SEHATi APP PRIVACY POLICY (“Policy”)
The Personal Data Protection Act 2010 (“Act”) which regulates the processing of Personal Data (“Data”) in commercial transactions, applies to Bumi Healthtech Sdn Bhd ("we", "us", or "our"). This Policy discloses our (including our predecessors, successors, licensors, beneficiaries, subsidiaries, agents, employees, representatives, affiliates) practices concerning information we obtain by and through your use of the SEHATi APP(“Platform”) and the services provided through the Platform (“Services”). We are committed to respecting your privacy and recognising your need for appropriate protection and management of the Data which you share with us.
This Policy explains the types of information we obtain about users of our Platform and/or Services, how the information is obtained, how it is used, how it is disclosed, the choices you have regarding our use of the information, how you can get access to this information and your ability to review and correct, the information described in the Platform.
By registering and logging into this Platform, you expressly consent to the purpose of our usage of your Data as below (but not limited to);
the use of your Data by us;
the processing of your Data by us, any of our operators, commercial partners, agents and sub-contractors in and out of Malaysia;
the collection of your Data from any other source to supplement the Data which you have provided us;
the retention of your Data for as long as permitted for legal, regulatory, fraud prevention and marketing purposes; and
the use of your Data to send you information about products, services, and special offers of the Platform that may be of interest to you.
We may use and process your Data for:
Where you are a user of the Services provided by us (“User”):
to perform our obligations in respect of any contract entered with you;
to provide you with and to deliver to you any Service which you have requested;
to process, manage or verify your usage of the Platform;
to validate your requests, purchases and bookings as well as process payments relating to the Services you have requested;
to process your participation in any events, activities, research studies, promotions, polls or surveys; and
To understand and analyse our services as well as your needs and preferences.
General:
to respond to questions, comments and feedback from you;
for internal administrative purposes, such as auditing, data analysis, database records;
for purposes of detection, prevention and prosecution of crime;
to enhance or develop features, products, and services;
to personalize the content that you and others see on the Platform;
to notify you about our products and services; and
to send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings from us, our partners, sponsors or advertisers.
We may modify, update or amend this Policy from time to time without providing you any notification. You should review this Policy periodically so that you are updated on our most current policies and practices.
Data
Data means personal information including your name, NRIC No., PERKESO No., Passport No., nationality, address, telephone No., bank and credit card details, gender, date of birth, current medical condition and medical history, marital status, resident status, email address, occupation, your employer, any information about you which you have provided to us during registration at the Platform and any other forms and/or your information that has been or may be collected, stored, used and processed by us from time to time and includes sensitive Data as defined in the Act.
How the Data is Obtained
The provision of your Data is voluntary when you register at the Platform, create a profile on our Platform, or subscribe to our Services (“Register”).
We may also collect your Data when you make a request to be connected with the Medical Providers to provide consultation services at their respective registered healthcare facility (“Visit”) or complete our surveys.
You will need to provide us with health-related information for the medical services that you require.
The Data will be associated with your profile. Any Medical Information you provide at the Platform will be able to be viewed by a duly appointed Medical Providers, to be used for treatment and the processing of your payment for the Visit, and other healthcare operations.
In connecting you with the Medical Providers for Visits, we will use administrative, physical, and technical safeguards to protect the security and privacy of your Data in the Platform. Our infrastructure is kept in a secured data centre that protects from unauthorised access.
Our systems and databases are backed up and upgraded regularly.
We regularly upgrade our system software to include the latest security features. Our servers are protected by a firewall system designed to keep unwanted traffic or access out of our computer network. We also employ an intrusion prevention service (IPS) provided by a secured data centre operated by a third party.
All communications between your browser, mobile and our servers are encrypted with SSL (Secure Sockets Layer) to guard against network eavesdroppers. Your password is internally encrypted in our system to prevent unauthorized access to the system.
No other party except the Medical Providers and this Platform will have access to your Medical Information or health records.
We will transmit any Medical Information describing your symptoms to any Medical Provider in a secured electronic transmission.
We may collect your Data:
from publicly sources including social media pages;
from credit reporting agencies; and
when you interact and communicate with us at any event or activities.
Other modes of collecting your Data
Cookies: to facilitate your login processes; allow you to personalise and store your settings; collect usage information; determine our total audience size and traffic; and help us improve our Platforms bymeasuring which areas are of greatest interest to Users.
Tracking and/ or Analytics Services: to understand User’s behaviours and optimise Platform performance.
Web Beacons : to recognise Users and assess traffic patterns, and we may include web beacons and cookies in our email messages in order to count how many email messages have been opened.
Non-Health or Non-Medical Information
We also collect information regarding statistics and metrics obtained from third party devices (eg. steps, distance, calories burned, GPS coordinates, hand speed, swing time, etc.), for your usage of the Platform’s tracking, monitoring, and diagnostic tools.
Mobile Device Information
The Platform may request your permission to collect location data and/or may request access to your mobile device. Location data is not required for participation in activities through the Platform, and you have the option of declining collection of geolocation data. If you do not wish for your location data to be shared with us, please respond accordingly when prompted on your mobile device, or visit mobile device settings.
All Data transmitted through the Platform is owned by us. The Medical Information provided for Visits will be owned by us and the Medical Providers. You hereby grant us a perpetual, royalty- free license to use such data including Medical Information to the extent necessary to enable your usage of the Platform and Services.
Sharing Your Information
We may share your Data with the parties as follows:
Medical Providers
We will share your Data with the Medical Providers which you have appointed for the Service. Any Medical Information that we collect from you will be kept private and secure, as required by law.
Affiliates
We may share your Non-Medical Information with affiliated companies and businesses.
Service Providers
We may use other companies (such as information technology (IT) service providers) to perform services eg. facilitating our Platform, processing credit card transactions, developing our software and infrastructure, sending emails and fulfilling requests.
Business Partners
When you accept a particular business partner’s promotions offered through our Platform, you authorise us to provide your information to that business partner.
Special Circumstances
We also may disclose your Data in response to a subpoena or similar investigative demand, a court order or other request from a law enforcement or government agency where required by law.
Miscellaneous
Such other purposes directly related to the above including but not limited to relevant marketing purposes.
Subject to any exceptions under the applicable laws, you may:
request for access to and/or request for the correction of your Data; and
make any inquiries regarding your Data, by contacting us.
Revocation of Consent
If you wish to revoke the consent that we have obtained from you, please notify us by contacting us at the e-mail address provided below.
If you wish to unsubscribe to the usage of the Platform, please click on the link
“Unsubscribe” which is embedded in the relevant e-mail. Your usage to the Platform will be terminated.
We use commercially reasonable administrative, technical, and physical measures to safeguard your Data and Medical Information in our possession against loss, theft and unauthorised use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it.
No method of transmission over Platforms is 100% secure. We strive to make all reasonable efforts to use commercially acceptable means to protect your Data and Medical Information. In the unlikely event of a data breach, you will be notified as soon as reasonably possible.
We are not responsible for any breach of security or for any actions by and against any third parties including the Medical Providers.
If you have any questions, comments or concerns about our Policy, please contact us at support@sehati.io.
In the event of any inconsistency between the English version and any other languages of this Policy, the English version shall prevail over any other languages.
This Policy is effective as of 12 April 2022