Effective: February 1st, 2023
Welcome to Qmed Asia. We are a leading healthcare technology company that specializes in advanced digital health solutions. Our commitment to protecting your privacy is paramount, and this policy serves as a testament to that commitment.
Purpose of the Policy
Scope of Application
This policy applies to all interactions with Qmed Asia's services, including but not limited to our website, mobile applications, patient portal, teleconsultation, remote patient monitoring, and AI-driven healthcare solutions. It covers information gathered through various channels, including direct submissions, automatic data collection, third-party integrations, and other platforms.
We are dedicated to complying with the legal requirements specific to the jurisdictions in which we operate. It is essential that you read and understand this policy, as your acceptance of these terms is a condition of using our services. If you have any questions or concerns about this policy, we urge you to contact us directly.
As a healthcare technology company founded by medical professionals, we adhere to a high standard of ethics in handling personal and sensitive information. We ensure that our practices align with the core values of integrity, responsibility, transparency, and patient-centricity. Our commitment extends to continuous improvement in privacy and data protection, ensuring alignment with industry best practices and legal requirements.
Acceptance of the Policy
2.0 Scope and Applicability
Users and Data Subjects
The policy applies to all users and data subjects, including patients, healthcare providers, visitors, vendors, contractors, and other stakeholders who interact with our services or provide personal information to us. The term "you" in this policy refers to all individuals whose information we collect and process.
The scope includes all digital platforms operated by Qmed Asia, such as our website, mobile applications, self-registration kiosks, teleconsultation portals, and integrations with third-party App. Any engagement with these platforms falls under the purview of this policy.
This policy also extends to our interactions with third-party vendors, partners, and affiliates who may collect or process personal information on our behalf. We ensure that these entities adhere to the same stringent privacy standards as set forth in this policy.
Limitations and Exclusions
While this policy broadly covers our privacy practices, there may be specific situations, services, or products for which separate or supplementary privacy notices are provided. Such notices will be explicitly communicated to you.
Please note that this policy does not apply to third-party websites or services that may be linked from our platforms. We have no control over the privacy practices of these third parties and encourage you to review their respective privacy policies.
This policy also does not govern the practices of entities not owned, controlled, or managed by Qmed Asia, including independent healthcare providers using our solutions.
Updates and Amendments
Qmed Asia reserves the right to update or amend this policy at its discretion. Any substantial changes will be communicated to you, and your continued use of our services following such updates signifies acceptance of the modified policy.
While Qmed Asia operates globally, this policy is crafted with particular regard to the legal and regulatory requirements of Malaysia. We adhere to applicable laws and regulations in other jurisdictions as well, tailoring our practices to meet specific regional needs.
Personal Data refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, names, identification numbers, contact information, medical records, and any other information that can be directly or indirectly linked to a specific individual.
Processing encompasses any operation performed on personal data, whether automated or manual. It includes collecting, recording, organizing, structuring, storing, altering, retrieving, consulting, using, disclosing, transmitting, or erasing personal information.
A Data Subject is any individual whose personal data is processed by Qmed Asia. This term includes patients, healthcare providers, employees, partners, visitors, and other stakeholders.
The Data Controller is the entity responsible for determining the purposes and means of processing personal data. In the context of this policy, Qmed Asia is the Data Controller for all personal data collected through our services.
A Data Processor is an entity that processes personal data on behalf of the Data Controller. This may include third-party service providers, vendors, and partners who handle personal information under the direction of Qmed Asia.
Consent refers to the clear, informed, and voluntary agreement by a Data Subject to the processing of their personal data. It must be freely given, specific, informed, and unambiguous.
A Third-Party refers to any entity other than the Data Subject, Data Controller, or Data Processor. This includes vendors, affiliates, partners, or other external organizations interacting with Qmed Asia.
Sensitive Personal Data
Sensitive Personal Data includes information that reveals racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health or sex life, or sexual orientation. Such data requires special protection and consent for processing.
A Breach refers to any unauthorized access, disclosure, alteration, destruction, or loss of personal data, whether accidental or intentional, that compromises the integrity, confidentiality, or availability of the data.
Cookies are small text files stored on a user's device when visiting a website. They are used to track user activity and preferences to enhance user experience.
4.0 Information We Collect
Qmed Asia collects various types of personal data to provide, enhance, and personalize our healthcare solutions. This information helps us to understand your needs, comply with legal obligations, and foster a seamless user experience.
