Privacy Data Protection Act (PDPA) Policy for We Care Sdn Bhd

1. Introduction
This Privacy Data Protection Act (PDPA) Policy outlines how our We Care Sdn Bhd collects, uses, discloses, and protects personal data of patients and employees in accordance with the PDPA and other relevant laws. We are committed to safeguarding the privacy
and confidentiality of personal data entrusted to us.

2. Collection of Personal Data
For Patients:
We collect personal data directly from patients or their guardians for the purpose of providing medical services and managing their healthcare needs.
Personal data collected may include name, contact details, identification number, medical history, health insurance information, and financial information for billing purposes.
For Employees:
We collect personal data directly from employees for employment-related purposes, including recruitment, payroll, benefits administration, and compliance with employment laws. Personal data collected may include name, contact details, identification number, employment
history, qualifications, bank account information, and performance evaluations.
3. Use and Disclosure of Personal Data
For Patients:
Personal data collected from patients will be used for the provision of medical care and treatment, billing and administrative purposes, communication regarding healthcare, compliance with legal and regulatory requirements, and conducting research for healthcare improvement (anonymized data only). Personal data may be disclosed to healthcare professionals involved in patient care, third-party service providers for clinic operations, and regulatory authorities when required by law.
For Employees:
Personal data collected from employees will be used for employment-related purposes, including recruitment, payroll processing, benefits administration, performance management, and compliance with employment laws. Personal data may be disclosed to relevant personnel within the clinic for administrative and HR purposes, as well as to regulatory authorities when required by law.
4. Protection of Personal Data
We have implemented appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction. Access to personal data is restricted to authorized personnel only, and employees are trained on data protection policies and procedures.
5. Retention of Personal Data
Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, including legal and regulatory requirements. Once personal data is no longer required, it will be securely disposed of in accordance with
established procedures.
6. Access and Correction of Personal Data
Patients and employees have the right to request access to and correction of their personal data held by the clinic. Requests should be made in writing to the clinic’s Data Protection Officer and will be processed in accordance with the PDPA.
7. Consent
By engaging our services or entering into employment with the clinic, patients and employees consent to the collection, use, and disclosure of their personal data for the purposes outlined in this policy.
8. Updates to Policy
This PDPA Policy may be updated from time to time to reflect changes in legal or regulatory requirements or clinic operations. Patients and employees will be notified of any material changes to the policy