaints relating to your Personal Data or information by emailing to us at firstname.lastname@example.org or writing to the address provided below:-
The Tun Hussein Onn National Eye Hospital,
Lot 2, Lorong Utara B, 46200 Petaling Jaya, Selangor Darul Ehsan.
Attention: General Manager
9. LAWS APPLICABLE
This Privacy Statement shall be construed and interpreted in accordance with the laws of Malaysia.