Health Management International Pte Ltd (“HMI”)
Data Privacy Notice (Malaysia)
This Data Privacy Notice is applicable to members of the Health Management International Pte Ltd group of companies in Malaysia, including, without limitation, Health Management International (Malaysia) Sdn Bhd, HMI Healthcare Services Sdn Bhd, Mahkota Medical Centre Sdn Bhd, Regency Specialist Hospital Sdn Bhd, REN TCM Sdn Bhd and such other members from time to time (“HMI Medical”, “our”, “we” or “us”).
Your privacy is important to us. We are committed to handling your Personal Data under our control with care.
This document serves to inform you of our practices on Personal Data management. You should read this Data Privacy Notice to know and understand the purposes for which we collect, use and disclose your Personal Data. It supplements any other consents which you may have previously provided to us on your Personal Data.
We may update this Data Privacy Notice from time to time. Any changes will become effective on such date that we post the updated Data Privacy Notice on the relevant HMI Platforms (as defined below). You are strongly advised to review this Data Privacy Notice periodically for any changes. All your interactions with us shall be subject to the latest version of the Data Privacy Notice in force at the relevant time.
By continuing to communicate with HMI Medical or by continuing to use HMI Medical’s services following the modifications, updates or amendments to this Data Privacy Notice, such action shall signify your acceptance of such modifications.
In the event of any conflict between this English language Data Privacy Notice and its corresponding Bahasa Malaysia Data Privacy Notice, the terms in this English language Data Privacy Notice shall prevail.
1. Personal Data
1.1 In this Data Privacy Notice, “Personal Data” refers to any information in respect of commercial transactions, which (a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose; (b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to you, who can be identified or identifiable from that information or from that and other information in the possession of a data controller, including any sensitive personal data (as defined under Personal Data Protection Act 2010 (“PDPA”) which refer to any personal data consisting of information as to your physical or mental health or condition, your political opinions, your religious beliefs or other beliefs of a similar nature, the commission or alleged commission by you of any offence or any other personal data as the Minister may determine by order published in the Gazette) and expression of opinion about you and includes any information which relates to you or any other third party related to you which was collected or provided to HMI Medical for the purposes stated in paragraph 3 below; but does not include any information that is processed for the purpose of a credit reporting business carried on by a credit reporting agency under the Credit Reporting Agencies Act 2010.
1.2 For the context of this Data Privacy Notice, examples of such “Personal Data” you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, sensitive personal data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
2. Collection of Personal Data
2.1 Generally, we may collect Personal Data in the following ways:
(a) when you submit any form, e.g. patient inquiry forms or other forms relating to any of our services;
(b) when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
(c) when you interact with our staff, including customer service officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media and other digital platforms and emails;
(d) when you interact with us via our websites, mobile applications or digital or other platforms (“HMI Platforms”) or use services on our HMI Platforms;
(e) when you request that we contact you or request that you be included in an email or other mailing list;
(f) when you respond to our promotions, initiatives or to any request for additional Personal Data;
(g) when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;
(h) when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend our events;
(i) when you are contacted by, and respond to, our marketing representatives and customer service officers;
(j) when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
(k) when you register with us as patients, employees, business associates and other related parties; and/or
(l) when you submit and/or make available your Personal Data to us for any other reasons.
2.2 When you browse our websites, you generally do so anonymously but please see paragraph 6 below for information on cookies and other technologies which we have implemented on our websites.
2.3 If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the relevant purposes, and that such Personal Data was collected in compliance with the PDPA.
2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested, or delays in providing you with products and services you have requested, or processing your applications.
