Get In Touch With Us
HDC Medical Sdn Bhd (Company Registration No. 200701005197 (763196-P)) (“HDC Medical“, “we“, “us” or “our“) is committed to protecting the personal data of our patients, website visitors and enquirers in accordance with the Personal Data Protection Act 2010 (“PDPA“) of Malaysia. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have.
By using our website at hdcmedical.com.my, booking an appointment, or otherwise providing your personal data to us (including via WhatsApp), you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
HDC Medical Sdn Bhd (SSM Registration No. 200701005197 (763196-P)) operates a health screening and blood test clinic at Level 3, Lotus Mutiara Damansara, 8, Jalan PJU 7/4, Mutiara Damansara, 47800 Petaling Jaya, Selangor, Malaysia. We are the data controller responsible for the personal data described in this policy.
2. Personal Data We Collect
Depending on how you interact with us, we may collect:
- Contact and identification data – name, phone number, email address, and, where relevant, NRIC/passport number, date of birth and gender.
- Appointment and enquiry data – details you share with us when booking an appointment or making an enquiry, including via WhatsApp, phone, email or our website.
- Health and medical data – test results, medical history, medications, allergies, and other health information you or your healthcare provider share with us in connection with a screening or blood test package. This is “sensitive personal data” under the PDPA and is handled with additional care as described in Section 3.
- Billing information – details necessary to process payment for our services.
- Technical data – standard website usage information such as IP address, browser type and pages visited, collected automatically when you visit our website (see Section 8 on Cookies).
3. Sensitive Personal Data and Consent
Health and medical information is sensitive personal data under the PDPA. We only collect and process this information with your explicit consent, given when you book a screening or blood test package with us, and we use it strictly for the purposes described in Section 4. You may withdraw your consent at any time by contacting us using the details in Section 10, though this may affect our ability to provide screening services, review results, or maintain your medical records as required by law.
4. How We Use Your Personal Data
We use your personal data to:
- Schedule, confirm and manage your appointments;
- Carry out the health screening, blood test or related service you have requested;
- Prepare, review and explain your results with you, including through our healthcare team and dietitians;
- Communicate with you about your appointment, results or enquiries, including via WhatsApp, phone, SMS or email;
- Process payment for our services;
- Maintain medical and administrative records as required by applicable healthcare regulations;
- Improve our services and website; and
- Comply with our legal and regulatory obligations.
We do not use your health information for marketing purposes without your separate, explicit consent, and you may opt out of any non-essential communications at any time.
5. Disclosure of Personal Data
We do not sell your personal data. We may share personal data, on a need-to-know basis, with:
- Accredited laboratories and healthcare partners involved in processing your test samples and results;
- Our staff, medical team and dietitians directly involved in your care;
- Service providers who support our operations, such as appointment messaging (e.g. WhatsApp/Meta), website hosting, and payment processing, who are only permitted to use your data to provide services to us;
- Regulators, healthcare authorities or law enforcement, where required by Malaysian law; and
- A successor entity in the event of a merger, acquisition or restructuring of HDC Medical, subject to equivalent confidentiality protections.
Some of the service providers above (for example, messaging and analytics platforms) may process data on servers located outside Malaysia. Where this occurs, we take reasonable steps to ensure your personal data continues to receive a standard of protection comparable to that required under the PDPA.
6. Data Retention
We retain personal data, including medical records, for as long as necessary to fulfil the purposes described in this policy and to comply with our legal, medical record-keeping and regulatory obligations. When personal data is no longer required, we securely delete or anonymise it.
7. Data Security
We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. Access to health and medical records is restricted to authorised personnel involved in your care.
8. Cookies and Website Analytics
Our website may use cookies and similar technologies to remember your preferences and understand how visitors use our website. You can control or disable cookies through your browser settings; doing so may affect how parts of our website function.
9. Your Rights Under the PDPA
Subject to the PDPA, you have the right to:
- Request access to the personal data we hold about you;
- Request correction of inaccurate or incomplete personal data;
- Withdraw your consent to the processing of your personal data;
- Request that we limit the processing or disclosure of your personal data; and
- Lodge a complaint with the Personal Data Protection Department of Malaysia if you believe your personal data has been mishandled.
To exercise any of these rights, please contact us using the details in Section 10. We may need to verify your identity before acting on your request.
10. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights under the PDPA, please contact us:
HDC Medical Sdn Bhd (200701005197 (763196-P))
Level 3, Lotus Mutiara Damansara, 8, Jalan PJU 7/4, Mutiara Damansara, 47800 Petaling Jaya, Selangor, Malaysia
Phone / WhatsApp: +60 11-2626 1586
Email: [email protected]
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised effective date.
Effective date: 4 July 2026.