Personal Data Protection (PDP) Policy

At UM SPECIALIST CENTRE, we value your privacy and strive to protect your personal information in compliance with the Personal Data Protection Act 2010 [Act 709] (“PDPA”) and its regulations.

UM SPECIALIST CENTRE will be launching this policy commencing 1st March 2022. This notice hereby issued to all patients , employees and third party service providers of UM SPECIALIST CENTRE.

This Privacy Notice intends to explain and elaborate on some of our policies and principles regarding the privacy of your personal information. We are sharing this introduction to help you understand our data protection and privacy practices.

PDPA is an Act that regulates the processing of personal data with regards to commercial transactions applicable to UM SPECIALIST CENTRE.

This notice also details on how your data may be utilised, the limits of its utilisation and the person who is responsible and accountable for your data.

Please find the full version of this notice here.


(Revised: 01 March 2022)

At UM Specialist Centre (“UMSC”), we are committed to protecting your privacy in accordance with the Personal Data Protection Act 2010 (“PDPA”).

This Policy explains:

  • The type of personal data we collect and how we collect it
  • How we use your personal data
  • The parties that we disclose the personal data to; and
  • The choices we offer, including how to access and update your personal data.

Personal Data We May Collect from You

We may collect the following personal data about you:

  • Personal information to establish your identity and background such as your full name, passport or identity card number, nationality and religion
  • Contact information such as mailing address, telephone number, mobile phone number, fax number and email address
  • Payment information such as your debit or credit card information, including the name of cardholder, card number, mailing address, expiry date and other bank account details
  • Sensitive information such as your health, racial or ethnic origin, political opinions, religion or other beliefs. We do not generally collect sensitive information unless it is necessary due to exceptional circumstances to serve you better and meet your particular needs
  • Recording of your image via CCTV cameras installed at our hospital or premises
  • Recording of your photograph during any of our corporate events, or third party events
  • Recording of calls placed by you to our customer services
  • Function or post when you commence a business relationship with us
  • Resume or CVs when you apply job with us

For general web browsing although no personal data is revealed to us, certain technical and statistical information is available to us via our internet service provider such as cookies, your IP address, the time, date and duration of your visit. If you provide us with any personal data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such personal data to us, you represent to us that you have obtained the consent of the third party to provide us with their personal data for the purposes as listed below.

How We Collect Your Personal Data

We may collect personal data either from you, from your authorized representatives, from third parties, or from publicly available sources which may include (but is not limited to):

  • When you register for our services (for example when you submit an application form to become our patient)
  • When you contact us in person, by a phone call or over the counter (for example when you contact us for any appointments, enquiries, complaints, comments or feedbacks, we may keep record of that correspondences)
  • When you participate in any surveys, questionnaires, competitions, contests, offers, or promotions done internally or via an appointed third party
  • When you commence a business relationship with us (for example, as a service provider, or business partner)
  • When you visit any of our hospital or premises
  • When you attend any of our corporate events or third party open day
  • When you visit or browse our websites
  • When you apply for a job with us
  • When you interact with us via social media or interactive applications including but not limited to Facebook, Twitter and Instagram
  • When we collect information about you from third parties we dealt with or are connected with you (insurance companies, payment collector, credit reporting agencies or financial institutions)
  • From such other sources where you have given your consent for the disclosure of personal data relating to you, and/or where otherwise lawfully permitted.

Use of Personal Data Collected

You agree that we may use your personal data where permitted by applicable law and for the following purposes:

  • To verify your identity
  • To manage and maintain your contract/agreement with us
  • To notify you about benefits and changes to the services
  • To provide and improve our services to you including fulfilling audit requirements and facilitating payments
  • To carry out your instructions or to respond to any enquiries, complaints, comments or feedbacks that you have submit to us
  • To protect or enforce our rights to recover any debt owing to us
  • To compile information for analysis and in reports for relevant regulatory authorities
  • To transfer or assign our rights, interests and obligations under any of your agreements with us
  • To update, consolidate and improve the accuracy of our records
  • To administer services, competitions, contests, offers, or promotions to you
  • To produce data, reports and statistics which have been anonymised or aggregated in a manner that does not identify you as an individual
  • To conduct research for analytical purposes including but not limited to data mining and analysis of your transactions with us
  • To assess financial and insurance risks
  • To conduct surveys, questionnaire, and provide you with information from us or which we feel may interest you, where you have consented to be contacted for such purposes
  • To engage in business transactions in respect of services to be offered and provided to you
  • To comply with any legal or regulatory obligations under the applicable laws, regulations, guidelines or codes of practice that applies to us
  • For internal management of the services being provided to you
  • To maintain records required for security, claims or other legal purposes
  • To provide training for our staff
  • To conduct marketing and information technology activities (for example, market research)
  • To persons who have been identified as being you or your authorised representative(s) pursuant, for the purpose of the relevant transaction or enquiry or research or administrative or alumni or communication or for our corporate governance.
  • To third parties with whom we have contracted to provide services to us (such as analysis on our behalf) for any of the purposes described above. Where we disclose your personal data to third parties we shall ensure that such data is used only to provide services to us
  • For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.

