Privacy Policy

The purpose of this document (“Privacy Policy”) is to inform you of how Avisena Holdings Sdn Bhd, including its successors, subsidiaries, related corporations, associates, affiliates, agents, beneficiaries, licensors, employees, and representatives (collectively, the “Avisena Group”, “us”, “we” or “our“) collects and manages Personal Data (as defined below) which is subject to the Malaysian Personal Data Protection Act 2010 (Act 709) (“the Act”). This Privacy Policy explains (i) the types of information we collect; (ii) how the information is collected and obtained; (iii) how we use the information; (iv) how the information is disclosed; and (v) the choices we offer regarding how to access and update your information.

At Avisena Group, we value your privacy and strive to protect your personal information in compliance with the laws of Malaysia. As such, please take a moment to read this Privacy Policy so that you know and understand our practices.

By interacting with us, submitting information to us, or signing up for any products and services offered by us, you agree and consent to Avisena Group, as well as its representatives and/or agents collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this Privacy Policy.

This Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to Avisena Group in respect of your Personal Data, and your consents herein are additional to any rights which any member of Avisena Group may have at law to collect, use or disclose your Personal Data.

Avisena Group may from time to time update this Privacy Policy to ensure that this Privacy Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Privacy Policy as updated from time to time on our website Privacy Policy.

Please check back regularly for updated information on the handling of your Personal Data.

In this Privacy Policy, “mobile application” refers to Avisena Group’s mobile application, including but not limited to our service providers’ mobile application and/or such other mobile application developed by us.


1) Personal Data

1.1  In this Privacy Policy, “Personal Data” refers to any data which relates to you and which was collected or provided to us for the purposes stated in Section 3 below. 

1.2 Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, birth certificate number, MyKid number, NRIC, passport or other identification numbers, nationality, race, gender, date of birth, marital status, resident status, occupation, telephone number(s), mailing address, email address, personal health information, financial and banking account details, credit and debit card details, CCTV/security recordings, location tracking/GPS information, and any other information relating to you or any other individuals (including sensitive personal data as defined under the Act) which you have provided us in any forms (including for the purposes of completing surveys) you may have submitted to us, or via other forms of interaction with you.


2) Collection of Personal Data

2.1 Generally, we collect Personal Data in the following ways:

2.1.1 when you submit any form, including but not limited to application forms, registration forms, customer inquiry forms or other forms (including for the purposes of completing surveys) relating to any of our services;

2.1.2 when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;

2.1.3 when you submit your Personal Data to us or our agents, including but not limited to medical tourism agents;

2.1.4 when you interact with us via telephone calls (which may be recorded), letters, fax, face-to-face meetings or communication, text messages, social media platforms and emails;

2.1.5 when you interact with us via our websites, mobile applications or use services on our websites and mobile applications;

2.1.6 when you create an account with us;

2.1.7 when you interact with us via our social media page(s) or follow, like or are a fan of our social media page(s);

2.1.8 from publicly available sources such as directories;

2.1.9 from an analysis of the way you use and manage your account(s) with us (if any), from the transactions you make and from the payments which are made to or from your account(s);

2.1.10 when you request that we contact you or request that you be included in an email or other mailing list;

2.1.11 when you respond to our promotions, initiatives or to any request for additional Personal Data;

2.1.12 when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;

2.1.13 when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend our events;

2.1.14 when you are contacted by, and respond to, our marketing representatives and customer service officers;

2.1.15 when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or

2.1.16 when you submit your Personal Data to us for any other reasons.

2.2 when you submit your Personal Data to us for any other reasons.

2.3 If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.

2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested, or delays in providing you with products and services you have requested, or processing your applications.

2.5 We will never knowingly collect or solicit Personal Data from individuals under the age of eighteen (18) without first obtaining verifiable parental or legal guardian’s consent. If you are under the age of 18 you should not provide information to us. If we become aware that a person under 18 has provided Personal Data to us without verifiable parental or legal guardian’s consent (as may be the case where the information is provided via our website), we will remove such Personal Data from our records.