Types of Data Collected
4.2.1 Identifiable Information
This category includes data that can directly identify an individual, such as name, identification number, address, phone number, email address, and user credentials. We may collect this information through various channels, including registration forms, account creation, and direct communication.
4.2.2 Health Information
Health Information encompasses appointment bookings, vital signs, medical records, medications, and other health-related details. We obtain this information through our medical devices integration solutions, teleconsultation services, patient portal, and other related platforms.
4.2.3 Financial Information
We may collect financial data, such as credit card numbers, bank details, and billing information, for payment processing and other financial transactions within our services.
4.2.4 Technical Information
Technical information includes IP addresses, device types, browser types, operating system, access times, referring URLs, and other similar data. We gather this information to analyze user behavior, optimize performance, and enhance security.
4.2.5 Cookies and Similar Technologies
4.2.6 Information from Third Parties
We may obtain information from third-party sources, including healthcare providers, government entities, partners, and other organizations that align with our services. This may include demographic data, health records, or other information relevant to our offerings.
Purpose of Collection
We collect personal data to facilitate and improve our services, conduct research and development, comply with legal and regulatory requirements, engage in marketing and communication, manage customer relationships, and ensure the overall security and integrity of our platforms.
Consent and Choice
Your consent plays a central role in our data collection practices. We seek explicit consent where required and provide options for you to opt-out or manage preferences. You may withdraw your consent at any time, subject to legal or contractual obligations.
Qmed Asia does not knowingly collect personal information from children under the age of 13 without parental consent. If we discover that we have collected such information, we will take appropriate steps to delete it.
5.0 Purpose of Processing
Provision of Services
Qmed Asia processes personal data to deliver, maintain, and enhance our suite of healthcare technology solutions, including patient journey solutions, medical devices integration, and AI-powered healthcare assistance. This processing is essential to facilitate online appointments, teleconsultations, patient monitoring, and other services that constitute the core functionalities of our offerings.
Compliance with Legal and Regulatory Obligations
We are committed to adhering to legal and regulatory requirements in all jurisdictions where we operate. Processing of personal data may be necessary to comply with laws, regulations, court orders, or other legal obligations. This includes our cooperation with the Ministry of Health and the Ministry of Science, Technology & Innovation in Malaysia, as well as compliance with the Personal Data Protection Act.
Research and Development
We may use personal data for research, analysis, and development purposes. This enables us to innovate, enhance, and personalize our products, identify trends, and create new features that align with the needs and expectations of healthcare providers and patients. Anonymization or pseudonymization techniques may be employed to ensure privacy.
Marketing and Communication
Processing of personal data may be undertaken for marketing, advertising, and communication objectives. This includes informing users about new services, updates, promotions, events, and other relevant information. Data subjects have the option to opt-out of such communications at any time.
Security and Fraud Prevention
We process personal data to safeguard the integrity, availability, and confidentiality of our platforms. This includes implementing measures to prevent unauthorized access, detect fraudulent activities, protect against malware, and ensure the overall security of the personal data we handle.
Customer Support and Relationship Management
We process personal information to provide customer support, handle inquiries, resolve issues, gather feedback, and foster a responsive and collaborative relationship with our users, clients, and partners.
In some cases, we may process personal data based on explicit consent from data subjects for specific purposes not covered above. This consent can be withdrawn at any time, in accordance with our procedures and applicable laws.
Qmed Asia recognizes the importance of consent in personal data processing and commits to obtaining clear, informed, and unambiguous consent from data subjects. This includes providing detailed information about what data is collected, how it's used, and why it's necessary. Consent is sought through transparent mechanisms like checkboxes, consent forms, and explicit agreements. We ensure that consent is freely given, specific to the intended purpose, and easy to withdraw at any given time.
Managing and Withdrawing Consent
Data subjects have the right to manage or withdraw their consent at any stage. We provide accessible options to change preferences, opt-out of specific data processing activities, or entirely withdraw consent. Withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.
7.0 Disclosure of Personal Information
To Whom We Disclose
Qmed Asia may disclose personal information to various parties, including but not limited to, healthcare providers, governmental authorities, legal entities, subcontractors, third-party vendors, and partners. This disclosure is aligned with the defined purposes and adheres to applicable laws and regulations. Disclosures to third parties are carefully assessed to ensure compliance with our privacy standards and legal obligations.
Third-Party Compliance Guidelines
When disclosing information to third parties, we follow stringent third-party compliance guidelines that stipulate the requirements and obligations to safeguard personal data. This includes formal agreements, monitoring, audits, and necessary legal protections.
