no 17 19&, 21, Lorong Medan Tuanku 2, Medan Tuanku, 50300 Kuala Lumpur, Federal Territory of Kuala Lumpur.

Updated August 2021

PRIVACY NOTICE

BP Healthcare Group (“BP”) respects and is committed to protect your personal data and information shared with us in strict accordance with the requirements of the Personal Data Protection Act, Malaysia, 2010 (PDPA). This Privacy Notice explains how we collect and handle your personal information.

Please note BP means BP Healthcare Group, its affiliates, subsidiaries, associated entities including but not limited to BP Diagnostic Centre Sdn Bhd, B.P. Clinical Lab. Sdn. Bhd., Ali Health Sdn Bhd, and any of their branches and offices (together or individually) and “BP” and “member of the BP Healthcare Group” has the same meaning.

Please take a moment to read this Privacy Notice so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any products and services offered by us, you agree and consent to BP, as well as its representatives and/or agents collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manners set forth in this Privacy Notice.

This Privacy Notice supplements but does not supersede nor replace any other consents you may have previously provided to BP in respect of your Personal Data, and your consents herein are additional to any rights which any member of BP may have at law to collect, use, or disclose your Personal Data.

Please note that BP may amend this Privacy Notice at any time without prior notice and will notify you of any such amendment via our website or by email.

 

  1. Personal Data we collect

1.1 The types of Personal Data that BP collects directly from you or from third parties may include (but not limited to) your personal details (such as name, age, gender, identity card number, passport number, date of birth, education, race, ethnic origin, nationality, citizenship), contact details (such as address, email, phone numbers), family information (such as marital status, name of spouse or child or immediate family), occupation details (such as employer name, income range, job title, job responsibilities, employer’s contact information and address) medical and personal health information (such as medical and healthcare history, blood type, finger prints, or hereditary characteristics, DNA, health and mental condition, diagnosis, medication and drugs prescribed), demographic information (such as age group, medical history, genetic characteristics), device model (such as device ID, device GUI version, device type, device manufacture), device location (via GPS and Bluetooth), credit/debit card number and expiry date, billing address, loyalty program membership details, photographs, CCTV recordings and other images, preferences and interests and other information relevant to patient and/or customer surveys, education and/or offers and/or other information (in respect of other BP facilities and/or services used by you).

1.2 In addition, BP may from time to time request for certain other personal information that may be relevant for BP to consider your request for any other products or facilities of BP.

1.3 All information requested is obligatory to be provided by you unless stated otherwise. We would be unable to process your request and/or provide you with relevant facilities and/or services and/or transactions should you fail to provide the obligatory information.

2. How do we collect your Personal Data?

2.1 Any Personal Data is obtained by BP via-

(i) booking forms, registration forms, online forms, agreements you have signed, name cards or any identity materials that you have distributed voluntarily;

(ii) any online sites operated by BP;

(iii) interaction between your browser and BP’s browser when you visit our websites including but not limited to:

(a) doctor2u.my

(b) shop.doctor2u.my

(c) airport.doctor2u.my,

(collectively, “Websites”)

(iv) CAMERA; the use of the Camera function for the features including but not limited to Video Consultation, medication request, personal health wallet verification and user photo;

(v) Audio; the use of the Audio function for the features of Video Consultation where we require access to your device microphone as audio input to the video.

(vi) Files in media/ shared storage; We require access to your local device storage to store files that are available in our website/app. This permission is necessary to ensure you can view the files accordingly

(vii) Device location via GPS and Bluetooth; We require access to your location data when you request services from us that require your real time location, including Medication Delivery, Home Visit, Nursing, Care Companion, Baby Sitting, Ambulance, Babysitting and Physiotherapist. The Location Access is required to correctly identify your location in order to deliver our services and/or products to you.

(viii) Access Device and Browser Information: When you access the Website from a computer or other device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times;

(ix) Device information: We may also collect non-personal information from your mobile device or computer such as system version, device id, device model, device manufacturer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, in the event our application(s) crashes on your mobile device we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).

(x) READ CONTACTS permission to allow Users to directly access their phone book to input their phone numbers whenever purchasing services or products on the Doctor2U App;

(xi) voluntary upload of medical information files by User onto the Doctor2U App or Website;

(xii) voluntary provision of data to third party service provider(s) engaged by us;

(xiii) a person acting on behalf of the individual whose data are provided;

(xiv) interaction with us through social media;

(xv) any other contractual agreement or arrangement;

(xvi) business directory(ies) or listing(s) that you have subscribed to share your information;

(xvii) when you make or send job application; and

(xviii) other sources and related links in connection with providing your needs and services.