3) Purposes for the Collection, Use and Disclosure of Your Personal Data

3.1 Generally, Avisena Group collects, uses and discloses your Personal Data for the following purposes:

3.1.1 performing our obligations in respect of any contract entered into with you and/or to providing you with and delivering to you any service which you have requested;

3.1.2 processing, managing or verifying your application for registration with us and providing you the benefits offered to users;

3.1.3 validating your requests, purchases and bookings as well as processing payments relating to any product or services you have requested;

3.1.4 processing exchanges or product returns;

3.1.5 responding to, processing and handling your queries, feedback, complaints and requests;

3.1.6 verifying your identity;

3.1.7 managing and planning the administrative and business operations of Avisena Group and complying with internal policies and procedures including for auditing, data analysis and database records;

3.1.8 facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);

3.1.9 requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;

3.1.10 sending you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings etc;

3.1.11 sending you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings etc;

3.1.12 preventing, detecting and investigating crime and analysing and managing commercial risks;

3.1.13 managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);

3.1.14 monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;

3.1.15 in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;

3.1.16 conducting any form of investigations including but not related to those relating to disputes, complaints, billing, fraud, offences, prosecutions etc;

3.1.17 meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on Avisena Group (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations); 

3.1.18 marketing promotions of our facilities, services, doctors, packages, promotion, etc;

3.1.19 providing third parties with aggregate information about our website or mobile application users and the usage patterns; and/or

3.1.20 purposes which are related to the aforesaid.

3.2 In addition, Avisena Group collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

3.2.1 If you are a prospective, current or former patient or customer of Avisena Group:

      1. providing customer service and support (including but not limited to customer relationship management, processing your admissions, processing and settlement of bills, facilitating, arranging and providing reminders of your appointments, medical examinations, screenings or checkups, applying for visas on your behalf, contacting you regarding medical reports and results, providing follow-up calls, providing you with administrative support, and administering insurance coverage and processing insurance claims);
      2. administering and processing your requests including creating and maintaining profiles of our customers in our system database for administrative purposes (including tracking your attendance at various Avisena Group facilities);
      3. personalising your experience at Avisena Group’s touchpoints and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our service offerings;
      4. administering medical care (including keeping patient case and procedure records, providing medication, ordering medical tests, reports and biological samples, and facilitating internet-based telehealthcare services and correspondence with doctors and/or other healthcare providers);
      5. liaising with third party specialist doctors, clinics, hospitals and/or medical institutions in relation to your medical care (including by providing them with access to your medical records);
      6. if you use our mobile applications, including SMS or online registration, including email and payments systems, displaying your medical data, sending you health-related notifications, and facilitating the provision of our services to you;
      7. administering debt recovery and debt management; and/or
      8. purposes which are related to the aforesaid.

3.2.2 If you are a nominated caregiver or next-of-kin of a patient or customer of Avisena Group:

      1. informing you of the patient’s medical status and whereabouts; and/or
      2. purposes which are related to the aforesaid.

3.2.3 If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by Avisena Group:

      1. assessing your organisation’s suitability as an external service provider or vendor for Avisena Group;
      2. managing project tenders and quotations, processing orders or managing the supply of goods and services;
      3. creating and maintaining profiles of our service providers and vendors in our system database;
      4. processing and payment of vendor invoices and bills;
      5. facilities management (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
      6. purposes which are related to the aforesaid.

3.2.4 If you apply to us as a candidate for employment or internships:

      1. conducting interviews;
      2. processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
      3. obtaining references and for background screening;
      4. assessing your suitability for the position applied for;
      5. enrolling successful candidates as our employees and facilitating the Human Capital and Talent Management Department (including but not limited to preparing letters of employment, name cards and building access passes); and/or
      6. purposes which are related to the aforesaid.

3.2.5 If you are an existing employee of Avisena Group:

      1. providing remuneration, reviewing salaries and bonuses, conducting salary benchmarking reviews, staff appraisals and evaluation, as well as recognising individuals for their services and conferring awards;
      2. staff orientation and entry processing;
      3. administrative and support processes relating to your employment, including its management and termination, as well as staff benefits, including travel, manpower, business continuity and/or support, processing expense claims, medical insurance applications, medical screenings, leave administration, long-term incentive plans, training, learning and talent development, and planning and organising corporate events;
      4. providing you with tools and/or facilities to enable or facilitate the performance of your duties;
      5. facilitating professional accreditation and complying with compliance audits;
      6. compiling and publishing internal directories and emergency contact lists for business continuity;
      7. managing corporate social responsibility projects;
      8. conducting analytics and research for human resource planning and management, and for us to review, develop, optimise and improve work-related practices, environment and productivity;
      9. ensuring that the administrative and business operations of Avisena Group function in a secure, efficient and effective manner (including but not limited to examining or monitoring any computer software and/or hardware installed within Avisena Group, your work emails and personal digital and storage devices);
      10. compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks or surveillance and investigation);
      11. administering cessation processes; and/or
      12. any other purposes relating to any of the above.

