Personal Data Protection Notice for Sunway Specialist Centre Sdn Bhd
Sunway Group of Companies, including Sunway Berhad, Sunway Healthcare Holdings Sdn Bhd, subsidiaries of Sunway Healthcare Holdings Sdn Bhd, subsidiaries of Sunway Berhad, and Sunway Education Group Sdn Bhd (“Sunway”) respects and is committed to the protection of your personal information and your privacy. In this Personal Data Protection Notice, “we”, “us” and “our” refers to Sunway, and “you” and “your” includes third parties whose personal data you have provided to Sunway.
Your data user is Sunway Specialist Centre Sdn Bhd.
This Personal Data Protection Notice explains how we collect and handle your personal information, including your sensitive personal information in accordance with the Malaysian Personal Data Protection Act 2010. Please note that Sunway may amend this Personal Data Protection Notice at any time without prior notice and will publish the amended or revised Personal Data Protection Notice on our website or by email.
We may collect and process personal data of children under the age of 18 years old. If you are under 18 years old, please obtain your parent’s or guardian’s consent before you provide your personal data to Sunway. If we learn that we have collected such information from a child under 18 without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child under 18 without parental consent, please contact us at the information provided below.
Note that your sensitive personal data (e.g. your physical or mental health or condition) and your medical information (e.g. patient medical history, diagnostics, allergies) will not be shared or disclosed to any entity unless where you have provided your express, written consent.
1 Personal information
1.1 Type of personal information
Personal information means any information which relates to you or any other third party related to you which was collected or provided to Sunway for the purposes stated in Section 2 below.
We process your personally identifiable information which may include your name, NRIC number, contact details, financial and banking account details, medical history and information, information regarding your family, relatives or third party that you provide to us, your preferences in relation to products and services you purchase from us, CCTV/security recordings, location tracking/GPS information, other types of information as stated in this link, and all other information which are provided by you to Sunway via these channels:
Sunway’s website and 3rd party websites affiliated with Sunway
Mobile application from Sunway
Electronic forms from Sunway
Physical forms from Sunway;
Social media and communication messaging platform
1.2 Source of personal information
(i) Patient or potential patient/customer, parent or guardian of patients or potential patients/customers: Sunway collects your personal information directly from you or indirectly from your legal representatives (family members, next of kin), agents (e.g. medical tourism agents) and/or employer when you, your legal representatives, agents and/or employers who send us completed enquiry, application and/or registration forms via various means, including online and physical hardcopies at public venues or in our premises. Your personal information may also be collected from cookies through the use of our website.
(ii) Independent consultants or potential independent consultants: Sunway collects your personal information directly from you or indirectly from headhunters when you and/or our headhunters send us completed enquiry and/or application forms or curriculum vitaes via various means, including online and physical hardcopies. Your personal information may also be collected from cookies through the use of our website.
(iii) Vendor, supplier or service provider: Sunway collects your personal information directly from you or indirectly from your employer or credit reference agencies when tendering for projects, when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies. Your personal information may also be collected from cookies through the use of our website.
1.3 Obligatory personal information
All information requested for in the relevant forms is obligatory to be provided by you unless stated otherwise. Should you fail to provide the obligatory information, we would be unable to process your request and/or provide you with relevant services.
2 Purposes of collecting and further processing (including disclosing) your personal information
For patients or potential patients/customers, parent or guardian of patients or potential patients/ customers, independent consultants, potential independent consultants, vendors, suppliers or service providers: Your personal information is collected and further processed by Sunway as required or permitted by law and to give effect to your requested commercial transaction, including the following:
- to process your requested medical products and services;
- to facilitate your participation in any contests or events;
- to administer and communicate with you in relation to our services and/or events;
- to facilitate your medical practice within Sunway, including sharing your personal data with other independent consultants within Sunway for purposes of peer review;
- to administer and communicate with you in relation to your medical practice;
- to process your credit account application;
- to assess your credit worthiness;
- to administer and give effect to your commercial transaction (tender award, contract for service, consignment agreement);
- to process any payments relevant to you;
- for insurance purposes;
- to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;
- for internal investigations, audit or security purposes;
- to conduct internal statistical analysis and analysis of patient case studies;
- to conduct and support internal marketing analysis and analysis of patient/customer patterns/habits, choices and engagement with Sunway’s related companies, subsidiaries, holding companies and affiliate companies;
- to be collected and stored into a central repository that is accessible by Sunway related companies, subsidiaries, holding companies and affiliate companies;
- to create and deliver personalized products and services that are unique to you to enhance your customer experience;
- to provide you a more seamless customer experience;
- to support research and innovation of our products and services;
- to store and carry out data analytics processes;
- to improve our products and services;
- for matching of loyalty points provided by a third party/business partner to advertise and market products and services to you;
- for collaborations with a business partner to advertise and market products and services to you;
- to comply with Sunway’s legal and regulatory obligations in the conduct of its business;
- to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel interest you;
- to send you seasons greetings, special occasion messages or other similar communications;
- to allow third parties to contact you for advertising, promotional or marketing campaign conducted by any third-party entities;
- to ensure that the content from our website is presented in the most effective manner for your and for your computer and/or device; and
- for Sunway’s internal records management.