3. Purposes for the Collection, Use, Process and Disclosure of Your Personal Data
3.1 Generally, we collect, use and disclose your Personal Data for the following purposes:
(a) If you are a prospective, current or former patient or customer of HMI Medical:
(i) providing services, customer service and support (including but not limited to customer relationship management, processing your admissions, processing and settlement of bills, facilitating, arranging and providing reminders of your appointments, medical examinations, screenings or check-ups, applying for visas on your behalf, contacting you regarding medical reports and results, providing follow-up calls, providing you with administrative support, and administering insurance coverage and processing insurance claims);
(ii) administering and processing your requests including creating and maintaining profiles of our customers in our system database for administrative purposes at various HMI Medical facilities;
(iii) providing services as a vendor when you register or subscribe for one of our services, place an order for our products or services or use our online services, interact with us in any other way, such as via social media, issue any testimonials or other feedback on products and/or services, comment on any blogs or featured articles, sign up for our special offers or other updates, fill in surveys;
(iv) personalising your experience at HMI Medical’s various touchpoints (including, without limitation, any HMI Platforms) and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our service offerings;
(v) administering medical care (including keeping patient case and procedure records, providing medication, ordering medical tests, reports and biological samples;
(vi) liaising with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
(vii) if you use any HMI Platforms or online registration and payments systems, displaying your medical data, sending you health-related notifications, and facilitating the provision of our services to you;
(viii) administering debt recovery and debt management;
(ix) disclosing your Personal Data whenever and to whomever regulatory directions, legislation, the law or a court order may require;
(x) disclosing your Personal Data to the suppliers/vendors of HMI Medical if it is required for the performance of their services or if required by the law and/or authorities that the end-user consuming the medicine/drug/equipment must be recorded;
(xi) enabling HMI Medical to respond to the request for Personal Data which may include the Personal Data of the patient in compliance with the PDPA and its regulations; and/or
(xii) purposes which are reasonably related to the aforesaid.
(b) If you are a nominated caregiver or next-of-kin of a patient or customer of HMI Medical:
(i) informing you of the patient’s medical status and whereabouts;
(ii) the disclosure of your Personal Data whenever and to whomever regulatory directors or law or a court order may require; and/or
(iii) purposes which are reasonably related to the aforesaid.
(c) If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by HMI Medical:
(i) assessing you or your organisation’s suitability as an external service provider or vendor for HMI;
(ii) managing project tenders and quotations, processing orders or managing the supply of goods and services;
(iii) creating and maintaining profiles of our service providers and vendors in our system database;
(iv) processing and payment of vendor invoices and bills;
(v) facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
(vi) the disclosure of your Personal Data whenever and to whomever the law or a court order may require;
(vii) administering debt recovery and debt management; and/or
(viii) purposes which are reasonably related to the aforesaid.
(d) If you submit an application to us as a candidate for employment, internship or scholarship:
(i) conducting interviews;
(ii) processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
(iii) obtaining references, background screening, and assessing your suitability for the position applied for;
(iv) enrolling successful candidates as our employees and facilitating human resource planning and management (including but not limited to preparing letters of employment, name cards and building access passes); and/or
(v) purposes which are reasonably related to the aforesaid.
(e) If you are an existing employee of HMI Medical:
(i) providing remuneration, reviewing salaries and bonuses, conducting salary benchmarking reviews, staff appraisals and evaluation, as well as recognising individuals for their services and conferring awards;
(ii) administrative and support processes relating to your employment, including staff orientation, its management and termination, as well as staff benefits, travel, manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical screenings and immunisations, leave administration, long-term incentive plans, training, learning and talent development, and planning and organising corporate events;
(iii) providing you with tools and/or facilities to enable or facilitate the performance of your duties;
(iv) facilitating professional accreditation and complying with compliance audits;
(v) compiling and publishing internal directories and emergency contact lists for business continuity;
(vi) managing corporate social responsibility projects;
(vii) conducting analytics and research for human resource planning and management, and for us to review, develop, optimise and improve work-related practices, environment and productivity;
(viii) ensuring that the administrative and business operations of HMI Medical function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within HMI Medical, your work emails and personal digital and storage devices);
(ix) compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);
(x) administering employment cessation processes;
(xi) the disclosure of your Personal Data whenever and to whomever regulatory directives or the law or a court order may require;
(xii) administering debt recovery and debt management; and/or
(xiii) any other purposes relating to any of the above.
(f) If you are a medical/dental practitioner or traditional and complementary medicine practitioner at HMI:
(i) facilitating professional accreditation and complying with compliance audits;
(ii) facilitating disbursements of fees collected on your behalf;
(iii) managing and providing you with tools, services and/or facilities to enable or facilitate the performance of your duties;
(iv) planning and organising events for practitioners;
(v) creating and maintaining profiles of our accredited doctors in our system database;
(vi) facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
(vii) the disclosure of your Personal Data whenever and to whomever regulatory directives or the law or a court order may require;
(viii) administering debt recovery and debt management; and/or
(ix) any other purposes relating to any of the above.
