Last updated: 3/10/2025 cca.cariklinik.com (“we,” “our,” or “us”) values and respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website and platform. 1. Scope This Policy applies to: Healthcare professionals and clinics (our users) who register and use our platform. Patient information entered into our system by those users. By using our services, you agree to the terms of this Privacy Policy. 2. Information We Collect We may collect and process the following data: From Healthcare Professionals (Users) Name, job title, clinic/hospital details Contact information (email, phone, address) Login credentials and account activity logs From Patients (Entered by Users) Identification details (name, NRIC/passport number, date of birth) Contact details (phone, email, address) Appointment or booking details Medical information relevant to the clinic’s services 3. Purpose of Collection We collect and process personal data to: Provide and maintain our platform services Manage clinic accounts and enable bookings or records management Communicate with clinics about updates, support, or billing Secure and monitor platform activity (audit logs, access control) Comply with legal or regulatory requirements 4. Roles and Responsibilities We (the platform provider) act as a data processor. We process and store data securely on behalf of our users. Clinics and healthcare professionals act as data users/controllers. They are responsible for: Obtaining valid consent from patients before entering their data into our system. Ensuring data entered into the platform is accurate and lawful. 5. Disclosure of Personal Data We do not sell or rent personal data. Data may be disclosed only to: Service providers assisting in hosting, storage, or technical support (bound by confidentiality agreements) Authorities or regulators if required by law 6. Data Security We apply technical and organizational safeguards to protect data, including: SSL/HTTPS encryption for all website communications Secure database storage with restricted access Role-based permissions for different users Regular backups and monitoring 7. Your Rights (PDPA) Under Malaysia’s Personal Data Protection Act (PDPA), individuals have the right to: Request access to their personal data stored on our platform Request correction of inaccurate or outdated data Withdraw consent (subject to legal or contractual restrictions) All such requests must be submitted through the clinic or healthcare provider responsible for the data. 8. Data Retention Healthcare professional data: retained as long as the account is active, or as required by law. Patient data: retained according to the clinic’s requirements. We do not delete or alter patient records unless instructed by the clinic. 9. International Patients (Optional HIPAA Note) If our platform is used by U.S. clinics or patients, we also comply with applicable U.S. HIPAA requirements, including secure storage, restricted access, and Business Associate Agreements with service providers. 10. Updates to This Policy We may update this Privacy Policy from time to time. Any changes will be posted on this page with the revised date. 11. Contact Us For any questions about this Privacy Policy or how your data is handled, please contact: Locum Net Asia Sdn. Bhd. Email: [email protected] Phone: 03-9549 2750 Address: 22-2A, Jalan Emas 5, Taman Emas, 43200 Cheras, Selangor