Revised on 1st November 2024 (“Effective Date”)
This IHH MY Personal Data Protection Notice (“Notice”) belongs to and is adopted collectively by IHH Healthcare Malaysia 1 (“IHH MY”, “we”, “us”, “our”, or “company”).
We collect Personal Data from you in the following ways:
Personal Data shall be collected, used, transferred or otherwise Processed for one or more of the following purposes:
In every subsequent direct marketing communication that is made to you, you shall be offered the opportunity to opt-out of further marketing communication.
If you object to receiving marketing communications from us, or withdraw consent to receive such materials, we will take steps to refrain from sending further marketing materials as specifically requested you. We will do so within the time-period required by applicable data protection related laws;
Categories of Personal Data | Examples of types of Personal Data we collect |
---|---|
Personal identification, demographic, and contact information | Name, surname, title, gender, country, date and place of birth, nationality, marital status, domestic partners, dependents, email address, phone number, mobile number, home address, emergency contact information. |
Network traffic and other related data | Identification numbers, location data, online identifiers, IP address, cookies, web beacons, device identification details, language settings. |
Account creation and login information | Login details (including password), existing and/or previous employee or contractor or supplier identification details, other information used to access and/or secure our systems and applications. |
Images and/or videos from which you may be identified, images captured on security systems, including CCTV and key card entry systems | Pictures uploaded into our accounts, social media or services otherwise provided to us by you, CCTV images, log files. |
Compensation and payroll | Bank account information, salary, bonus, payroll deductions including direct insurance. |
Job, position, and organisation data | Department, supervisor, office address, work location, permit details, hire date, job title, designation, business unit, part-time or full-time position, work history, termination date and reason, retirement eligibility, promotions and disciplinary records, date of transfers, reporting manager(s), other details of employment contract. |
Performance and benefits data | Performance reviews and ratings, incentives, awards, retirement, benefits data of family members/dependents such as names and date of birth. |
Data resulting from internal or external communications | Contents of email, records of communication through bots, messaging tools, mobile communications. |
Tax Data | Tax number, contribution rates, tax preferences, social security number. |
Information that you decide to voluntarily share with us | Feedback, opinions, reviews, comments, any information you may share with us on our social media platform, internal communication platforms and websites. |
Special categories of Personal Data | This may include:
|
Purposes for Processing Personal Data | Examples |
---|---|
Administration and management | Management of relationship, management and administration of outplacement, eligibility for employment, initial hiring or rehiring, , leave and other absences, management of compensation and benefits (including pensions and/or shares),management of tax issues, performance evaluations, providing and verifying employment references, loans, performing workforce analysis and planning, performing background checks, managing disciplinary matters, grievances and terminations, making business travel arrangements, managing business expenses and reimbursements, creating and maintaining one or more internal employee directories. |
Business process execution and internal operations management | Internal communications, scheduling work, recording time, managing and allocating company and employee assets and human resources, managing career and talent development, performing internal surveys, ensuring business continuity and crisis management, improving employees’ and teams’ performance, managing courses and/or trainings, managing projects and costs, managing mergers, acquisitions, divestitures, re-organisations or disposals and integration with purchaser, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting. |
Employee/Customer support | Providing support via internal tools and communication channels. |
Commercial communications | Communications about discounts for our products and services. |
Security and protection of assets and employees | Deploying and maintaining technical and organisational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests, identifying and authenticating employees, managing network security and preventing data loss using automated technologies to identify malicious data on equipment or networks and to detect confidential information from leaving our perimeters or from unauthorised access to that information. Recording of your Personal Data through video or other digital, electronic, or wireless surveillance system or device to secure and maintain IT infrastructure, office equipment, facilities and other property. |
Compliance with legal and regulatory obligations | Disclosing Personal Data to government institutions or supervisory authorities as required by law or judicial authorisation for complying with tax and national insurance deductions, record-keeping and reporting obligations, conducting audits and investigations to prevent or detect fraud or corruption, compliance with government inspections and other requests from government or other public authorities, responding to legal process conducting investigations including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns, complying with internal policies and procedures. Please also keep in mind that we may also use your data for security reasons and/or to protect our legitimate business interests or to prevent or investigate suspected or actual violations of law, breaches of the terms of employment or non-compliance with our policies. |
Defence of legal claims | Establishment, exercise or defence of legal claims to which we are subject, such as responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims (including any whistle-blower/ethics hotlines). |
Health and safety | Protecting your and others’ health and safety, facilitating communication with you and your designated contacts in an emergency or during your business travel. |
Enhanced security and further processing for improved services | Creation of de-identified and/or anonymised data from your Personal Data (by removal of identifiable components, obfuscation, anonymisation, or any other means) to enhance security and for further processing, aggregation, analysis for optimisation of patient care and improvement of healthcare services, products, research and development which may include transferring anonymised data to our affiliates and business partners in foreign countries. |
1.IHH Healthcare Malaysia is a network of companies operating within Malaysia (as part of the group of entities under the ultimate holding company, IHH Healthcare Berhad) including without limitation Pantai Holdings Sdn Bhd and its Affiliates. “Affiliates” is any entity that controls, is controlled by, or is under common control, in each case either directly or indirectly with either a subsidiary or related corporation of the Group, where “control” means the ownership of or the power to vote representing more than 50% of voting stock, shares or interests of the entity.
2.“Data Subjects” are entities and individuals including our employees, job applicants, clients, customers, business partners, personnel, contractors, suppliers and other individuals
3. “Process” (including references to “Processing” and “Processed”) is any operation or set of operations performed on the Personal Data including, but not limited to, collection, storage, use, disclosure, transfer or destruction.
4. “Relatives” include spouses, next of kin, dependents, children, and partners.
5. “Vulnerable Person” are persons deemed more vulnerable by applicable laws and regulations, and includes, but is not limited to, minors, elderly, persons with disabilities, and persons with diminished mental capacity.