Skip to content Skip to footer
Menu Close
Close
Company Logo Company Logo
Menu Close
Close

Personal Data Protection Notice for Komune TCM

Komune TCM Healthcare Sdn. Bhd and its subsidiaries and business units (“Komune TCM”) respect and are committed to the protection of your personal data and your privacy. In this Personal Data Protection Notice, “we”, “us” and “our” refers to Komune TCM, and “you” and “your” include third parties whose personal data you have provided to Komune TCM.

Your data controller is Komune TCM Healthcare Sdn. Bhd.

This Personal Data Protection Notice explains how we collect and handle your personal data, including your sensitive personal data, in accordance with the Malaysian Personal Data Protection Act 2010. Please note that Komune TCM may amend this Personal Data Protection Notice at any time without prior notice and will publish the amended or revised Personal Data Protection Notice on our website or by email.

We may collect and process personal data of children under the age of 18 years old. If you are under 18 years old, please obtain your parent’s or guardian’s consent before you provide your personal data to Komune TCM. If we learn that we have collected such data from a child under 18 without verification of parental consent, we will delete the data. If you believe we might have any data from or about a child under 18 without parental consent, please contact us using the information provided below.

Note that your sensitive personal data (e.g. your physical or mental health or condition, or biometric data) and your medical information (e.g. patient medical history, diagnostics, allergies) will not be shared or disclosed to any entity unless where you have provided your express, written consent.

1. Personal data

1.1 Type of personal data

“Personal data“ means any data which relates to you or any other third party related to you which was collected or provided to Komune TCM for the purposes stated in Section 2 below.

We process your personally identifiable data, which may include your name, NRIC number, contact details, financial and banking account details, medical history and information, information regarding your family, relatives or third party that you provide to us, your preferences in relation to products and services you purchase from us, CCTV/security recordings, location tracking/GPS information, other types of data as stated in this link, and all other data which are provided by you to Komune TCM via these channels:

  1. Komune TCM’s website and 3rd party websites affiliated with Komune TCM;
  2. mobile application from Komune TCM;
  3. electronic forms from Komune TCM;
  4. physical forms from Komune TCM;
  5. email; and/or
  6. social media and communication messaging platform.

1.2 Source of personal data

  1. Patient or potential patient/customer, parent or guardian of patients or potential patients/customers: Komune TCM collects your personal data directly from you or indirectly from your legal representatives (family members, next of kin), agents (e.g. medical tourism agents, insurance companies), and/or employer when you, your legal representatives, agents, and/or employers send us completed enquiry, application, and/or registration forms via various means, including online and physical hardcopies at public venues or in our premises. Your personal data may also be collected from cookies through the use of our website. 
  2. Independent consultants or potential independent consultants: Komune TCM collects your personal data directly from you or indirectly from headhunters when you and/or our headhunters send us completed enquiry and/or application forms or curriculum vitaes via various means, including online and physical hardcopies. Your personal data may also be collected from cookies through the use of our website. 
  3. Vendor, supplier or service provider: Komune TCM collects your personal data directly from you or indirectly from your employer or credit reference agencies when tendering for projects, or when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies. Your personal data may also be collected from cookies through the use of our website.

1.3 Obligatory personal data

All data requested for in the relevant forms is obligatory to be provided by you unless stated otherwise. Should you fail to provide the obligatory data, we would be unable to process your request and/or provide you with relevant services.

2. Purposes of collecting and further processing (including disclosing) your personal data

For patients or potential patients/customers, parents or guardians of patients or potential patients/customers, independent consultants, potential independent consultants, vendors, suppliers or service providers: Your personal data is collected and further processed by Komune TCM as required or permitted by law and to give effect to your requested commercial transaction, including the following:

