Kuala Terengganu Specialist Hospital (KTSH) and referred herein as “the Hospital” or “we” or “us” or “our” values your privacy and strives to protect your personal information (Personal Data). This Privacy Notice outlines how the Hospital collects, uses, maintains and discloses your Personal Data in accordance with the Malaysian Personal Data Protection Act 2010. Please note that we may amend this Privacy Notice at any time without prior notice and the amended Privacy Notice shall be made available in our premises and website.
1. What is Personal Data?
Personal Data refers to any information (e.g. name, address, NRIC number, photographs, financial, bank account details, occupation, religion, employer, etc) that relates directly or indirectly to an individual, who may be identified or identifiable from that information or other information that is in our possession including Sensitive Personal Data. Sensitive Personal Data refers to any information which relates to the health condition of an individual, his/ her religious beliefs or other beliefs of a similar nature and the commission or alleged commission of any offence.
2. Source of Personal Data
The collection of Personal Data shall depend on the nature of your visit to the Hospital. There are various sources from which your Personal Data may be procured / collected by us including but not limited to the following:
3. Is the supply of Personal Data obligatory?
The Personal Data that we collect can either be obligatory or voluntary as it would depend on the purpose of you disclosing the Personal Data. If the Personal Data requested by us is to ensure that we are able to efficiently provide our services, then it would be obligatory for you to provide that information. If you fail to do so, it may affect the services provided to you.
The Personal Data that would be voluntary are office fax number, email address, etc. However, such information will facilitate the delivery of services to you.
4. Purpose of collecting and processing your Personal Data
The purpose for which your Personal Data are collected and processed shall depend on the nature of the relationship which you have with us and your visits to our facilities. The purpose may comprise part or all of the following:-
5. Disclosure of your Personal Data
As part of providing you with our services and the management and /or operation of the same, we may be required to disclose your Personal Data to the following:-
a) Disclosure to Third Parties
b) Disclosure within the Hospital
Any disclosure made within the Hospital shall be done only when necessary to ensure that services provided to you are not hindered. Only pertinent Personal Data shall be disclosed to the relevant departments / employees.
We will otherwise treat your Personal Data as private and confidential and will not disclose your Personal Data without your consent UNLESS:-you have given us upfront express or implied consent for the disclosure;
6. Security of your Personal Data
The security of your Personal Data is our priority. We will take all reasonable efforts and practical steps to ensure that all physical and soft copy of your Personal Data are kept in a secured manner. If we disclose any of your Personal Data to our authorised agents or service providers, we will require them to appropriately safeguard the Personal Data that is provided to them.
7. Retention of your Personal Data
We will only retain your Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements. Upon the said purpose(s) being fulfilled, we will destroy or permanently delete your data according to our destruction policy.
8. Right to access and correct your Personal Data
You have the right to access your Personal Data held by us (subject to any exemptions as prescribed in the PDP or other Act) and to request for corrections to that Personal Data if it is inaccurate, incomplete, misleading or not up-to-date. Where appropriate, a fee may be imposed for any request to access and /or correct your Personal Data depending on the information that is requested.
Please note that access to your Personal Data may be withheld in certain situations as determined by the relevant authorities, legislations, acts and regulations and /or for the safety of our patients (for example when we are unable to confirm your identity).
We may review and update this Notice from time to time to reflect changes to the law, changes in our business practices, procedures and structures, and the community’s changing privacy expectations. You should check this Notice occasionally to ensure that you are aware of the most recent version which will apply each time you access this website.
Any enquiries or requests to access or update Personal Data or to withdraw consent, should be directed to our Medical Record Department or Data Privacy Officer by calling +09 657 8888 or emailing us at firstname.lastname@example.org