3.2 Further, where permitted under the PDPA, HMI Medical may also collect, use and disclose your Personal Data for the following additional purposes:
(a) taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles and publicity materials;
(b) providing or marketing services and benefits to you or to our patients in general, including promotions, service upgrades, loyalty and/or membership programmes and sending of healthcare-related updates, event invitations, newsletters and marketing and promotional information which we have identified are relevant and/or of interest to you;
(c) organising roadshows, tours, campaigns (including health check or vaccination campaigns) and promotional or events and administering contests and competitions;
(d) matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;
(e) sending you details of services, clinic updates, health-related information and rewards, either to our customers generally, or which we have identified may be of interest to you;
(f) conducting market research, aggregating and analysing customer profiles and data to determine health-related patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you other products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile;
(g) purposes as appropriate to conduct our business, including, without limitation, the performance of contractual obligations, invoicing, billing and account management, finance and accounting, research and development, internal reporting, management and control, and any other reasonably related activities; and/or
(h) purposes which are reasonably related to the aforesaid.
3.3 If you have indicated your consent to receiving marketing or promotional information via your contact details, then from time to time, HMI Medical may contact you using contact details which you have provided to us, with information about our products and services.
3.4 In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
3.5 You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found in paragraph 12 below.
3.6 Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from HMI Medical.
4. Disclosure of Personal Data
4.1 HMI Medical will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:
(a) amongst HMI Medical entities and affiliates (including their staff and medical /dental/ traditional and complementary medicine practitioners, registered nurses, medical assistants, technologists, allied health staff, paramedical staff or other healthcare staff engaged or referred to for the provision of healthcare services in accordance with applicable legislations and regulations including, without limitation, the Private Healthcare Facilities and Services Act 1998);
(b) third party medical/dental practitioners, clinics, hospitals and/or medical institutions;
(c) companies providing services relating to insurance to HMI Medical;
(d) agents, contractors, sub-contractors or third party service providers who provide operational, marketing, business or other support services to HMI Medical;
(e) our corporate clients;
(f) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);
(g) external banks, credit card companies, other financial institutions and their respective service providers;
(h) our professional advisers such as consultants, auditors and lawyers;
(i) third party insurers, employers of patients, guarantors and/or credit reporting agencies/credit data management company;
(j) relevant regulators or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority (including the Ministry of Health);
(k) in connection with a corporate transaction, such as merger, consolidation, or in the unlikely event of winding up; and/or
(l) any other party to whom you authorise us to disclose your Personal Data.
4.2 As far as permitted by the laws of Malaysia, we will not be responsible for any unauthorised use of your Personal Data by third parties which are wholly attributable to factors beyond our control.
5. Retention of Personal Data
5.1 HMI Medical retains such Personal Data as may be required to fulfill the purposes for which the Personal Data has been collected, and for the period required to serve applicable business purposes, to the extent necessary to comply with applicable legal requirements, and/or as advised by local laws and regulations.
6. Use of Cookies, Web Beacons, and Similar Technologies
6.1 When you visit or interact with our sites, services, we or our authorized service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide you with a better, faster, and safer web experience.
6.2 The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
6.3 The use of cookies, web beacons and similar technologies by us has different functions. They are either necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our sites or HMI Platforms.
6.4 We offer certain site features and services that are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain site features or services tools.
7. Third-Party Sites
The HMI Platforms may contain links to other websites operated by third parties. However, we are not responsible for the data protection practices of such third party websites even though some of these websites may be co-branded with our logo or trade marks. Once you have left our HMI Platforms, you should check the applicable Data Privacy Notice of the third party website to determine how they will handle any information they collect from you.
8. Incompetent Patients
In order to provide healthcare services to our patients, HMI Medical may collect Personal Data from Incompetent Patients. “Incompetent Patients” include patients who are certified medically to be mentally incompetent or who is legally incompetent or he/she is a minor who has not attained the age of 18 years old. In the event that such Personal Data is provided to HMI Medical, you, as legal guardian hereby consent to the processing of the Incompetent Patient’s Personal Data and personally accept and agree to be bound by this Data Privacy Notice and take responsibility for his or her actions.
