serimediclinic.my

Request Appointment

Privacy Policy

Last updated: 20 April 2026

SERI Mediclinic & Surgeri (“SERI Mediclinic”, “we”, “our”, “us”) is committed to protecting the privacy of our patients, website visitors, and anyone who contacts us. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your rights under the Malaysian Personal Data Protection Act 2010 (“PDPA”).

This policy applies to:

  • Our website serimediclinic.my
  • Our two clinic branches: SERI Mediclinic Kampar and SERI Mediclinic & Surgeri Silibin (Ipoh)
  • Our communications over phone, WhatsApp, email, and social media
  • Our Google Business Profiles for both branches

By using our services or this website, you agree to the practices described below.

1. Who We Are and How to Contact Us

Data Controller: SERI Mediclinic & Surgeri, founded by Dr. Hema Seridaran.

  • Kampar branch: +60 12-551 0173 · Kampar@serimediclinic.my
  • Silibin branch: +60 12-943 3882 · Silibin@serimediclinic.my
  • Website: https://serimediclinic.my

For any privacy question, data access request, or complaint, email either branch and mark the subject line “Privacy Request”. We respond within 21 days as required by PDPA.

2. Information We Collect

2.1 Information you provide directly

  • Contact details — name, phone number, email, postal address
  • Identification details — IC/passport number (as required for medical records and insurance claims)
  • Health information — medical history, current medications, allergies, symptoms, examination findings, test results, treatment records, photographs of wounds for clinical documentation
  • Insurance details — policy number, panel membership, claims history
  • Payment information — billing details (we do not store full card numbers — payment is processed via secure terminal or the insurer’s direct billing)
  • Emergency contact details — name and phone of your next of kin
  • Appointment and communication history — bookings, WhatsApp messages, email correspondence

2.2 Information we collect automatically when you use our website

  • Usage data — pages visited, time on page, referral source, approximate geographic region
  • Device data — browser type, operating system, screen size, IP address (anonymised)
  • Cookies and similar technologies — see Section 7

2.3 Information from third parties

  • Insurance panel providers — to verify your coverage before treatment
  • Referring doctors or clinics — when you’re referred to us
  • Google — reviews, Q&A, and messages you send us via Google Business Profile
  • Social media platforms — messages sent via our Facebook, Instagram, or TikTok pages

We do not buy personal data from data brokers.

3. Why We Collect and Use Your Information

We process your personal data only for these purposes:

  1. To provide medical care — diagnosis, treatment, follow-up, and referrals
  2. To communicate with you — appointment reminders, test results, care instructions, WhatsApp and email replies
  3. To process payments and insurance claims — including submitting claims to your panel insurer or PERKESO
  4. To maintain medical records — as required by Malaysian medical regulations
  5. To improve our services — anonymised analytics about how patients find and use our clinic
  6. To request feedback — asking satisfied patients to leave a Google review (never mandatory)
  7. To comply with legal obligations — including notifiable disease reporting, lawful requests from authorities, and record-retention rules
  8. To respond to public reviews and Q&A — on Google Business Profile and social media
  9. For marketing, only with your consent — health tip newsletters, vaccination reminders, or clinic updates. You can opt out at any time.

We never sell your personal data to third parties. Never.

4. Our Legal Basis (PDPA 2010)

Under the Malaysian Personal Data Protection Act 2010, we rely on the following bases to process your data:

  • Consent — when you give us your information to book an appointment or request care
  • Contract — to fulfil our clinical service to you
  • Legal obligation — for record-keeping and public health reporting
  • Legitimate interest — to keep our systems secure and to improve patient care
  • Vital interest — in an emergency where we must act to protect your health

5. Who We Share Your Information With

We share personal data only with parties who help us deliver care or meet legal obligations:

  • Treating clinicians and staff at both SERI branches — on a need-to-know basis
  • Referral partners — hospitals, specialists, and diagnostic labs, only with your knowledge
  • Insurance panels and PERKESO — to process your claims
  • Pharmacies — when dispensing a prescription
  • IT service providers — including our website host, email provider, backup services, and practice-management software (all bound by confidentiality agreements)
  • Regulatory authorities — Ministry of Health Malaysia, Malaysian Medical Council, or other authorities when legally required
  • Professional advisors — accountants, lawyers, auditors — where strictly necessary and confidentially

We do not share your health information for marketing purposes.

