Privacy Policy Statement

Updated February 2020

PRIVACY NOTICE

BP Healthcare Group (“BP”) respects and is committed to protect your personal data and
information shared with us in strict accordance with the requirements of the Personal Data
Protection Act, Malaysia, 2010 (PDPA). This Privacy Notice explains how we collect and
handle your personal information.

Please note “BP Healthcare Group” means BP Healthcare Group, its affiliates, subsidiaries,
associated entities and any of their branches and offices (together or individually) and “BP”
and “member of the BP Healthcare Group” has the same meaning.

Please take a moment to read this Privacy Notice so that you know and understand the
purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any products and
services offered by us, you agree and consent to BP, as well as its representatives and/or
agents collecting, using, disclosing and sharing amongst themselves your Personal Data,
and disclosing such Personal Data to our authorised service providers and relevant third
parties in the manners set forth in this Privacy Notice.

This Privacy Notice supplements but does not supersede nor replace any other
consents you may have previously provided to BP in respect of your Personal Data,
and your consents herein are additional to any rights which any member of BP may
have at law to collect, use or disclose your Personal Data.

Please note that BP may amend this Privacy Notice at any time without prior notice and will
notify you of any such amendment via our website or by email.

1. Personal Data we collect

1.1 The types of Personal Data that BP collects directly from you or from third parties
may include (but not limited to) your personal details (such as name, age, gender,
identity card number, passport number, date of birth, education, race, ethnic origin,
nationality, citizenship), contact details (such as address, email, phone numbers), family
information (such as marital status, name of spouse or child or immediate family),
occupation details (such as employer name, income range, job title, job responsibilities,
employer’s contact information and address) medical and personal health information
(such as medical and healthcare history, blood type, finger prints, or hereditary
characteristics, DNA, health and mental condition, diagnosis, medication and drugs
prescribed), demographic information (such as age group, medical history, genetic
characteristics), credit/debit card number and expiry date, billing address, loyalty
program membership details, photographs, CCTV recordings and other images,
preferences and interests and other information relevant to patient and/or customer
surveys, education and/or offers and/or other information (in respect of other BP facilities
and/or services used by you).

1.2 In addition, BP may from time to time request for certain other personal information
that may be relevant for BP to consider your request for any other products or facilities of
BP.

1.3 All information requested is obligatory to be provided by you unless stated otherwise.
We would be unable to process your request and/or provide you with relevant facilities
and/or services and/or transactions should you fail to provide the obligatory information.

2. How do we collect your Personal Data?

2.1 Any Personal Data is obtained by BP via-

(i) booking forms, registration forms, online forms, agreements you have signed, name
cards or any identity materials that you have distributed voluntarily;

(ii) any online sites operated by BP;

(iii) interaction between your browser and BP’s browser when you visit our website;

(iv) voluntary provision of data to third party service provider(s) engaged by us;

(v) a person acting on behalf of the individual whose data are provided;

(vi) interaction with us through social media;

(vii) any other contractual agreement or arrangement;

(viii) business directory(ies) or listing(s) that you have subscribed to share your
information;

(ix) when you make or send job application; and

(x) other sources and related links in connection with providing your needs and services.

3. How do we use your Personal Data?

3.1 Purposes for which data may be used and/or processed are as follows:

(i) to process requested facilities and/or medical services;

(ii) to facilitate participation in any contests or events;

(iii) to administer and communicate in relation to BP’s services and/or events;

(iv) to facilitate medical practice within BP, including sharing of personal data with other
independent consultants within BP for purposes of peer review;

(v) to administer and communicate with you in relation to your medical practice;

(vi) to process your credit account application;

(vii) to assess your credit worthiness;

(viii) for all ancillary purposes relating to the provision of facilities including the provision
of computer, telecommunications and technology services;

(ix) to administer and give effect to your commercial transaction (product(s) delivery,
contract for service, consignment agreement);

(x) to process any payments relevant to you;

(xi) for insurance purposes;

(xii) customer loyalty programmes;

(xiii) to operate our premises in a manner which is physically safe, secure and befitting of
health and safety requirements;

(xiv) for internal investigations, audit or security purposes;

(xv) to conduct internal statistical analysis;

(xvi) to conduct analysis of patient case studies;

(xvii) to comply with BP’s legal and regulatory obligations in the conduct of its business;

(xviii) to contact you regarding products, services, upcoming events, promotions,advertising, marketing and commercial materials which we feel may be of interest to you;

(xix) research, benchmarking and statistical analysis;

(xx) to ensure that the content from our website is presented in the most effective
manner for you and for your computer and/or device;

(xxi) for BP’s internal records management;

(xxii) prevention, hindrance, reporting of any crime including but not limited to fraud,
bribery and money laundering; and

(xxiii) purposes relating thereto.