*Where you have indicated your consent to receiving marketing or promotional updates from Sunway, you may opt-out from receiving such marketing or promotional material at any time. You may select the “unsubscribe” option provided in Sunway’s email blasts or you may contact Sunway at the details provided in Section (6) below.
Data Analytics Processing
Sunway wants to share and consolidate your data into a single platform to be shared across the Sunway Group of Companies, including Sunway Berhad and Sunway Education Group Sdn Bhd. We will use and share your data for analytics and measurement purposes to understand how our products and services are used, to help improve the products and services we offer, to provide you with more personalized products and services, and provide a more seamless customer experience.
For example, we analyse data about your choice and preferences in relation to the products and services you purchase from us to send you targeted advertisements and promotional materials. We also process data about the ads you interact with to help us and advertisers understand the performance of various ad campaigns.
3 Disclosure of personal information
3.1 Entities within Sunway Group of Companies
Your personal information provided to us may be processed by and disclosed to entities (in or outside of Malaysia) within the Sunway Education Group, Sunway Healthcare Group and Sunway Group of Companies (including related companies, subsidiaries, holding companies, associated companies and outsourcing partners) including the list of entities in Sunway Berhad and Sunway Education Group Sdn Bhd, for the purposes stated in Section 2 (Purposes of collecting and further processing (including disclosing) your personal information) above, especially when you are an employee of any company within the Sunway Education Group, Sunway Healthcare Group or Sunway Group of Companies.
Sunway will ensure that:
- Access to your personal information is restricted to staff who are contractually required to process your personal information in accordance with their respective job requirements.
3.2 Classes of third parties
Your personal information may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual or business relationships, or for the purposes stated in Section 2 Purposes of collecting and further processing (including disclosing) your personal information above (or directly related to those purposes). The aforesaid relevant third parties may include the following:
- Professional advisors and corporate service providers, including auditors, lawyers, company secretary and consultants;
- Advertising and marketing partners;
- Payment processors;
- Cloud and hosting services;
- Customer support and communication;
- Market research and survey;
- Logistics and shipping partners;
- Social media platforms;
- Business partners and affiliate networks including third party private healthcare institutions;
- Analytics and tracking providers;
- The respective foreign embassies of foreign patients who received treatment in Sunway;
- Other service providers and entities, including printing companies, conference/training/event organisers, travel agencies, insurance companies, insurers, utility companies, contractors, property management companies, credit agencies (debt recoveries);
- Law enforcement agencies including the local police;
- Relevant governmental authorities, statutory authorities, local council, government healthcare institutions and industry regulators including Bank Negara Malaysia, Bursa Malaysia, Ministry of Health, Ministry of Education, Ministry of Works, LHDN/IRB, KWSP/EPF, Personal Data Protection Commissioner, MHTC (Malaysian Healthcare Tourism Council) SOCSO, Securities Commission Malaysia, Malaysian Medical Council and Department of Statistics Malaysia;
- Relevant accreditation bodies such as the Malaysian Society for Quality in Health (MSQH);
- Our independent consultants and specialists within Sunway; and
- In the case of pre-employment health screenings, to the patient’s employer / prospective employer
In the event of a potential, proposed or actual sale of business, disposal, acquisition, merger or re-organisation (“Transaction”), your personal information may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit Sunway to release your personal information to the other party and its advisers/representatives.
3.3 Transfer of your personal data outside Malaysia.
It may be necessary for us to transfer your personal information outside of Malaysia if any of the third parties mentioned in section 3 (Disclosure of personal information) above including our service providers or business partners who are involved in providing any services to us are located or have processing facilities in countries outside of Malaysia.
You consent to us transferring your personal information outside Malaysia to such third parties and for the purposes set out in section 2 (Purposes of collecting and further processing (including disclosing) your personal information).
We shall take necessary steps to ensure that any such third parties are contractually bound to protect your personal information and that they can only process your personal information under our instructions.
4.1 Links to other sites
Links to other sites is provided for your convenience and information. These sites may have their own privacy statement in place, which we recommend you review if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.
