Privacy Notice

PERSONAL DATA PROTECTION ACT (PDPA) & SENSITIVE INFORMATION

This Privacy Policy explains how DiMS Solution Sdn Bhd (hereinafter: “DiMS”) collects, uses, and discloses personal data of medical facilities and platform users (collectively hereinafter: “User or Users”) using the dims.my platform (hereinafter: the “Platform”). For the purpose of this policy, personal data means any information that relates to an identified or identifiable individual, even indirectly, by reference to any other information.

At DiMS Solution Sdn Bhd, we value your privacy and strive to protect your personal information in compliance with the laws of Malaysia. DiMS will only collect, use and monitor your organization information in accordance with such laws (including the Personal Data Protection Act 2010 ACT 709), this Privacy Notice and the privacy terms in your agreement(s) with DiMS entity may have contracted with.

This Privacy Notice explains:

• The type of personal information we collect and how we collect it
• How we use your personal information
• The parties that we disclose the personal information to
• The choices we offer, including how to access and update your personal information

Your privacy matters to us, so please take the time to get to know our practices and if you need further information, please contact our Customer Support line at [email protected].

For the purposes of this Privacy Notice, please note that:

• “DiMS” as defined in section 6 of the Companies Act 1965 and jointly controlled companies, providing medical related services and other regulated services, excluding companies, branches, offices and other forms of presence operating outside of Malaysia unless and to the extent otherwise stated.
• “Personal Information” refers to any information which relates directly or indirectly to you and/or your organization affiliated services with us. This information includes your board names, residing address, contact details, the details of your account(s), the type of product and/or services subscribed with Paxotec Sdn Bhd and such other necessary information regarding yourself, your organization and your transaction(s) with us. For the avoidance of doubt, please note that this Privacy Notice is applicable only if you are an individual and/or organization.
• “Sensitive Information” refers to any information which related directly or indirectly to you and/or your organization affiliated services with us. This information includes your organization, branches, and other forms of operating services which involve with clinical information regarding your patients. For the avoidance of doubt, please note that this sensitive information raised by using our management system strictly been use for management processes only.

1. What Kind Of Personal Information We Collect And How We Collect It

In order to enable us to deal with your inquiries, feedback, operate, system operational processing for your organization and/or to generally provide you with our products and services, we may need to and/or may be required to collect, record, hold, use, disclose and store (i.e. “process”) personal and sensitive information about your organization and patients, including but not limited to:

• Organization information to establish your identity and background;
• Personal information to establish your identity and background;
• Patients information to establish management processes, identity and background;

We may obtain this information from the Head Management and/or from a variety of sources, including but not limited to:

• Through your relationship with us, for example information provided by you in application forms, when using our products or services, when taking part in customer surveys and feedback as well as during data uploading proceedings;
• Through your verbal and written communications with us and/or our authorised representative (i.e. “Customer Support, Business Development Team, and Finance”);
• From an analysis of the way you use and manage your operational system with us, from the information processing techniques you make;
• From third parties connected with you, vendors, panels, regulators that subjected to your prior consent; and/or
• From such other sources in respect of which you have given your consent to disclose information relating to you and/or where not otherwise restricted.

2. How We Use Your Personal Information

Other than as stated above, we may use your personal information for one or more of the following purposes:

• To assess your organization new request and customization for our products and services;
• To verify your organization information through system monitoring;
• To manage and maintain your account(s) and facility(ies) with us;
• To better manage our business and your relationship with us;
• To better understand your current and future management processes needs and your current management situation;
• To provide you with information on our and third party products, services and offers which may be of interest to you;
• To improve our products and services and to develop new system management products and services;
• To notify you about benefits and changes to the features of products and services;
• To administer system and management processes;
• To respond to your enquiries and complaints and to generally resolve disputes;
• To update, consolidate and improve the accuracy of our records and system;
• To produce data, reports and statistics which have been anonymised or aggregated in manner that does not identify you as an individual;
• To meet the disclosure requirements of any law binding on DIMS;
• For audit, compliance and risk management purposes;
• To transfer or assign our rights, interest and obligations under any of your agreements with us;
• To protect or enforce our rights to recover any debt owing to us;
• To conduct anti-malpractice checks to comply with any sanction requirement; and/or
• For any other purpose that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.

Please be assured that we will ask for your consent before using your organization and/or personal information for a purpose other than those that are set out in this Privacy Notice and in the privacy terms in your agreement(s) with any DIMS related entities.

3. Disclosure Of Your Personal Or Organization Information

As a part of providing you with our products and services and the management and/or operation of the same, we may be required or need to disclose information about your and/or your organization and/or facilities with us to the following third parties:

• Companies and/or organizations that act as our agents, affiliates and/or professional advisers;
• Companies and/or organizations that assist us in processing and/or otherwise fulfilling transactions that you have requested;
• Companies and/or organizations that assist us in providing value added services that you have requested;
• Your advisers (including but not limited to accountants, auditors, lawyers, operational advisers, Quality Management System Operators or other professional advisers) where authorized by you or your organization.
• Any other person notified by you as authorized to give instructions or to use the system account(s)/ facility(ies) or products or services on your behalf;
• Any third party as a result of any restructuring of facilities or operational processes granted to you provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us;
• Any users that bears the responsibility of data input accuracy for the facility(ies) granted by us to you;
• Any person connected to the enforcement or preservation of any of our rights under your agreement(s) with us,

Subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to Paxotec Sdn Bhd (whether in or outside Malaysia). The afore-mentioned third parties may in some instances be located outside of Malaysia.

