Privacy Policy

Ilham Health Sdn. Bhd. ("Ilham Health," "we," "our," or "us") is committed to protecting the privacy and personal data of our customers, website visitors, and service users. This Privacy Policy outlines how Ilham Health Sdn. Bhd., a company registered in Malaysia, collects, uses, discloses, stores, and protects your personal data in accordance with the Personal Data Protection Act 2010 ("PDPA") of Malaysia and other applicable laws.

By accessing our website at [www.ilhamhealth.com.my], using our services, or providing us with your personal data, you agree to the terms of this Privacy Policy.

1. What Personal Data We Collect

We may collect various types of personal data from you, including but not limited to:

  • Identity Data: Name, date of birth, gender, marital status, nationality, NRIC/passport number (if required for specific services like rentals or insurance claims).
  • Contact Data: Billing address, delivery address, email address, telephone numbers.
  • Financial Data: Bank account details, payment card details (processed securely by third-party payment gateways), billing information.
  • Transaction Data: Details about products and services you have purchased from us.
  • Health Data (Sensitive Personal Data): For specific services (e.g., CPAP therapy, oxygen therapy, rental of medical equipment), we may collect relevant health information such as diagnoses, medical history, doctor's recommendations, prescriptions, or other data necessary to provide appropriate products or services. We will always obtain your explicit consent for the collection and processing of sensitive personal data.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Customer Service Data: Information you provide when contacting our customer service, including queries, feedback, and complaints.

2. How We Collect Your Personal Data

We use different methods to collect data from and about you, including through:

  • Direct Interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
    • Apply for our products or services.
    • Create an account on our website.
    • Subscribe to our newsletters or marketing communications.
    • Request information or materials from us.
    • Participate in surveys or provide feedback.
    • Contact customer service.
    • Enter into a contract for product purchase or rental.
  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, such as:
    • Healthcare professionals or clinics (with your explicit consent, especially for sensitive health data).
    • Payment and delivery services.
    • Data analytics providers.
    • Publicly available sources.

3. How We Use Your Personal Data

We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To Provide Services: To process and fulfill your orders, provide the products or services you have requested, including medical equipment sales, rentals, and support.
  • Customer Management: To manage your account, process payments, deliver products, and communicate with you about your orders and services.
  • Customer Support: To provide customer service, respond to your inquiries, complaints, and feedback.
  • Service Improvement: To improve our products, services, website, and customer experience.
  • Marketing and Promotions: To send you marketing communications, newsletters, and promotional offers that may be of interest to you, where you have consented to receive them. You can opt-out at any time.
  • Compliance and Legal Obligations: To comply with our legal and regulatory obligations, including tax, accounting, and healthcare regulations.
  • Internal Operations: For internal record keeping, data analysis, testing, system maintenance, support, reporting, and hosting of data.
  • Security: To protect our website, business, and users from fraud and other illegal activities.
  • Research and Development: To conduct research and analysis to better understand customer needs and develop new products and services (in anonymized or aggregated form where possible).

4. Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients:

  • Our Employees: Personal data will be accessible by relevant employees of Ilham Health Sdn. Bhd. who require the data to perform their job functions.
  • Service Providers: Third-party service providers who perform functions on our behalf, such as:
    • Payment gateway providers (e.g., Stripe, PayPal, local Malaysian banks)
    • Delivery and logistics companies (e.g., Pos Laju, J&T Express)
    • IT and system administration services
    • Marketing and analytics services
    • Professional advisors (e.g., lawyers, accountants)
  • Healthcare Professionals/Clinics: With your explicit consent, we may share relevant health data with healthcare professionals or clinics to facilitate proper care or product recommendations.
  • Governmental and Regulatory Bodies: When required by law or a court order, or to cooperate with government investigations.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized data that cannot be used to identify you personally for various purposes, including research, analytics, and marketing.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. International Transfers

We generally store and process your personal data within Malaysia. However, some of our third-party service providers or their servers may be located outside of Malaysia. In such cases, we will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy and the PDPA, and that adequate safeguards are in place to protect your data.

6. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Your Rights Under the PDPA

Under the Personal Data Protection Act 2010 (PDPA) of Malaysia, you have certain rights regarding your personal data. These include:

  • Right to Access: You have the right to request access to your personal data held by us.
  • Right to Correction: You have the right to request correction of inaccurate, incomplete, or outdated personal data.
  • Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time, where we are relying on consent to process your personal data. Please note that withdrawing consent may affect our ability to provide certain products or services to you.
  • Right to Prevent Processing for Direct Marketing: You have the right to request that we cease or not begin processing your personal data for the purposes of direct marketing.
  • Right to Request Erasure/Deletion (Right to be Forgotten): In certain circumstances, you may have the right to request the erasure or destruction of your personal data. (Note: This right is more explicitly defined in GDPR, but the PDPA allows for certain grounds for deletion/cessation of processing).

To exercise any of these rights, please contact us using the details provided in Section 10. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

9. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. The "Last Updated" and "Effective Date" at the top of this policy will indicate when it was last revised. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our website or services after any changes signifies your acceptance of the updated Privacy Policy.

Â