  • to process your requested medical products and services;
  • to facilitate your participation in any contests or events;
  • to administer and communicate with you in relation to our services and/or events;
  • to facilitate your medical practice within Komune TCM, including sharing your personal data with other independent consultants within Sunway for purposes of peer review;
  • to administer and communicate with you in relation to your medical practice;
  • to process your credit account application;
  • to assess your credit worthiness;
  • to administer and give effect to your commercial transaction (tender award, contract for service, consignment agreement);
  • to process any payments relevant to you;
  • for insurance purposes;
  • to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;
  • for internal investigations, audit or security purposes;
  • to conduct internal statistical analysis and analysis of patient case studies;
  • to conduct and support internal marketing analysis and analysis of patient/customer patterns/habits, choices and engagement with Komune TCM’s related companies, subsidiaries, holding companies, and affiliate companies;
  • to be collected and stored into a central repository that is accessible by Komune TCM’s related companies, subsidiaries, holding companies, and affiliate companies;
  • to create and deliver personalised products and services that are unique to you to enhance your customer experience;
  • to provide you with a more seamless customer experience;
  • to support research and innovation of our products and services;
  • to store and carry out data analytics processes;
  • to improve our products and services;
  • for the matching of loyalty points provided by a third party/business partner to advertise and market products and services to you;
  • for collaborations with a business partner to advertise and market products and services to you;
  • to comply with Komune TCM’s legal and regulatory obligations in the conduct of its business;
  • to contact you regarding products, services, upcoming events, promotions, advertising, marketing, and commercial materials which we feel may interest you;
  • to send you season’s greetings, special occasion messages, or other similar communications;
  • to allow third parties to contact you for advertising, promotional or marketing campaigns conducted by any third-party entities;
  • to ensure that the content from our website is presented in the most effective manner for you and for your computer and/or device; and
  • for Komune TCM’s internal records management.

*Where you have indicated your consent to receiving marketing or promotional updates from Komune TCM, you may opt-out from receiving such marketing or promotional material at any time. 

Data Analytics Processing

We will use and share your data for analytics and measurement purposes to understand how our products and services are used, to help improve the products and services we offer, to provide you with more personalised products and services, and to provide a more seamless customer experience.

For example, we analyse data about your choices and preferences in relation to the products and services you purchase from us to send you targeted advertisements and promotional materials. We also process data about the ads you interact with to help us and advertisers understand the performance of various ad campaigns.

3. Disclosure of personal data

3.1 Classes of third parties

Your personal data may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual or business relationships, or for the purposes stated in Section 2 Purposes of collecting and further processing (including disclosing) your personal data above (or directly related to those purposes). The aforesaid relevant third parties may include the following:

  1. professional advisors and corporate service providers, including auditors, lawyers, company secretaries, and consultants;
  2. advertising and marketing partners;
  3. payment processors;
  4. cloud and hosting services;
  5. customer support and communication;
  6. market research and survey;
  7. logistics and shipping partners;
  8. social media platforms;
  9. business partners and affiliate networks including third party private healthcare institutions;
  10. analytics and tracking providers;
  11. the respective foreign embassies of foreign patients who received treatment in Komune TCM;
  12. other service providers and entities, including printing companies, conference/training/event organisers, travel agencies, insurance companies, insurers, utility companies, contractors, property management companies, credit agencies (debt recoveries), data centres, or laboratories;
  13. law enforcement agencies, including the local police;
  14. relevant governmental authorities, statutory authorities, local councils, government healthcare institutions and industry regulators including Bank Negara Malaysia, Bursa Malaysia Berhad, Ministry of Health, Ministry of Education, Ministry of Works, LHDN/IRB, KWSP/EPF, Personal Data Protection Commissioner, MHTC (Malaysian Healthcare Tourism Council) SOCSO, Securities Commission Malaysia, Malaysian Medical Council and Department of Statistics Malaysia;
  15. relevant accreditation bodies such as the Malaysian Society for Quality in Health (MSQH);
  16. our independent consultants and specialists within Komune TCM; and
  17. in the case of pre-employment health screenings, to the patient’s employer/prospective employer.

In the event of a potential, proposed, or actual sale of business, disposal, acquisition, merger, or re-organisation (“Transaction”), your personal data may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit Komune TCM to release your personal data to the other party and its advisers/representatives.

3.2 Transfer of your personal data outside Malaysia

It may be necessary for us to transfer your personal data outside of Malaysia if any of the third parties mentioned in Section 3 (Disclosure of personal data) above including our service providers or business partners who are involved in providing any services to us are located or have processing facilities in countries outside of Malaysia.

You consent to us transferring your personal data outside Malaysia to such third parties and for the purposes set out in Section 2 (Purposes of collecting and further processing (including disclosing) your personal data).

We shall take necessary steps to ensure that any such third parties, whether within Malaysia or are based outside of Malaysia, are contractually bound to protect your personal data to a relevant standard that is comparable to applicable laws and that they can only process your personal data under our instructions.

4. Websites

4.1 Links to other sites

Links to other sites is provided for your convenience and information. These sites may have their own privacy statement in place, which we recommend you review if you visit any linked websites. We are not responsible for the content on the linked sites or any use of the site.