Additionally, the individual or entities within DIMS, our merchants and strategic partners may contact you about products, services and offers, which we believe may be of interest to you or benefit you financially. However, please note that we will only disclose your personal information (which will not include information relating to you and your patients affairs or accounts) to our merchants and strategic partners where your express prior consent has been obtained and subject at all times to any laws (including regulations, guidelines and/or obligations) applicable to DIMS (whether in or outside Malaysia).

You may tell us at any time if you do not wish to receive marketing communications from us, from individual entities within DIMS and/or from our merchants and strategic partners by notifying us at the address/telephone number/e-mail address given at the end of this Privacy Notice. Your latest written instructions to us will prevail. Please take note that certain communications such as statements of account and our websites contain standard information regarding our other products and services that cannot be removed without affecting the delivery/provision of our services and/or products, the operation of your account(s) and/or facility(ies) with us, and/or additional costs to you.

We will otherwise treat your personal information as private and confidential and will not disclose your information to anyone outside DIMS except:

• where you have given permission;
• where we are required or permitted to do so by law;
• where required or authorised by any order of court, tribunal or authority, whether governmental or quasi-governmental with jurisdiction over DIMS;
• where we may transfer rights and obligations pursuant to our agreement(s) with you; and/or
• where we are required to meet our obligations to any relevant regulatory authority (whether in or outside Malaysia).

4. Security Of Your Personal Information

Information is our asset and therefore DIMS places great importance on ensuring the security of your personal information. We regularly review and implement up-to-date technical and organisational security measures when processing your personal information.

Employees of DIMS are trained to handle the personal information securely and with utmost respect, failing which they may be subject to disciplinary action.

5. Retention Of Your Personal Information

DIMS will retain your personal information in compliance with this Privacy Notice and/or the terms and conditions of your agreement(s) with DIMS entities for the duration of your relationship with us, for such period as may be necessary to protect the interests of DIMS and/or its customers as may be deemed necessary, where otherwise required by the law and/or where required by Paxotec Sdn Bhd's relevant policies.

6. What If Personal Information Provided By You Is Incomplete Or Inaccurate?

Where indicated (for example in application forms or account opening forms), it is obligatory to provide your personal information to us to enable us to process your application for our products or services. Should you decline to provide such obligatory personal information, we may not be able to process your application/request or provide you with our products or services.

DiMS.my “Dialysis Management System” is an automated system which operates based on you and/or organization employee data insertion method. You and/or your organization will bear reliable for the accuracy of the data imposed in the system for the efficiency of your management processes. Should the data been implemented by DIMS, our respective team will provide an User Acceptance Test to identify the accuracy of data.

7. Your Rights To Access And Correct Your Personal Information

We can assist you to access and correct your personal information held by us.

Where you wish to have access to your personal information in DIMS's possession, or where you are of the opinion that such personal information held by us is inaccurate, incomplete, misleading or not up-to-date, you may make a request to us via our Data Access Request Form or Data Correction Request Form respectively. These forms are available at our branches.

We will use reasonable efforts to comply with your request to access or correct your personal information within 21 days of receiving your duly completed Data Access Request Form/Data Correction Request Form and the relevant processing fee (if any). Please note that DIMS may have to withhold access to your personal information in certain situations, for example when we are unable to confirm your identity or where information requested for is of a confidential commercial nature or in the event we receive repeated requests for the same information. Nevertheless, we will notify you of the reasons for not being able to accede to your request.

Please also note that DIMS may use its discretion in allowing the corrections requested and/or may require further documentary evidence of the new information to avoid fraud and inaccuracy.

You can also assist us to keep your personal information (such as your current mailing address) up to date, as it will enable us to serve you better.

8. Exercising Choices Over The Disclosure, Retention And Use Of Your Personal Information

Subject always to our contractual rights and obligations under relevant laws and regulations, you may exercise your choice in respect of the disclosure, retention and use of your personal information. Should you wish to do so, kindly contact us at the address/telephone number/e-mail address given at the end of this Privacy Notice.

9. Revisions To Privacy Notice

This Privacy Notice may be revised from time to time. Notice of any such revision will be given on PAXOTEC SDN BHD's website and/or by such other means of communication deemed suitable by DIMS.

10. Contacting DIMS About Your Privacy And How We Handle Your Personal Information

Should you have any query in relation to this Privacy Notice or how we handle your personal information, kindly contact Head of Customer Resolution Unit at the following contact points:

Lot L2-I-3, Enterprise 4, Technology Park,
Malaysia Lebuhraya Bukit Jalil,
57000 Bukit, Bukit Jalil, Kuala Lumpur
Email: [email protected]