3.2.6 If you are a specialist doctor at Avisena Group:

      1. facilitating professional accreditation and complying with compliance audits;
      2. facilitating disbursements of fees collected on your behalf;
      3. managing and providing you with tools, services and/or facilities to enable or facilitate the performance of your duties;
      4. planning and organising events for specialists;
      5. creating and maintaining profiles of our accredited doctors in our system database;
      6. facilities management (including but not limited to issuing visitor access passes and facilitating security clearance); and/or
      7. any other purposes relating to any of the above.

3.3 Furthermore, where permitted under the Act, Avisena Group may also collect, use and disclose your Personal Data for the following “Additional Purposes”:

3.3.1 taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles and publicity materials;

3.3.2 providing or marketing services and benefits to you, including promotions, service upgrades, loyalty, reward and/or membership programmes;

3.3.3 organising roadshows, tours, campaigns (including health talks, health check or vaccination campaigns) and promotional or events and administering contests and competitions;

3.3.4 matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services;

3.3.5 sending you details of services, clinic updates, health-related information and rewards, either to our customers generally, or which we have identified may be of interest to you;

3.3.6 conducting market research, aggregating and analysing customer profiles and data to determine health-related patterns and trends, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you other products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile; and/or

3.3.7 purposes which are related to the aforesaid.

3.4 If you have provided us with your telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, Avisena Group may contact you using such telephone number(s) (including via voice calls, text, social media application, fax or other means) with information about our products and services.

3.5 In relation to particular services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

3.6 You have a choice to withdraw your consent for receiving marketing or promotional materials/communication. You may contact us using the contact details found below.

3.7 Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 21 calendar days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time.

3.8 Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the services that you have requested or purchased from Avisena Group.


4) Disclosure of Personal Data

4.1 Avisena Group will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:

4.1.1 amongst the Avisena Group members and affiliates (including their staff and medical practitioners);

4.1.2 amongst the Avisena Group members and affiliates (including their staff and medical practitioners);

4.1.3 companies providing services relating to insurance to Avisena Group;

4.1.4 agents, contractors, sub-contractors or third party service providers who provide operational services to Avisena Group, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, call centre, security, or other services to Avisena Group;

4.1.5 vendors, agents or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;

4.1.6 our corporate clients;

4.1.7 any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale);

4.1.8 external banks, credit card companies, other financial institutions and their respective service providers;

4.1.9 our professional advisers such as consultants, auditors and lawyers;

4.1.10 relevant government ministries, regulators, statutory boards, accreditation bodies or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority (including the Ministry of Health); and/or

4.1.11 any other party to whom you authorise us to disclose your Personal Data to.

4.2 In addition to 4.1 above and if you are a user of our mobile application, your Personal Data may be disclosed to the healthcare professionals who responds to your request on the mobile application. The healthcare professionals may contact you via telephone prior to being dispatched to your location, to ensure that that they are equipped to handle your medical case. The healthcare professionals’ treatment of your information is subject to the healthcare professionals and healthcare professional’s own policies and procedures. Any medical information that we collect from you will be kept private and secure, as required by law.


5) Security of Personal Data

5.1 Avisena Group protects Personal Data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information, regardless of the format in which it is held.

5.2 We use various methods to safeguard Personal Data, including physical measures, technical tools and organisational controls.

5.3 Online security is also a priority. Avisena Group incorporates security measures such as encryption and authentication tools to protect your Personal Data from unauthorized use. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.

5.4 While Avisena Group cannot guarantee that loss, misuse or alteration of data will not occur; Avisena Group makes reasonable efforts to prevent such unfortunate occurrences.

5.5 You must remember to exit the browser window after use to disable any unauthorized party access. It is your responsibility at any time, not to divulge your personal user ID and password to any third party.