If personal data is transferred outside the jurisdictions where we operate, we ensure that adequate safeguards, legal frameworks, and contractual obligations are in place to protect the data in accordance with applicable laws.
8.0 Security Measures
Overview of Security Measures
Qmed Asia implements robust and comprehensive security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include physical security, access controls, encryption, secure communication protocols, firewalls, anti-malware software, regular security assessments, and employee training.
In the event of a security incident or data breach, we have established a detailed Incident Response Plan to promptly identify, contain, investigate, and rectify the situation. We comply with all legal notification requirements, ensuring timely communication with affected individuals and regulatory authorities.
Our security measures are subject to continuous improvement through regular audits, assessments, and updates to align with evolving threats, technological advancements, and regulatory changes.
9.0 Your Rights
Right to Access
Data subjects have the right to request access to the personal data that Qmed Asia holds about them. This includes information on how the data is processed, the purpose of processing, and with whom it may have been shared.
Right to Rectification
Individuals have the right to correct any inaccurate or incomplete personal data. Qmed Asia will take prompt action to rectify the information upon request.
Right to Erasure ('Right to be Forgotten')
Data subjects may request the deletion of personal data, where applicable, under certain conditions. This includes when the data is no longer necessary for the original purpose or when consent has been withdrawn.
Right to Restriction of Processing
Individuals have the right to request a restriction on the processing of their personal data under specific circumstances, such as when the accuracy of data is contested.
Right to Data Portability
Data subjects may request the transfer of their personal data to another service provider in a machine-readable format, where applicable.
Right to Object
Individuals have the right to object to the processing of personal data for specific purposes, including direct marketing.
Right to Complain
Data subjects have the right to lodge a complaint with the relevant supervisory authority if they believe that their privacy rights have been violated.
10.0 Third-Party Links
Qmed Asia's platforms may contain links to third-party websites, products, or services. These links are provided for convenience, and their inclusion does not imply endorsement or responsibility for the content, privacy policies, or practices of the linked sites. We encourage individuals to review the privacy policies of third-party sites before providing personal information, as we do not have control over their data handling practices.
11.0 International Transfers
Qmed Asia may transfer personal data across international borders to facilitate our global operations and collaborations. We are committed to ensuring that such transfers comply with applicable legal requirements, including the Personal Data Protection Act in Malaysia. International transfers are conducted with adequate safeguards, such as standard contractual clauses, binding corporate rules, and adherence to recognized data protection frameworks.
Data Subject Protections
We take great care to ensure that international transfers do not undermine the privacy rights of data subjects. Transparent mechanisms are in place to inform individuals about the countries to which their data may be transferred and the measures taken to protect their information.
12.0 Children's Privacy
Protection of Children's Data
Qmed Asia recognizes the importance of protecting the privacy of children. Our products and services are not intentionally designed for or directed at children under the age of 18, or as defined by applicable laws. We do not knowingly collect, use, or disclose personal information from children without verifiable parental consent or as permitted by law.
Procedures for Parental Consent
If we become aware that we have collected personal information from a child without proper consent, we will take steps to obtain parental consent or promptly delete the information. Parents or guardians may contact us to review, modify, or delete any personal information we may have collected from their children.
13.0 Data Retention
Qmed Asia retains personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. Retention periods are defined in line with legal obligations, business needs, and industry standards.
Upon the conclusion of the retention period, personal data is securely deleted or anonymized. We follow strict procedures for data destruction, ensuring that the information is rendered irretrievable and that the process is compliant with legal and ethical guidelines.
Records of Retention and Destruction
Qmed Asia maintains detailed records of data retention and destruction, documenting the lifecycle of personal information within our systems. This contributes to transparency, accountability, and compliance with privacy governance.
14.0 Changes to this Policy
Periodic Review and Updates
Notification of Changes
15.0 Legal Jurisdiction and Compliance
Regulatory Oversight and Cooperation
Qmed Asia actively cooperates with regulatory authorities and is committed to resolving any privacy-related concerns or complaints in a timely and effective manner. Our compliance efforts are subject to oversight by competent authorities, ensuring adherence to legal and ethical standards.
16.0 Contact Us
Response Time and Resolution
We strive to respond to all privacy-related inquiries within a reasonable timeframe, typically within 5 business days. Our goal is to address concerns promptly and to provide clear and satisfactory resolutions in line with our commitment to privacy excellence.