4.2 Location enabled products or applications
Location enabled products or applications transmit your location information to us. We do not use the information sent or provided other than to provide the service you request. Location enable features are opt-in and you have control over your participation and can turn these services off at any time or uninstall them.
Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve you through improved products, services, and revisions to the mobile applications. This collected information will not identify you to us. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.
- the date and time you accessed each page on our web site;
- (the URL of any webpage from which you accessed our site (the referrer); and
- the web browser that you are using and the pages you accessed. Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc). These personal information will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services.
5 Right to access and correct personal information
You have the right to access and correct your personal information held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal information is accurate and up to date therefore we ask that if there are changes to your information you should notify us directly.
If you would like to access or correct your personal information, please contact Sunway Customer Service Centre or email your enquiry to the contact details in Item 6 below.
6 Limiting the processing of personal information, withdrawal of consent, further enquiries and complaints
(i) you would like to obtain further information on how to limit the processing of your personal information or withdraw your consent on personal data processing;
(ii) you would like to request to limit your personal information or withdraw your consent on personal data processing (note that we may retain your data where there is a legal basis to do so or where your data is necessary to be used for on-going medical treatment and its related services)
(iii) you have any further query; or
(iv) you would like to make a complaint in respect of your personal information, you may contact:
Personal Data Protection Officer
Tel: 03 7491 1489
Email: [email protected]
Fax: 03 7491 1447
For information of all other businesses, please submit your enquiry via Group Brand Marketing & Communications at https://www.sunway.com.my/contact-us/
7 Data Security
We have implemented reasonable physical, technical and procedural measures to secure your personal information from accidental loss and from unauthorized or accidental access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. The measures we implement include the following:
(a) Register our employees handling personal data into a system/registration book before being allowed access to personal data;
(b) Terminating our employee’s access rights to personal data after his/her resignation, termination of contract or agreement, or adjustment in accordance with changes in Sunway;
(c) Controlling and limiting our employee’s access to personal data system for the purpose of collecting, processing and storing of personal data;
(d) Providing user ID and password for authorized employees to access personal data;
(e) Terminating user ID and password immediately when our employee who is authorized access to personal data is no longer handling the data;
(f) Establishing physical security procedures as follows:
(i) control the movement in and out of the data storage site;
(ii) store personal data in an appropriate location which is unexposed and safe from physical or natural threats;
(iii) provide a closed-circuit camera at the data storage site (if necessary); and
(iv) provide a twenty-four (24) hours security monitoring (if necessary)
(g) Updating the Back Up/Recovery System and anti-virus to prevent personal data intrusion;
(h) Safeguarding the computer systems from malware threats to prevent attacks on personal data;
(i) Prohibiting the transfer of personal data through removable media device and cloud computing service unless consent has been obtained from the top management of Sunway and appropriate safeguards have been implemented;
(j) Recording any transfer of data through removable media device and cloud computing service unless consent has been obtained from the top management of Sunway and appropriate safeguards have been implemented;
(k) Ensuring that personal data transfer through cloud computing service comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries;
(l) Maintaining a proper record of access to personal data periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;
(m) Ensuring that all our employees involved in processing personal data always protect the confidentiality of the data subject’s personal data; and
(n) Binding a third party appointed by us with a contract for operating and carrying out personal data processing activities.
We also ensure that any third party service providers storing or processing your personal information has implemented similar acceptable standards of security.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted on our website.
8 Retention of Personal Data
We will process your personal data for as long as we have a legal basis to do so. Your personal information will be stored for only the period as necessary to fulfil the purposes stated above after which we will ensure that your personal information is deleted or if it is no longer necessary to store.
We also implement the following measures for the management and deletion of personal data that is stored by us:
(a) Maintaining a system for proper record of personal data disposal periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;
(b) Conducting reviews and disposing all unwanted personal data that in the database from time to time;
(c) Preparing and maintaining a personal data disposal schedule for inactive data with a twenty-four (24) months period or in accordance to the guidelines set by the Ministry of Health under “Jadual Pelupusan Rekod Perubatan 2016”;
(d) Dispose personal data collection forms used in commercial transactions within a period of fourteen (14) days, except if/unless the forms carry legal values in relation to the commercial transaction;
(e) Prohibiting the storage of personal data through removable media device and cloud computing service unless written consent is obtained from an officer authorized by the top management of Sunway
In the event of any conflict between this English language Personal Data Protection Notice and its corresponding Bahasa Malaysia Personal Data Protection Notice, the terms in this English language Notice shall prevail.
This Personal Data Protection Notice was last updated on 3 October 2023.