9. Accuracy of Information
You are responsible for informing us about changes to your Personal Data and for ensuring that such information provided to us is accurate and current. We will not be responsible for relying on inaccurate or incomplete data provided.
10. Transfer of Personal Data Outside Malaysia
Due to our international presence, your Personal Data may be transferred to, stored, used and processed by HMI Medical entities, its affiliates and its service providers in a jurisdiction other than Malaysia, in order for HMI Medical to fulfil its purposes described in this Notice, to duly perform the agreed services and/or fulfil its contractual obligations with you.
11. Failure to supply and consent to the collection, use and disclosure of Personal Data
Except for Personal Data which is collected, used and disclosed for direct marketing purposes, you must provide us with the Personal Data which we request from you. If you do not consent and supply us with your Personal Data, this may result in us being unable to provide you with services and/or products requested.
12. Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data
12.1 If you:
(a) have any questions or feedback relating to your Personal Data or our Data Privacy Notice;
(b) would like to withdraw your consent to any use of your Personal Data as set out in this Data Privacy Notice;
(c) would like to inform us of changes to your Personal Data or obtain access and make corrections to your Personal Data records; or
(d) would like to lodge a complaint regarding the collection, use, process and disclosure of your Personal Data,
please contact the relevant entity to whom you have furnished your Personal Data at the following contact details:
Health Management International (Malaysia) Sdn Bhd
Suite 19.01, Level 19, Menara IGB,
Mid Valley City, Lingkaran Syed Putra,
59200 Kuala Lumpur
Email: dataprotection@hmimedical.com
HMI Healthcare Services Sdn Bhd
Regency Medical Care Centre
G-051-054, Aras Tanah (Ground Floor)
The Mall, Mid Valley Southkey, PTD 236228
No. 1 Persiaran Southkey 1,
Mukim Plentong 80150, Johor Bahru, Malaysia
Email: dpo@regencyspecialist.com
Telephone: +60 7-333 8888
Customer Service department
Regency Specialist Hospital Sdn Bhd
No.1, Jalan Suria,
Bandar Seri Alam,
81750 Masai, Johor.
Email: dpo@regencyspecialist.com
Telephone: +60 7-381 7700
Patient Experience department
Mahkota Medical Centre Sdn Bhd
3 Mahkota Melaka,
Jalan Merdeka,
75000 Melaka.
Email: info@mahkotamedical.com
Telephone: +60 6-285 2999
Admin department
REN TCM Sdn Bhd
No 13 (GF) & 15 (GF),
Jalan Suria 1/3, Bandar Seri Alam,
81750 Masai, Johor.
Email: dpo@regencyspecialist.com
Telephone: +60 16-212 2617 / +60 7-382 3840
12.2 It may take up to 21 calendar days for the requested changes under paragraphs 12.1(a) and 12.1(b) above to be reflected in our systems. Also, we reserve the right to charge a minimal fee to attend to any data access requests as permitted by the relevant personal data protection laws applicable.
12.3 Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner or your employer or third party administrator), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to HMI Medical on your behalf.
12.4 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, HMI Medical may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with HMI Medical, and your being in breach of your contractual obligations or undertakings. HMI Medical’s legal rights and remedies in such event are expressly reserved.
12.5 Subject to provisions of the PDPA, you may, upon payment of a prescribed fee, make a data access request in writing to us by completing an Access Request Form which is available for download here, and returning the same to us.
12.6 If we have not received any response from you in withdrawing your consent to HMI Medical collecting, using, processing and disclosing your Personal Data as set out above, we reserve the right to assume that you consent to and agree with the terms set out above.
12.7 Depending on your request, there may be circumstances where we refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal. We may also require the requestor of Personal Data (where the requestor is not the owner of Personal Data) to provide consent form of the owner of Personal Data authorising and indemnifying us to release or correct the Personal Data.
13. Governing Law
This Data Privacy Notice shall be governed in all respects by the laws of Malaysia.
Date: 28th November 2025