Privacy Policy
Klinik Mediviron – Taman Semarak is committed to protecting your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA).
Data Controller
The data controller responsible for your personal data is:
Klinik Mediviron – Taman Semarak
MOH Registration No: 230505-06921-11
Personal Data We Collect
a) Information you provide to us:
- •Full name, NRIC/Passport number, date of birth, gender
- •Contact details: phone number, email address, home address
- •Appointment requests and scheduling information
- •Medical history, symptoms, or health-related information submitted via enquiry or contact forms
- •Emergency contact information
- •Insurance information (where applicable)
b) Information collected automatically:
- •IP address, browser type, device type and operating system
- •Pages visited, time spent on pages, referral URLs
- •Cookies and similar tracking technologies (see our Cookie Policy)
c) Sensitive personal data (health information):
As a healthcare provider, we may collect health-related information which is classified as sensitive personal data under the PDPA. We will only process such data with your explicit consent, except where required by law or for medical necessity.
How We Use Your Personal Data
- •To respond to your enquiries and appointment requests
- •To provide medical and healthcare services
- •To send appointment reminders and follow-up communications
- •To comply with legal and regulatory obligations under Malaysian health regulations
- •To improve our website and services
- •To send health-related updates or service information (only where you have consented)
- •For internal record-keeping and clinic administration
We will not use your data for unsolicited marketing without your explicit consent, and we will never sell your personal data to any third party.
Legal Basis for Processing
- •Consent – where you have given us explicit permission
- •Contractual necessity – to provide the healthcare services you have requested
- •Legal obligation – where required under Malaysian law
- •Legitimate interests – to operate and improve our clinic services
Disclosure of Your Personal Data
We may disclose your personal data to:
a) Healthcare & Government
- •Healthcare professionals involved in your care (e.g. specialists, hospitals, laboratories)
- •Government authorities where required by law (e.g. Ministry of Health Malaysia, National Registration Department, National Cancer Registry)
b) Panel Arrangements
Where you are a panel patient, your relevant personal and medical data may be shared with the respective panel body for the purposes of claims processing, eligibility verification, and treatment authorisation. This applies to the following panel categories:
Direct Panel
Employers or corporations with whom the clinic has a direct billing arrangement. Data shared is limited to what is required for claim submission and verification by your employer or appointed third-party administrator (TPA).
Insurance Panel
Licensed insurance companies and takaful operators (e.g. Prudential, AIA, Great Eastern, Etiqa, and others) for the purposes of processing medical insurance or takaful claims. Data shared includes diagnosis codes, treatment details, and consultation records as required by the insurer. Sharing is subject to your policy terms and, where required, your explicit consent.
Mediviron Panel
As a branch operating under the Mediviron network, certain operational and patient data may be accessed by or shared with Mediviron UMC Sdn. Bhd. and its authorised personnel for the purposes of network administration, quality assurance, centralised records management, and group-level reporting. Such data is handled in accordance with Mediviron's own data protection policies and is not used for any purpose beyond the operation of the Mediviron clinic network.
c) Service Providers
- •IT and website service providers operating under strict confidentiality agreements
All third parties are required to maintain appropriate security standards and are prohibited from using your data for any purpose beyond what is specified above.
Data Retention
Medical records are retained for a minimum of 7 years from the date of last consultation, or as required under applicable Malaysian healthcare regulations. Website enquiry data not resulting in an appointment is retained for no longer than 12 months.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:
- •SSL/TLS encryption for all data transmitted via this website
- •Access to patient data restricted on a strict need-to-know basis
- •Regular security reviews of our systems and processes
However, no transmission over the internet is completely secure. Any submission of personal data via this website is at your own risk.
Communication via WhatsApp and Other Messaging Platforms
For your convenience, our clinic may be contactable via WhatsApp or other third-party messaging platforms. Please be aware of the following:
- •WhatsApp and similar messaging platforms are not secure or encrypted channels for the transmission of sensitive medical or personal information.
- •We strongly advise against sending medical records, identification documents, prescription details, or any sensitive health information via WhatsApp.
- •Any personal data you voluntarily share with us through WhatsApp is subject to this Privacy Policy; however, we cannot guarantee the security of data in transit through third-party platforms.
- •WhatsApp messages are subject to Meta Platforms Inc.'s own privacy policy and terms of service, which are outside our control.
- •For matters involving sensitive medical information, please contact us directly by phone at 06-794 0259 or visit the clinic in person.
By choosing to contact us via WhatsApp or any third-party messaging platform, you acknowledge and accept the inherent limitations in the security of such communications.
Your Rights Under the PDPA
Under the Personal Data Protection Act 2010, you have the following rights:
- •Right of Access – to request a copy of the personal data we hold about you
- •Right of Correction – to request correction of inaccurate or incomplete data
- •Right to Withdraw Consent – for non-essential processing at any time
- •Right to Prevent Processing – for direct marketing purposes
To exercise any of these rights, please contact us at kmediviron9330@gmail.com or write to us at Lot 9330, Jalan TS 2/1, Taman Semarak, 71800 Nilai, Negeri Sembilan. We will respond within 21 days of receiving your request.
You also have the right to lodge a complaint with the Department of Personal Data Protection Malaysia (JPDP) at www.pdp.gov.my.
Third-Party Links
Our website may contain links to third-party websites (e.g. Google Maps, WhatsApp). We are not responsible for the privacy practices of those websites and encourage you to review their respective privacy policies.
Children's Data
We do not knowingly collect personal data from children under the age of 18 without parental or guardian consent. If you believe we have inadvertently collected such data, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page with the effective date noted at the top. Continued use of our website after any changes constitutes acceptance of the revised policy.
Contact Us
For any questions, concerns, or complaints regarding this Privacy Policy or the handling of your personal data, please contact us at:
Klinik Mediviron – Taman Semarak
MOH Registration No: 230505-06921-11