6. International Data Transfers

Some of our technology providers (e.g. cloud hosting, Google Analytics, WhatsApp Business) store data on servers outside Malaysia. When that happens, we ensure those providers offer data protection at least equivalent to PDPA and operate under binding contracts.

7. Cookies and Website Analytics

Our website uses cookies and similar technologies to:

  • Keep the website functional (session cookies — required)
  • Measure traffic and improve user experience (Google Analytics 4)
  • Enable third-party features you choose (e.g. WhatsApp click-to-chat)

You can disable cookies in your browser settings. Disabling essential cookies may break parts of the site.

We use Google Analytics 4 to understand visitor behaviour in aggregate. Google Analytics collects anonymised usage data; no directly-identifying personal information is shared. Read Google’s privacy policy at https://policies.google.com/privacy.

8. How Long We Keep Your Information

  • Medical records: retained for the periods required by Malaysian medical record regulations (typically a minimum of 7 years after the last consultation for adult patients, and until the patient reaches age 25 for paediatric records)
  • Financial and insurance records: 7 years as required for tax and audit
  • Appointment and communication logs: 3 years after last interaction
  • Website analytics: 14 months (Google Analytics default)
  • Marketing consent records: until you withdraw consent

After these periods, data is securely deleted or anonymised.

9. How We Protect Your Information

  • Physical records kept in locked cabinets in access-controlled areas of each branch
  • Digital records on password-protected systems with role-based access
  • Encrypted transmission (HTTPS) on our website and for all portal communications
  • Regular backups with secure storage
  • Confidentiality agreements with every staff member, locum, and contractor
  • Access logs reviewed regularly
  • Incident response procedure in the event of any suspected data breach

If a breach occurs that is likely to affect you, we will notify you and the authorities promptly as required by PDPA.

10. Your Rights Under PDPA

You have the right to:

  • Access your personal data we hold about you
  • Correct inaccurate data
  • Withdraw consent for any processing based on consent (including marketing)
  • Prevent processing that causes distress or damage
  • Prevent direct marketing
  • Lodge a complaint with the Department of Personal Data Protection (JPDP) if you believe your rights have been infringed

To exercise any of these rights, email the relevant branch or call us. We may ask you to verify your identity before responding. A small administrative fee may apply for access requests, as permitted by PDPA.

Complaints to the regulator can be made to: Jabatan Perlindungan Data Peribadi (JPDP) Ministry of Communications and Digital — www.pdp.gov.my

11. Children’s Privacy

For patients under 18, a parent or legal guardian must provide consent for data processing. Parents can exercise the child’s rights on their behalf.

12. Patient Reviews and Testimonials

If you leave us a public Google review or permit us to share a testimonial, that content is public and we may reference or respond to it publicly (without revealing any medical details you didn’t mention yourself). We never publish health information about any named patient without explicit written consent.

13. Photographs at the Clinic

We may photograph wounds and clinical findings as part of your medical record (for tracking healing progress). These photos are part of your confidential record and will not be used for any other purpose without your explicit, separate written consent. Marketing photos of staff, facilities, and consented patient stories are always covered by a specific signed release.

14. Third-Party Links

Our website may link to external websites (e.g. health directories, insurance panels, our social media). This Privacy Policy does not cover those sites. Please review their policies separately.

15. Changes to This Policy

We update this policy when our practices or the law change. The “Last updated” date at the top reflects the most recent revision. Substantial changes will be communicated via our website homepage banner.

16. Contact for Privacy Matters

SERI Mediclinic Kampar: Kampar@serimediclinic.my · +60 12-551 0173 SERI Mediclinic Silibin: Silibin@serimediclinic.my · +60 12-943 3882

Please include “Privacy Request” in your email subject line for faster handling.

This policy is written in plain English for clarity. The formal reference text under Malaysian law is the Personal Data Protection Act 2010.

Scroll to Top