4. Disclosure of your Personal Data

4.1 Data held by BP relating to an individual will be kept confidential but BP may provide
or disclose such information to the following parties (whether within or outside
Malaysia):-

(i) other companies within the BP Healthcare Group of companies;

(ii) relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual relationship or for the purposes stated in paragraph 3 above;

(iii) in the case of pre-employment health screenings, to the patient’s employer /
prospective employer;

(iv) BP’s agents, servants and/or such persons;

(v) independent consultants and specialists within BP;

(vi) professional advisers such as external auditors, legal advisors and/or financial
advisors or any other third party required by law, regulation or by-law, subpoena, court
order or other legal process;

(vii) governmental agencies, governmental authorities and other regulatory bodies;

(viii) third party payers including employers, insurance companies and clinical sponsors;

(ix) third party reward, loyalty, co-branding and privileges programme providers;

(x) respective foreign embassies of foreign patients who received treatment in BP; and

(xi) selected third parties such as business partners.

4.2 Personal Data may also be disclosed or transferred as a result of any restructuring,
sale or acquisition of any company within BP.

4.3 Where BP deals with third parties, specific security and confidentiality safeguards will
be put in place to ensure your personal data protection rights remain unaffected.

5. Your rights

5.1 You may request to obtain information, check whether BP holds your personal data,
correct/update your personal data and/or limit the processing of your personal data as
below:

(i) for online registered customers, you may login to your online account;

(ii) for everyone else, you may forward your request to [email protected];

(iii) contact our call centre (the number is available at www.bphealthcare.com); or

(iv) by mail to the address below:

Operational Headquarters
BP Specialist Centre Glenmarie
2, Jalan Pendaftar U1/54,
Section U1, Temasya @ Glenmarie,
40150 Shah Alam.

5.2 In accordance with the terms of the PDPA, BP has the right to charge a fee for the
processing of any data access request.

5.3 BP may also refuse to comply with request for access or correction to the personal
information.

 

6. Withdrawing Consent

You are entitled to limit our processing of your personal data by expressly withdrawing in
full, your consent given previously, in each case, including for direct marketing purposes
subject to any applicable legal restrictions, contractual conditions, and within a
reasonable amount of time period. You may opt out of receiving any communications
from us at any time by:

(i) following the opt-out instructions or by clicking on the “unsubscribe link” contained in
each marketing communication;

(ii) editing the relevant account settings to unsubscribe;

(iii) sending a request to [email protected]; or

(iv) write to:

Operational Headquarters
BP Specialist Centre Glenmarie
2, Jalan Pendaftar U1/54,
Section U1, Temasya @ Glenmarie,
40150 Shah Alam.

7. Complaints

If you have any queries or complaints relating to this Privacy Notice or otherwise relating
to misuse or suspected misuse of your personal information, you may:

(i) send us a message via [email protected];

(ii) contact our call centre (the number is available at www.bphealthcare.com); or

(iii) by mail to the address below:

Operational Headquarters
BP Specialist Centre Glenmarie
2, Jalan Pendaftar U1/54,
Section U1, Temasya @ Glenmarie,
40150 Shah Alam.

8. Other information

8.1 Children

Minors under the age of 18 may not use the Website. We do not knowingly collect
personal information from anyone under the age of 18, and no part of the Website is
designed to attract anyone under the age of 18. BP does not sell products and/or
services for purchase by children. In certain instances, BP sells products and/or services
for children but for purchase by adults.

8.2 Links to Third Party Website

Parts of our website may contain links to third party websites not owned by BP (“Third
Party websites”). When you access a Third-Party website, please understand that we do
not control the content of that Third Party website and are not responsible for the privacy
practices or the content of that Third Party website. This Policy applies only to our site
and you should be aware that other sites linked by this web site may have different
privacy and personal data protection policies and we highly recommend that you read
and understand the privacy statement of each site. We accept no responsibility or
liability in respect of any such third-party materials or for the operation or content of other
websites (whether or not linked to our website) which are not under BP’s control.

8.3 Conflict

In the event of any conflict between the English language of Privacy Notice(s) and its
corresponding Bahasa Malaysia Privacy Notice(s), if any, the terms in the English
language Privacy Notice shall prevail.

8.4 For any further queries or concerns, please contact us via Live chat (bottom right)

Your continued usage of the BP’s website, services, facilities and or account(s) is deemed consent for BP to collect, process and store the data in accordance with the above.