Klinik Amisi

Privacy

How we handle your personal data, in line with PDPA 2010.

Last updated: 5 May 2026 | Version: 1.0

1. Introduction

This Privacy Policy explains how Amisi Medic Sdn. Bhd. (operating as Klinik Amisi, referred to as "we", "us" or "our") collects, uses, discloses and protects your personal data when you visit our website at amisi.com.my, contact us, or visit one of our clinics.

We are committed to protecting your privacy and handling your data in accordance with the Malaysian Personal Data Protection Act 2010 ("PDPA") and its subsidiary regulations, the Private Healthcare Facilities and Services Act 1998 ("PHFSA"), and the standards set by the Malaysian Medical Council ("MMC").

By using our website or providing your personal data through our forms or our WhatsApp channel, you consent to the practices described in this policy.

2. Personal Data We Collect

We collect personal data in the following ways.

2.1 Information you provide through our website

When you submit an enquiry or booking form, we collect:

  • Full name
  • Email address
  • Mobile or telephone number
  • Preferred branch location
  • Treatment area of interest (Skin, Body, Pelvic or Intimacy)
  • Any notes or questions you choose to share
  • Your explicit PDPA consent (a checkbox on the form)

2.2 Information collected automatically

When you browse our website, we and our analytics providers may collect:

  • Internet Protocol (IP) address
  • Browser type, version and language
  • Device type and operating system
  • Pages visited, time on page and referral source
  • General geographic location (country and region only)

2.3 Information shared during consultation

Medical history, symptoms, examination findings, photographs (where relevant), treatment records and any other clinical information are collected only when you attend a consultation at one of our clinics. This information is held in our clinical record system, separate from the website, and is governed by medical confidentiality and the PHFSA.

2.4 Communications

When you contact us by WhatsApp, email or phone, we keep a record of that correspondence so we can respond to you and improve our service.

3. How We Use Your Data

We use your personal data to:

  • Respond to your enquiries and questions
  • Schedule, confirm and reschedule appointments
  • Send appointment reminders and aftercare information
  • Provide and improve our clinical services and follow-up care
  • Maintain accurate medical records as required under the PHFSA and MMC guidelines
  • Understand how visitors use our website so we can improve content and user experience
  • Comply with legal, regulatory and accounting obligations under Malaysian law
  • With your consent, send relevant clinic updates, health information or service notifications

4. Legal Basis for Processing

We process your personal data on one or more of the following legal bases under the PDPA:

  • Consent. You give explicit consent by ticking the PDPA consent checkbox on our forms or by initiating a WhatsApp conversation with us.
  • Contractual necessity. Where you book an appointment or undergo a treatment, we need your data to provide that service to you.
  • Legal obligation. We are required to keep medical records under the PHFSA and MMC standards, and to comply with taxation, accounting and other Malaysian laws.
  • Legitimate interest. We may process limited technical data (such as anonymised analytics) to keep our website secure and functional, balanced against your privacy.

5. Third-Party Disclosure

We do not sell your personal data. We share data only with trusted service providers that help us operate our website and clinic services. Each provider is bound to use your data only for the purpose we disclose to them.

5.1 Service providers we use

  • FormSubmit. When you submit a website form, the form data is transmitted through FormSubmit, which forwards the message to our clinic email inbox. FormSubmit acts as a delivery service only.
  • Privyr CRM. A copy of your enquiry is sent to Privyr, our customer relationship management tool, so our careline team can respond to you and track your enquiry.
  • Google Tag Manager (GTM-W9LZ3BB). We use Google Tag Manager to load and manage tracking scripts on our website.
  • Google Analytics. Loaded via Google Tag Manager, this provides anonymised statistics on how visitors use our site.
  • WhatsApp and Meta. When you click any "WhatsApp us" link, you are routed via wa.me to a conversation with our clinic. Your message and phone number become visible to our careline team and are subject to WhatsApp's own privacy policy.
  • Hosting and infrastructure. Our website is served through standard cloud hosting and content delivery infrastructure that processes IP addresses and request logs as part of normal operation.

5.2 Other disclosures

We may also disclose personal data:

  • To regulators, courts or law enforcement where we are required by Malaysian law to do so
  • To professional advisors (lawyers, auditors) under a duty of confidentiality
  • To another medical practitioner if you ask us to refer you, with your consent

6. Data Retention

We retain different categories of data for different periods.

  • Website enquiry data. If you submit an enquiry but do not become a patient, we retain the enquiry for up to 12 months for follow-up and quality purposes, after which it is deleted or anonymised.
  • Patient medical records. If you become a patient, your clinical records are retained in line with MMC and PHFSA requirements. For adult patients this is typically a minimum of seven (7) years from the date of last entry; longer periods apply to paediatric, obstetric and certain other records.
  • Accounting and tax records. Retained for the statutory minimum period under Malaysian law (currently seven years).
  • Analytics and cookies. Retained according to the settings of each provider; see Section 7.

7. Cookies and Tracking

A cookie is a small text file stored on your device when you visit a website. We use cookies and similar technologies for the following purposes:

  • Strictly necessary. Required for the website to function (for example, remembering your cookie preferences).
  • Analytics. Loaded through Google Tag Manager, these help us understand which pages are popular and how visitors navigate the site.
  • Marketing and advertising. Where applicable, used to measure the performance of our advertising and to show relevant content.

When you first visit our website, our cookie banner asks for your consent before non-essential cookies are set. You can change your preferences at any time by clearing the cookies stored by your browser, or by adjusting your browser settings to reject cookies.

8. Your Rights Under the PDPA

Under the Malaysian Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you
  • Correct any data that is inaccurate or out of date
  • Withdraw consent for us to process your data (note that this may affect our ability to continue providing services to you)
  • Limit processing for direct marketing purposes
  • Request a copy of your data in a portable format
  • Lodge a complaint with the Personal Data Protection Department of Malaysia (Jabatan Perlindungan Data Peribadi) if you believe your rights have been breached

To exercise any of these rights, please contact us using the details in Section 13. We may need to verify your identity before acting on a request, and we will respond within the period required by the PDPA.

9. Data Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using HTTPS / TLS
  • Restricted access controls so that only authorised staff can view patient records
  • Regular staff training on confidentiality, PDPA and medical ethics
  • Secure on-site storage and disposal procedures for any physical records
  • Vendor due diligence for third-party processors handling your data

No system can be guaranteed completely secure. If we ever become aware of a data breach affecting your personal data, we will follow the notification process required by the PDPA.

10. International Transfers

Some of the service providers listed in Section 5 (including FormSubmit, Privyr and Google) host their infrastructure outside Malaysia. By submitting your data through our website you acknowledge that this transfer may take place. We rely on the contractual safeguards offered by these providers and on the provisions of the PDPA for cross-border transfers, and we transfer only the minimum data needed for the service.

11. Children's Privacy

Our website and services are intended for adults. We do not knowingly collect personal data from anyone under 18 years of age without the consent of a parent or legal guardian. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons. The version number and "Last updated" date at the top of this page show the current revision. Material changes will be highlighted on our website where practical. Your continued use of the website after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

For any questions about this Privacy Policy or to exercise your rights under the PDPA, please contact our Data Protection contact:

This Privacy Policy is governed by and construed in accordance with the laws of Malaysia.