With Whom We Share Your Personal Data

As a part of providing you with our services and the management or operation of the same, we may be required or need to disclose information about you to the following third parties:

  • Federal or state government
  • Law enforcement agencies
  • Government agencies
  • Our regulators
  • Companies or organisations that act as our agents, contractors, service providers or professional consultant
  • Companies or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with services that you have requested
  • Our business associates and other parties for purposes that are related to the purpose of collecting and using your personal data
  • Other parties in respect of whom you have given your express or implied consent
  • Any credit reporting agencies or in the event of default, any debt collection
    agencies subject to the permitted law applicable to us.
  • Universiti Malaya Medical Centre (“UMMC”)
  • Universiti Malaya (“UM”) and its related companies

Specific Consent Disclosure of Imagining and Picture

  • We may give or disclose your personal data if required to do so by law or for medical purposes to UMMC and UM, if such action is necessary to (a) comply with any law enforcement agency or authorities’ requirements, court order or legal processes; or (b) protect and defend the rights or property of
    (c) for medical purposes only
  • We may give or disclose your personal data if required to do so by, share, and process my / our personal data with UMMC and UM related to compliant of any law enforcement agency or authority requirements, court order or legal processes: or to protect and defend the rights or property of UMSC and allow the access of the data to UMMC Consultant for medical purposes only.

If Personal Data Provided by You Is Incomplete

Where indicated in our application or registration forms manually or electronically, it is obligatory to provide your personal data to us to enable us to process your application for our services. Should you fail to provide a complete and obligatory personal data, we may not be able to process your application or provide you with our services.

Your Rights to Access and Correct Your Personal Data

We can assist you to access and correct your personal data held by us. Where you wish to have access to your personal data in our possession, or where you are of the opinion that such personal data held by us is inaccurate, incomplete, misleading or not up-to-date, you may make a request to us via written request to us via our Data Protection Officer at [email protected].

How Long We Will Keep Your Personal Data

We will retain your personal data in compliance with this Policy and/or the terms and conditions of your agreement(s) with UMSC for the duration of your relationship with us, for such period as may be necessary to protect the interests of UMSC as may be deemed necessary, where otherwise required by the law and/or where required by UMSC’s relevant policies.

How We Protect and Safeguard Your Personal Data

We endeavour to take all reasonable steps to protect your personal data and keep your personal data secured. This includes following our security procedures (like checking your identity when you call us). Our site may link to other websites and we are not responsible for their data policies, procedures or their content.

Transfer of Your Personal Data Outside Malaysia

Any personal data, which you volunteer to us, will be treated with the highest standards of security strictly in accordance with the PDPA. It may be necessary for us to transfer your personal data outside Malaysia if any of our service providers or business partners are involved in providing part of a services are located in countries outside Malaysia. You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such service providers or business partners are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.

Your Consent

By submitting your personal data, you consent to the use of that personal data as set out in this Policy. If we change our Policy, we will publish the amended version on this page. But you can email or write to us to ask for a copy. Continued use of the service will signify that you agree to any such changes.

Our Contact Details

UMSC is committed to protecting your personal data. If you have questions or comments about UMSC’s administration of personal data you may contact us at [email protected] or call us at +603- 7841 4000

If you have any questions, comments or suggestions regarding this Policy, we would be glad to hear from you. Please contact our Data Protection Officer at [email protected]

For any written enquires by post can be sent to Lot 28, Lorong Universiti, Lembah Pantai, 50603, Kuala Lumpur, Malaysia




Thank you.