4.2 Location-enabled products or applications

Location-enabled products or applications transmit your location data to us. We do not use the data sent or provided other than to provide the service you request. Location-enabled features are opt-in, and you have control over your participation and can turn these services off at any time or uninstall them. Some mobile applications will utilise Google Analytics (or similar tool) to help us better serve you through improved products, services, and revisions to the mobile applications. This collected data will not identify you to us. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

4.3 Cookies

A cookie may be used in the processing of your data. A cookie is a text file placed into the memory of your computer and/or device by our computers. A copy of this text file is sent by your computer and/or device whenever it communicates with our server. We use cookies to identify you. We may also collect the following data during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

  • the date and time you accessed each page on our website;
  • (the URL of any webpage from which you accessed our site (the referrer); and
  • the web browser that you are using and the pages you accessed.

Some web pages may require you to provide a limited amount of personal data in order to enjoy certain services on our websites (system login credentials, email address, and contact details, etc.). This personal data will only be used for its intended purposes, i.e. to respond to your message or deliver the requested services.

5. Right to access and correct personal data

You have the right to access and correct your personal data held by us (subject always to certain exemptions). We will make every endeavour to ensure your personal data is accurate and up to date. Therefore, we ask that if there are changes to your data, you should notify us directly.

6. Data security

We have implemented reasonable physical, technical and procedural measures to secure your personal data from accidental loss and from unauthorised or accidental access, use, alteration, and disclosure. All data you provide to us is stored on our secure servers. The measures we implement include the following:

  1. registering our employees handling personal data into a system/registration book before being allowed access to personal data;
  2. terminating our employee’s access rights to personal data after his/her resignation or cessation of employment, termination of contract or agreement, or adjustment in accordance with changes in Komune TCM;
  3. controlling and limiting our employee’s access to personal data system for the purpose of collecting, processing and storing of personal data;
  4. providing user ID and password for authorised employees to access personal data;
  5. terminating user ID and password immediately when our employee who is authorised to access personal data is no longer handling the data;
  6. establishing physical security procedures as follows:
    1. controlling the movement in and out of the data storage site;
    2. storing personal data in an appropriate location which is unexposed and safe from physical or natural threats;
    3. providing a closed-circuit camera at the data storage site (if necessary); and
    4. providing twenty-four (24) hours of security monitoring (if necessary);
  7. updating the back-up/recovery system and anti-virus software to prevent personal data intrusion;
  8. safeguarding the computer systems from malware threats to prevent attacks on personal data;
  9. prohibiting the transfer of personal data through removable media devices and cloud computing services unless consent has been obtained from the top management of Sunway and appropriate safeguards have been implemented;
  10. recording any transfer of data through removable media devices and cloud computing services unless consent has been obtained from the top management of Sunway and appropriate safeguards have been implemented;
  11. ensuring that personal data transfers through cloud computing services comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries;
  12. maintaining a proper record of access to personal data periodically and making such record available for submission when directed by the Personal Data Protection Commissioner;
  13. ensuring that all our employees involved in processing personal data always protect the confidentiality of the data subject’s personal data; and
  14. binding any third party appointed by us with a contract for operating and carrying out personal data processing activities.

We also ensure that any third-party service providers storing or processing your personal data have implemented similar acceptable standards of security.

Unfortunately, the transmission of data via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted on our website or other electronic transmission means.

7. Retention of personal data

We will process your personal data for as long as we have a legal basis to do so. Your personal data will be stored only for the period necessary to fulfil the purposes stated above after which we will ensure that your personal data is deleted if it is no longer necessary to store it.

We also implement the following measures for the management and deletion of personal data stored by us:

  1. maintaining a system for proper records of personal data disposal periodically and making such records available for submission when directed by the Personal Data Protection Commissioner;
  2. conducting reviews and disposing of all unwanted personal data that are in the database from time to time;
  3. preparing and maintaining a personal data disposal schedule for inactive data with a twenty-four (24) month period or in accordance with the guidelines set by the Ministry of Health under “Jadual Pelupusan Rekod Perubatan 2016”;
  4. disposing of personal data collection forms used in commercial transactions within a period of fourteen (14) days, except if/unless the forms carry legal values in relation to the commercial transaction; and
  5. prohibiting the storage of personal data through removable media devices and cloud computing services unless written consent is obtained from an officer authorised by the top management of Komune TCM.

8. Conflict

In the event of any conflict between this English language Personal Data Protection Notice and its corresponding Chinese Personal Data Protection Notice, the terms in this English language Notice shall prevail.

This Personal Data Protection Notice was last updated on 12 Jan 2026.