Privacy Policy

Introduction and Scope: This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in connection with klinikmunir.com, WhatsApp and other messaging channels, phone calls, Google Forms, in-clinic registration, community events and screenings, and payment or booking tools.

Data We Collect: Identity and Contact (name, NRIC or passport, date of birth, gender, address, email, phone); Patient and Medical (history, symptoms, diagnoses, prescriptions, allergies, lab or ultrasound or ECG results, images, vital signs, vaccination records, pregnancy or antenatal information, referral letters, doctor’s notes); Visit and Billing (appointments, panel or TPA membership, employer info for corporate screening, invoices, payment status, insurance or takaful claim data); Technical and Usage (IP address, device or browser type, pages visited, cookies, analytics identifiers); Communications (messages or recordings from calls or WhatsApp or forms, feedback, testimonials); CCTV if applicable for safety and security. You may choose not to provide certain data, but this may affect our ability to deliver services.

Purposes of Use: Provide healthcare including triage, diagnosis, treatment, procedures such as khatan, lab tests, imaging, prescriptions, referrals and follow-ups; manage appointments and patient records including registration, reminders, results notifications and medical reports; billing and administration including payment processing, receipts, debt management and insurance or TPA or corporate claims; public health and legal obligations including statutory notifications, MOH reporting, audit and fraud prevention; customer service and communications; quality, safety and staff training; marketing with your consent for updates on services and screenings, with the ability to opt out at any time.

Legal Basis under PDPA: We process data in line with PDPA principles of Notice and Choice, Disclosure, Security, Retention, Data Integrity and Access. Depending on context, processing is based on your consent, performance of a service you requested, legal obligations, vital interests related to health or safety, and our legitimate interests in clinic operations and quality assurance. Sensitive personal data such as health information is handled with additional safeguards.

Disclosures and Recipients: We do not sell personal data. We may share data on a need-to-know basis with healthcare partners such as external laboratories, imaging centres, referral specialists or hospitals and pharmacies; third-party administrators or insurers and corporate clients for eligibility, claims and reporting; service providers acting as processors such as website hosting and WordPress, WooCommerce, payment gateways including Billplz, email or SMS or WhatsApp tools, analytics such as Google Analytics, IT support and secure cloud storage; authorities and regulators when required by law, court order or public health interests; and other parties with your explicit consent. Processors act under our instructions and are bound by confidentiality and security duties.

International Transfers: Some processors may store or process data outside Malaysia. We take reasonable steps to ensure comparable protection and confidentiality consistent with PDPA requirements.

Retention: Medical records are retained as required by Malaysian laws and MOH guidelines, typically at least seven years from the last visit and longer for minors after reaching majority. Non-clinical records such as enquiries or marketing are kept only as long as necessary for the purpose collected or to meet legal and accounting obligations. When no longer needed, data is securely deleted, anonymised or archived.

Security: We implement administrative, technical and physical safeguards including role-based access, staff confidentiality undertakings, secure transmission and storage, encryption where appropriate, access logging and routine backups. While no system is completely secure, we continuously improve our controls.

Your Rights: Subject to PDPA and medical confidentiality laws, you may request access to your personal data or medical record, request correction of inaccurate or incomplete data, withdraw consent for optional processing such as marketing, and object to or limit certain processing where legally applicable. We may require identity verification and may charge a reasonable administrative fee as permitted by law.

Cookies and Analytics: Our website may use cookies and similar technologies to operate the site, remember preferences and understand usage for improvement and security. You can control cookies in your browser; some features may not function properly if disabled.

WhatsApp and Online Forms: If you contact us via WhatsApp or submit Google or website forms, you consent to our use of the information to respond, schedule and manage your case. Messaging platforms have their own privacy terms; avoid sending highly sensitive information in open chats unless requested by our staff.

Third-Party Links: Our site may link to external websites such as payment pages or information resources. We are not responsible for those sites’ privacy practices; please review their policies.

Children’s Privacy: We process children’s data with parental or guardian involvement for healthcare purposes such as immunisation and screenings. We do not knowingly collect children’s data for marketing.

Changes to this Policy: We may update this policy from time to time. The latest version will be posted on our website with the effective date.

Contact for PDPA Requests: Klinik Munir, MO Healthcare Sdn Bhd, 271-G, Jalan Pusat Dagangan Sendayan 3/5, Pusat Dagangan Sendayan, Bandar Sri Sendayan, 71950 Seremban, Negeri Sembilan, Malaysia. Phone 013-744 1178. Email mohealthcaresb@gmail.com. Please include your name, contact number and a description of your request such as access or correction. We will respond within a reasonable time as required by PDPA.