Privacy Policy

Version 1.0 – 2 May 2019

One of our key values is the protection and safety of your data.  We value your privacy and this policy defines how we go about ensuring the safety of your data when you’re using our service.


1. Purpose & Scope

The purpose of this document is to define the Privacy Policy for NewWave Health Sdn Bhd (“NWH”, “our”, “us” or “we”), which respects the privacy of individuals with regard to personal data and NWH is committed to protecting the privacy of our users/subscribers/customers (collectively, “Users”), and strive to provide a safe and secure user experience

This Privacy Policy is formulated in accordance with the Personal Data Protection Act 2010 (“Act”) of Malaysia, which describes how your information (“Personal Data”) is collected and used and your choices with respect to your Personal Data.

2. NWH General Privacy Policy

We are committed to keeping your information safe and promise not to share it with anyone else without your express permission.

This document is a description of the way NWH holds and processes personal information.

If we are acting as a processor or sub processor (i.e. we do not have a contract with you directly) you will also need to check the privacy policy of the controller (the body that you have a contract with).

2.1 Your Privacy

This privacy policy sets out how NWH uses and protects any information that you give NWH when you use the products, services, applications or web sites (the “Services”) provided by NWH. We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using the Services, you can be assured that it will only be used in accordance with this privacy statement. NWH may change this policy from time to time by updating this policy. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 1st May 2019 and will be reviewed at least annually.

2.2. Security

We are committed to ensuring that Customer and User information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

A username and password may be essential for you to use some sections of the Website/portal. For your own protection, we require you to keep these confidential and to change your password regularly.

2.3 Reasons and Purposes for Processing Information

We process personal information to enable us to provide Services in which we design, test, demonstrate and provide/licence software (in particular mobile apps, web sites, web applications and mobile web site); promote our services; maintain our accounts and records and to manage our staff.

2.4. Type & Classes of Information Processed

We process information relevant to the above reasons and purposes. This may include:

  • Personal details (name, age, gender, identity card number or passport number, etc);
  • Contact details (home and office address, email address, telephone and handphone number, facsimile number, etc);
  • Social media details (Facebook, Twitter, Instagram, LinkedIn, etc);
  • Medical related details (medical report no. (MRN), medical report, diagnosis, personal health information, insurance details, etc) and medical appointment details (doctors, dentists and/or healthcare providers visited, reasons for visit, dates of visit, appointment history, cost of consultation, etc);
  • Other relevant information which we may require from you to consider your request and/or participation in any of our products and/or services; and
  • Information from third parties and information in the public domain (government departments or agencies, public registries, credit reporting agencies, websites, publications, etc).

2.5. Who the Information is Processed About

We process personal information about our clients, employees, suppliers and individuals, including end users, necessary for operation of our services.

2.6. Who We Share Information With

We never sell any personal information to any organization. We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the current data privacy legislation, What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Your personal data may be used and processed for one or more of the following purposes:

  • To attend to the relevant transaction or perform any contract which you or your employer or principal may have entered with us
  • To prepare any documentation relevant to the abovementioned transaction or contract
  • To contact you
  • To identify your location
  • To enable us to customize our advertising
  • To market and promote products and/or services
  • To provide you with information about our products and/or services
  • To send you electronic announcements and newsletters
  • For our internal records
  • For research, analysis and improvement
  • For internal investigations, audit or security purposes
  • For compliance with legal and regulatory obligations
  • To perform our core operational services
  • To administer and respond to request, queries, complaints and legal issues

Your personal data is collected from various sources, including information from yourself, third parties and the public domain. Your personal data is also collected:

  • Through your usage of our services and/or its interactive tools and services;
  • From certain applications and software made available by us, whether in the form of mobile application or otherwise, which you download and install, and which may receive and collect information transmitted from your computing device for the purpose of providing you with our products and/or services; and
  • Through cookies on our website, website analytics services and other tracking technology.

Where necessary or required, we may share information with the following parties

  • Healthcare professional (as defined in the PDPA)
  • Johor Corporation and its related companies (as defined under Companies Act 2016)
  • Government agencies, local authorities, non-government agencies
  • Service providers, business partners, vendors and contractors engaged by us
  • Legal firms
  • Auditors
  • Training providers
  • Family and next of kin
  • Such parties as may be required by law, court, regulator or legal process to disclose
  • Such parties as may be permitted under the laws of Malaysia
  • Any other person which we may deem necessary

2.7. Cookies and Links to Other Websites

This section of our Privacy Policy applies only to customers using our web sites and mobile web sites.

2.7.1. How we use cookies.

A cookie is a small file, which asks permission to be placed on your computer’s hard drive.

Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

This may prevent you from taking full advantage of the website.

2.7.2. Links to other web-sites

Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.

2.8. Controlling Personal Data

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email protected].

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties, which we think you may find interesting if you tell us that you wish this to happen.

You have the right to request access to and request correction of your personal data, subject to payment of the fees prescribed in the First Schedule (Regulation 2) of Personal Data Protection (Fees) Regulations 2013. In accordance with the PDPA, we reserve the right to refuse to comply with your request for access or correction to your personal data for the reasons permitted under the law, in which case we will inform you of our refusal and the reason(s) thereto.

2.9. Process to request changes or deletions of personal details

If a user wishes to have their details amended or deleted from our SmartMed service, an email to [email protected] should be sent requesting their records are deleted or updated with the new details. This request should also state that they have told their clinician that they wish to have their request carried out. Following us actioning the request we will respond to the user accordingly confirming the action taken.