6) Retention of Personal Data

6.1 Avisena Group retains such Personal Data as may be required for business or legal purposes, and such purposes do vary according to the circumstances.

6.2 Whilst Avisena Group will securely dispose of or anonymise Personal Data which it can reasonably determine is no longer needed and does not generally hold on to Personal Data “just in case”, it is in the interests of any caregiver or person treating the patient to be able to refer to a complete set of medical records to avoid risks to health and safety of the patient.

6.3 As such that, with respect to the medical records of patients, unless specific contrary instructions from the patient are received, Avisena Group may (but is not obliged to) retain such medical records for as long as Avisena Group may be potentially consulted for further follow up by (or on behalf of) the patient even where such consultation may not occur until after a substantial period of time or there is no current or present indication that the patient may well return for further consultation or follow up.


7) Use of Cookies, Web Beacons, and Similar Technologies on the website

7.1 When you visit or interact with our sites, services, we or our authorized service providers may use cookies, web beacons, and other similar technologies for collecting and storing information to help provide you with a better, faster, and safer web experience.

7.2 The information collected by us or our authorised service providers may recognise a visitor as a unique user and may collect information such as how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

7.3 The use of cookies, web beacons and similar technologies by us on our website have different functions. They are either necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our sites.

7.3.1 Cookies – A cookie may be used in the processing of your information. A cookie is a text file placed into the memory of your computer and/or device by our computers. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. We use cookies to identify you. We may also collect the following information during your visit to our website and/or the fully qualified domain name from which your accessed our site, or alternatively, your IP address:

      1. The date and time you accessed each page on our website;
      2. The URL of any webpage from which you accessed our site (the referrer); and
      3. The web browser that you are using and the pages you accessed. Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc.).

7.3.2 Web beacons – Small graphic images (also known as “pixel tags” or “clear GIFs”) may be included on our sites and services. Web beacons typically work in conjunction with cookies to profile each unique user and user behaviour.

7.3.3 Similar technologies – Technologies that store information in your browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers.

7.3.4 We may use the terms “cookies” or “similar technologies” interchangeably in our policies to refer to all technologies that we may use to collect or store information in your browser or device or that collect information or assist in identifying you as a unique user in the manner described above.

7.4 We offer certain site features and services that are available only through the use of these technologies. You are always free to block, delete, or disable these technologies if your browser so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain site features or services tools. For more information on how you can block, delete, or disable these technologies, please review your browser settings.


8) Mobile Device Information

8.1 Your use of our mobile application may also include collection of information from your mobile device. For example, the mobile application may request your permission to collect location data and/or may request access to multimedia (photos or videos) stored on your mobile device. Location data is not required for participation in activities through the mobile application, and you have the option of declining collection of geolocation data. If you do not wish for your location data to be shared with us, please respond accordingly when prompted on your mobile device, or visit your mobile device settings. Multimedia will only be collected from your device if you affirmatively select it to upload to the mobile application (i.e. you choose an image or video to store within the mobile application). Multimedia will not be shared with other mobile application users (with the exception of your profile photo, which will appear in your user profile).

8.2 We may use mobile application tracking and/or analytics services. These services may record unique mobile gestures such as tap, double-tap, zoom, pinch, scroll, swipe and tilt but do not collect personally identifiable information that you do not voluntarily enter in the mobile application. These services do not track your browsing habits across mobile applications that do not use the same services. We are using the information collected by these services to understand user behaviour and optimize site performance.


9) Third-Party Sites

9.1 Our website may contain links to other websites operated by third parties, including for example our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage you to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trade mark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.


10) Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data

10.1 Avisena Group has procedures in place in order to receive and respond to enquiries about our policies and practices relating to its handling of Personal Data. Any complaint or enquiry should be made in writing and addressed as shown below. If there are any questions or concerns regarding this Privacy Policy or the data collection practices outlined herein, please contact us as via email or registered mail to our Customer Support.

10.2 You are reminded not to send via unencrypted means (such as email) sensitive information such as passwords, credit card information etc.

10.3 Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner or your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to Avisena Group on your behalf.

10.4 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Avisena Group may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with Avisena Group, and your being in breach of your contractual obligations or undertakings. Avisena Group’s legal rights and remedies in such event are expressly reserved.

10.5 This Privacy Policy shall be governed in all respects by the laws of Malaysia.