Data Protection Policy

Introduction

Dr Ko Skin Sdn Bhd. (Registration No. 202301042063 (1535980-U)), including its affiliates, subsidiaries, any associated entitles, any of their clinics, medical centre, training centre, wellness centre, retail outlets and offices (referred herein as “the Company” or “we” or “us” or “our”) respects the privacy of individuals and we are committed to protecting your personal data and privacy. The term the Company, we, us or our shall also be extended to its successors and assigns.

This Personal Data Protection Notice (“Notice”) governs the manner of how the Company collects and processes your personal data, including your sensitive personal data strictly in accordance with the Personal Data Protection Act 2010 and its relevant  regulations (collectively referred to as “PDPA”).

1. Type of Personal Data

Personal data means any information or combination of information which relates, directly or indirectly to you and which have been provided to us or we may have access to, in the course of your interaction with us (“Personal Data”).

Your Personal Data may include but not limited to the following:

(a) Personal information – full name, age, gender, date of birth, race, national  registration identification card (NRIC) number, citizenship, religion, education, marital status, medical history or any related health information, information of your family to next of kin;

(b) Contact number – residential address, mobile phone number, email address, emergency contact information;

(c) Payment information – debit or credit card number, expiry date, billing address and other financial or bank account details;

(d) Image or recordings – any images and recordings taken as part of the services provided by our Company, close circuit television (CCTV) image or footage, security recordings when you visit to our clinics, phone call recordings; and

(e) Other information – any other Personal Data you provide to us during your interaction with our clinic.

For the purpose of this Notice, your sensitive personal data may include but not limited to your physical or mental health or condition and your medical information such as patient medical history, diagnostics and allergies.

2. Source of Personal Data

We collect your Personal Data either from you, your authorised representatives or third parties through the following ways:

(a) Any creation of account, and/or through the submission of any registration forms, consent forms and/or any other forms that you or your representative fill to provide us or benefit from our services;

(b) When you reach out to us in person, over the counter, through telephone conversations with our teams or by electronic mail;

(c) By you participating in any surveys, questionnaires, offers or promotions done internally or via an appointed third party;

(d) When you sign up for our marketing, promotional communications and/or any initiatives;

(e) When you visit any of our clinics, medical centre, training centre, wellness centre or retail outlets;

(f) When you submit any enquiry, complaints, feedback, ratings and/or review on our website or any other platforms;

(g) When you attend any of our corporate events;

(h) When you communicate with us via social media or interactive applications including but not limited to Facebook, Twitter, TikTok, LinkedIn and Instagram;

(i) When you submit your employment application;

(j) From any third parties connected with you such as your employer/ potential employer, agents, insurance companies and/or any other healthcare provider; and

(k) From such other sources where you have given your consent for the disclosure of Personal Data relating to you, and/or where otherwise lawfully permitted.

3. Purpose of collecting and further processing your data

Your Personal Data is collected, used, transferred or otherwise processed for one or more of the following purposes:

(a) Provision of Medical and Aesthetic Services

• To confirm your identification and maintain your account or contract/agreement with us;
• To process your requested medical products and services;
• To administer and communicate with you in relation to our treatment plans; or
• To monitor and review your health progress and treatment outcomes;

(b) Administrative and Operational Purposes

• To establish and manage medical records and medical reports;
• To schedule appointments;
• To facilitate and process any invoice for services and payment relevant to you;
• To notify you about important updates, follow-up care and reminders; or
• For our internal investigations, audit or security purposes;

(c) Quality Assurance and Improvement

• To act on and/or respond to any enquiries, complaints, comments or feedbacks that you have submit to us;
• To provide training and education to our staff in order to enhance service delivery; or
• To conduct research and development, for instance, internal analytics to produce better products and
  services;

(d) Compliance and Legal Obligations

• To maintain records required for security, claims or other legal purposes;
• To comply with government inspections and other requests from government or other public authorities;
• For submission and registration of relevant forms, licenses to the relevant regulatory authorities and/or third parties under any governing laws relevant to the healthcare industries;
• For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities;

(e) Marketing and Promotional Activities

• To communicate and send you information about our services, promotions, offers and events;
• To use your data for internal marketing analysis and strategic planning; or
• To provide personalised offers and recommendations based on your preferences;

4. Disclosure of Personal Data
As a part of providing you with our services and managing or running the same, we may share, disclose and/or make available your Personal Data to the following persons/parties for the aforementioned purposes:

(a) Any affiliates, subsidiaries, associated entities or branches and offices of our Company;

(b) Federal or state government authorities;

(c) Law enforcement bodies;

(d) Government agencies;

(e) Any regulatory bodies;

(f) Companies or organisations that act as our agents, contractors, service providers or professional consultants;

(g) Any service providers, vendors or suppliers that we have appointed to provide service to us or on our behalf (for instance payment processing, data storage and/or IT support); or

(h) Any representatives or parties whom you have either authorised or given your consent for the purpose of enquiry or performing any transaction.

Transfer of your Personal Data outside Malaysia. There may be events where your Personal Data is required to be transferred outside of Malaysia to any of our affiliates and/or authorised external parties mentioned in this paragraph 4 in order for us to fulfil the purposes set out in this Notice.

In the event where your Personal Data is to be transferred outside of Malaysia, we shall take necessary steps to ensure that our authorised external parties and/or any other third parties shall only process your Personal Data under our instructions and are in compliance with any relevant data protection related laws that is applicable.

5. Retention of Personal Data and Measure we take to protect your Personal Data
Your Personal Data shall be retained, kept or held by us for the period of our contractual relation and the duration of you receiving services from us and/or for as long as it is necessary to fulfil the purpose for which it was collected and in relation to our business requirements.

Please also note that relevant Personal Data may be retained subject to the conditions below:

(a) As and when required under any applicable laws or legislation of Malaysia;

(b) Where legal actions have arisen and are pending; and

(c) For commercial and/or operational purposes of our Company.

In accordance with the PDPA, we shall take reasonable steps to ensure that your Personal Data is destroyed or permanently deleted if it is no longer required for the aforementioned purpose.

We take responsibility of the management and security of your Personal Data. In order to protect your Personal Data, we take appropriate technical and/or organisational measures to secure and prevent any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction of your Personal Data.

6. Right to access and correct personal information
You may at any time request to access and correct or update your personal information held by us. We endeavour to ensure that your Personal Data held with us are accurate and up-to-date. In any event if you wish to access to your Personal Data in our possession, or where you are of the opinion that such Personal Data held by us is inaccurate, incomplete, misleading or not up-to-date, please reach out to us through the contact details as specify herein.

7. Conflict
In the event of any discrepancies or inconsistent arising between the English language of the Notice and its corresponding Bahasa Malaysia Notice, the terms in the English language Notice shall prevail.

8. Changes in the Notice
Please note that we may amend this Notice from time to time without prior notice. We will notify you of the same
through email if there is any amendment made to the Notice.

• Please find below the contact details if you:
  • Would like to enquire further information on how we process your Personal Data;
  • Would like to limit the processing of your Personal Data; or
  • Would like to revoke your consent to us processing your Personal Data.

You may contact us at:
Dr Ko. Skin Sdn Bhd
10A-22A, Jalan Temoh,
Off Jalan Goh Hock Huat,
41400 Klang, Selangor, Malaysia

[Email: drkocompliance@koskinspecialist.com]
[Attention: [PDPA Compliance Officer]]