Personal Data Protection Notice

Privacy Notice

Kuala Terengganu Specialist Hospital (KTSH) and referred herein as “the Hospital” or “we” or “us” or “our” values your privacy and strives to protect your personal information (Personal Data). This Privacy Notice outlines how the Hospital collects, uses, maintains and discloses your Personal Data in accordance with the Malaysian Personal Data Protection Act 2010. Please note that we may amend this Privacy Notice at any time without prior notice and the amended Privacy Notice shall be made available in our premises and website.

1. What is Personal Data?

Personal Data refers to any information (e.g. name, address, NRIC number, photographs, financial, bank account details, occupation, religion, employer, etc) that relates directly or indirectly to an individual, who may be identified or identifiable from that information or other information that is in our possession including Sensitive Personal Data. Sensitive Personal Data refers to any information which relates to the health condition of an individual, his/ her religious beliefs or other beliefs of a similar nature and the commission or alleged commission of any offence.

2. Source of Personal Data

The collection of Personal Data shall depend on the nature of your visit to the Hospital. There are various sources from which your Personal Data may be procured / collected by us including but not limited to the following:

  • directly from you when you or your representative (parent, guardian etc) fill in the registration forms at our facilities, or contact us via emails and letters, telephone calls and conversations, or when taking part in customer surveys and promotions and during marketing activities;
  • from any third parties connected with you such as your employer / potential employer, agents, insurance companies, other healthcare facilities; and
  • from such other sources to whom you have given your consent to disclose information relating to you.

3. Is the supply of Personal Data obligatory?

The Personal Data that we collect can either be obligatory or voluntary as it would depend on the purpose of you disclosing the Personal Data. If the Personal Data requested by us is to ensure that we are able to efficiently provide our services, then it would be obligatory for you to provide that information. If you fail to do so, it may affect the services provided to you.

The Personal Data that would be voluntary are office fax number, email address, etc. However, such information will facilitate the delivery of services to you.

4. Purpose of collecting and processing your Personal Data

The purpose for which your Personal Data are collected and processed shall depend on the nature of the relationship which you have with us and your visits to our facilities. The purpose may comprise part or all of the following:-

  • to process the services that you are currently receiving and / or the services that you have requested;
  • to administer and communicate with you in relation to our current / future services and / or events;
  • to access your credit worthiness and process any payments relevant to you;
  • for insurance purposes, third party administration and any other third parties;
  • to respond to your enquiries and feedbacks;
  • for marketing and promotional activities;
  • for audio recording(example: calls made to the contact centre);
  • to administer and give effect to your commercial transaction (tender award, contract for service, other contractual obligations);
  • to better understand your needs as our customer and to improve our services provided to you;
  • for internal functions such as evaluating the effectiveness of marketing, market research, statistical analysis, reporting, audit, compliance and risk management and to prevent fraud;
  • for the prevention of crime (example: usage of CCTV coverage);
  • for investigating, reporting, preventing or otherwise in relation to any fraudulent, criminal activities;
  • to ensure stakeholders’ interests are protected;
  • for the purpose of enforcing our legal rights and / or obtaining legal advice;
  • to transfer or assign our rights, interests and obligations under any of your agreements with us;
  • for internal records management;
  • for any other purpose that is required or permitted by any law, regulations, guidelines and / or relevant regulatory authorities; and
  • any other related purposes.

5. Disclosure of your Personal Data

As part of providing you with our services and the management and /or operation of the same, we may be required to disclose your Personal Data to the following:-

a) Disclosure to Third Parties

  • insurance companies, credit card companies, current / potential employer / external counterparts for situations where a patient is transferred to another government / private hospital, parents / guardians of minors;
  • regulatory authority such as the Ministry of Health, Income Tax department, EPF, SOCSO, law enforcement agencies and any other statutory bodies having such authority or jurisdiction;
  • relevant accreditation bodies during their survey;
  • third parties appointed by us to provide services to us or on our behalf (such as auditors, company secretary, lawyers, event organizers, consultants, recruitment agencies, contractors, suppliers etc.).

b) Disclosure within the Hospital

Any disclosure made within the Hospital shall be done only when necessary to ensure that services provided to you are not hindered. Only pertinent Personal Data shall be disclosed to the relevant departments / employees.

We will otherwise treat your Personal Data as private and confidential and will not disclose your Personal Data without your consent UNLESS:-you have given us upfront express or implied consent for the disclosure;

  • you have given us upfront express or implied consent for the disclosure;
  • the disclosure is necessary where there is a serious and imminent risk to your welfare;
  • the disclosure is necessary for the purpose of preventing a crime or investigation;
  • disclosure was required and authorized by or under any law or by a order of the court;
  • we had reasonable belief that we had the right by law to disclose the Personal Data to that third party;
  • we acted in reasonable belief that we would have your consent if you had known of the disclosure and the circumstances of such disclosure;
  • the disclosure was justified as being in the public interest in circumstances as determined by the relevant Ministries.

6. Security of your Personal Data

The security of your Personal Data is our priority. We will take all reasonable efforts and practical steps to ensure that all physical and soft copy of your Personal Data are kept in a secured manner. If we disclose any of your Personal Data to our authorised agents or service providers, we will require them to appropriately safeguard the Personal Data that is provided to them.

7. Retention of your Personal Data

We will only retain your Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements. Upon the said purpose(s) being fulfilled, we will destroy or permanently delete your data according to our destruction policy.

8. Right to access and correct your Personal Data

You have the right to access your Personal Data held by us (subject to any exemptions as prescribed in the PDP or other Act) and to request for corrections to that Personal Data if it is inaccurate, incomplete, misleading or not up-to-date. Where appropriate, a fee may be imposed for any request to access and /or correct your Personal Data depending on the information that is requested.

Please note that access to your Personal Data may be withheld in certain situations as determined by the relevant authorities, legislations, acts and regulations and /or for the safety of our patients (for example when we are unable to confirm your identity).

Disclaimer

We may review and update this Notice from time to time to reflect changes to the law, changes in our business practices, procedures and structures, and the community’s changing privacy expectations.  You should check this Notice occasionally to ensure that you are aware of the most recent version which will apply each time you access this website.

Any enquiries or requests to access or update Personal Data or to withdraw consent, should be directed to our Medical Record Department or Data Privacy Officer by calling +09 657 8888 or emailing us at dataprotecttion.ktsh@tdmberhad.com.my