3. How do we use your Personal Data?

3.1 Purposes for which data may be used and/or processed are as follows:

(i) to process requested facilities and/or medical services;

(ii) to facilitate participation in any contests or events;

(iii) to administer and communicate in relation to BP’s services and/or events;

(iv) to facilitate medical practice within BP, including sharing of personal data with other independent consultants within BP for purposes of peer review;

(v) to administer and communicate with you in relation to your medical practice;

(vi) to process your credit account application;

(vii) to assess your credit worthiness;

(viii) for all ancillary purposes relating to the provision of facilities including the provision of computer, telecommunications and technology services;

(ix) to administer and give effect to your commercial transaction (product(s) delivery, contract for service, consignment agreement);

(x) to process any payments relevant to you;

(xi) for insurance purposes;

(xii) customer loyalty programmes;

(xiii) to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;

(xiv) for internal investigations, audit or security purposes;

(xv) to conduct internal statistical analysis;

(xvi) to conduct analysis of patient case studies;

(xvii) to comply with BP’s legal and regulatory obligations in the conduct of its business;

(xviii) to contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we feel may be of interest to you;

(xix) research, benchmarking and statistical analysis;

(xx) to ensure that the content from our website is presented in the most effective manner for you and for your computer and/or device;

(xxi) for BP’s internal records management;

(xxii) prevention, hindrance, reporting of any crime including but not limited to fraud, bribery and money laundering; and

(xxiii) purposes relating thereto.

4. Disclosure of your Personal Data

4.1 Data held by BP relating to an individual will be kept confidential but BP may provide or disclose such information to the following parties (whether within or outside Malaysia):-

(i) other companies within the BP Healthcare Group of companies;

(ii) relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual relationship or for the purposes stated in paragraph 3 above;

(iii) in the case of pre-employment health screenings, to the patient’s employer / prospective employer;

(iv) BP’s agents, servants and/or such persons;

(v) independent consultants and specialists within BP;

(vi) professional advisers such as external auditors, legal advisors and/or financial advisors or any other third party required by law, regulation or by-law, subpoena, court order or other legal process;

(vii) governmental agencies, governmental authorities and other regulatory bodies;

(viii) third party payers including employers, insurance companies and clinical sponsors;

(ix) third party reward, loyalty, co-branding and privileges programme providers;

(x) respective foreign embassies of foreign patients who received treatment in BP; and

(xi) selected third parties such as business partners.

4.2 Personal Data may also be disclosed or transferred as a result of any restructuring, sale or acquisition of any company within BP.

4.3 Where BP deals with third parties, specific security and confidentiality safeguards will be put in place to ensure your personal data protection rights remain unaffected.

5. Your rights

5.1 You may request to obtain information, correct/update your personal data, limit the processing of your personal data and/or deletion of your personal data as below:

(i) for online registered customers, you may login to your online account; or

(ii) for everyone else, you may forward your request to [email protected].

5.2 In accordance with the terms of the PDPA, BP has the right to charge a fee for the processing of any data access request.

5.3 BP may also refuse to comply with request for access or correction to the personal information.

6. Withdrawing Consent

You are entitled to limit our processing of your personal data by expressly withdrawing in full, your consent given previously, in each case, including for direct marketing purposes subject to any applicable legal restrictions, contractual conditions, and within a reasonable amount of time period. You may opt out of receiving any communications from us at any time by:

(i) following the opt-out instructions or by clicking on the “unsubscribe link” contained in each marketing communication;

(ii) editing the relevant account settings to unsubscribe; or

(iii) sending a request to [email protected].

7. Complaints

If you have any queries or complaints relating to this Privacy Notice or otherwise relating to misuse or suspected misuse of your personal information, you may send us a message via [email protected].

8. Other information

8.1 Children

Minors under the age of 18 may not use the Website. We do not knowingly collect personal information from anyone under the age of 18, and no part of the Website is designed to attract anyone under the age of 18. BP does not sell products and/or services for purchase by children. In certain instances, BP sells products and/or services for children but for purchase by adults.

8.2 Links to Third Party Website

Parts of our website may contain links to third party websites not owned by BP (“Third Party websites”). When you access a Third-Party website, please understand that we do not control the content of that Third Party website and are not responsible for the privacy practices or the content of that Third Party website. This Policy applies only to our site and you should be aware that other sites linked by this web site may have different privacy and personal data protection policies and we highly recommend that you read and understand the privacy statement of each site. We accept no responsibility or liability in respect of any such third-party materials or for the operation or content of other websites (whether or not linked to our website) which are not under BP’s control.

8.3 COVID-19 Related Efforts

Our App and website incorporate the latest COVID-19 cases and vaccination figures from the Ministry of Health Malaysia (“MOH”)’s open-source data (https://github.com/MoH-Malaysia/covid19-public). The COVID-19 figures are as per published by the MOH.

For any further queries or concerns, please contact us via Live chat (bottom right).