Privacy Policy

私隐政策

How HansMed Modern TCM collects, uses, protects, and shares your personal data, in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA).

汉方现代中医依据马来西亚《2010年个人资料保护法》（PDPA）收集、使用、保护及分享您的个人资料之方式。

1. Who we are · 资料管控者

HansMed Modern TCM ("HansMed", "we", "us") is a licensed Traditional Chinese Medicine telehealth platform operating in Malaysia under the Traditional and Complementary Medicine Act 2016. We are the data controller for personal data processed through this platform.

汉方现代中医（「本公司」）为马来西亚持牌之远程中医平台，依据《2016年传统及辅助医疗法》运营，为本平台处理之个人资料之资料管控者。

Contact: [email protected] · WhatsApp: +60 11-6560 0393

2. What data we collect · 收集资料范围

We collect only the data necessary to deliver TCM consultations and fulfil legal obligations:

本公司仅收集提供中医服务及履行法定义务所必需之资料：

• Identity — name, email, phone, date of birth, gender, NRIC/passport (verification only).
• 身份资料 — 姓名、电邮、电话、出生日期、性别、身份证／护照（仅用于验证）。
• Health — symptoms, tongue images, constitution questionnaire answers, consultation notes, prescriptions, order history.
• 健康资料 — 症状、舌部影像、体质问卷、问诊记录、处方及订单。
• Technical — IP address, device type, browser, session timestamps (for security and fraud prevention).
• 技术资料 — IP位址、装置类型、浏览器、时间戳（用于安全及防范诈欺）。
• Payment — processed by HitPay; we store only the transaction reference, not your card number.
• 付款资料 — 由 HitPay 处理；本公司仅保留交易编号，不储存信用卡号。

3. How we use your data · 资料用途

• Deliver consultations, issue prescriptions, and fulfil herb orders.
• 提供问诊、处方及中药订单配送。
• Generate AI-assisted wellness suggestions (tongue analysis, constitution reports) for practitioner review — never as a final diagnosis.
• 生成 AI 辅助健康建议（舌诊分析、体质报告）供持牌中医师审核 — 非作为最终诊断。
• Comply with Ministry of Health (MOH) record-keeping and T&CM Act 2016 retention requirements.
• 遵守卫生部（MOH）记录保存及《2016年传统及辅助医疗法》之保存要求。
• Send transactional notifications (appointment reminders, order updates). Marketing is opt-in only.
• 发送交易通知（预约提醒、订单更新）。行销讯息须另行同意。

4. Legal basis · 法律依据

We process your data under PDPA §6 on the bases of (a) your explicit consent at registration, (b) performance of a contract (the consultation), and (c) compliance with Malaysian healthcare law.

本公司依据 PDPA 第6条处理资料：(a) 您于注册时之明确同意、(b) 履行合约（问诊）、(c) 遵守马来西亚医疗法规。

5. Sharing · 资料分享

We share your data only with:

本公司仅于下列情况分享您的资料：

• The licensed TCM practitioner treating you (essential for care).
• 为您提供治疗之持牌中医师（治疗必需）。
• The fulfilling pharmacy (for prescription dispensing only).
• 处方配药之药房（仅限配药用途）。
• HitPay (payment processing).
• HitPay（付款处理）。
• Regulators (MOH, PDP Commissioner) when required by law.
• 监管机构（MOH、个人资料保护专员）于法律要求时。

We do not sell your data and do not share it with advertisers.

本公司不会出售您的资料，亦不会分享予广告商。

5a. Where your data is stored · 资料储存地点

HansMed is a Malaysian business serving Malaysian patients, but the underlying servers and database are operated by Railway (a US-incorporated infrastructure provider) on Google Cloud Platform's Singapore region (asia-southeast1). This is permitted under PDPA §129 because (a) you have explicitly consented to this processing in your account registration, and (b) Singapore is recognised as providing data protection at a level comparable to Malaysia's PDPA, through its own Personal Data Protection Act 2012. Railway is SOC 2 Type II audited; encryption at rest (AES-256) and in transit (TLS 1.2+) is applied to all patient data.

汉方为马来西亚企业，服务马来西亚患者，惟伺服器及资料库由 Railway（一家美国注册之基础设施供应商）于 Google Cloud Platform 新加坡区（asia-southeast1）运作。此安排符合 PDPA §129，因为（a）阁下已于注册时明确同意此处理方式，及（b）新加坡依据其《2012 年个人资料保护法》提供与马来西亚 PDPA 相当之资料保护。Railway 经 SOC 2 Type II 审核；所有患者资料皆以静态加密（AES-256）及传输加密（TLS 1.2+）保护。

Tongue images and other large media files may be stored on object storage in the Asia-Pacific region. HitPay (payment processing) operates from Singapore for Malaysian transactions. We do not transfer patient data to any other jurisdiction.

舌部影像及其他大型媒体档案可能储存于亚太区之物件储存服务。HitPay（付款处理）为马来西亚交易设于新加坡运营。本公司不会将患者资料转移至其他司法管辖区。

6. Retention · 保存期限

• Medical records: minimum 7 years after last consultation (MOH requirement).
• 医疗记录：最后一次问诊后至少保存7年（MOH 要求）。
• Financial records: 7 years (Income Tax Act 1967).
• 财务记录：7年（《1967年所得税法》）。
• Account data: deleted within 30 days of account closure, except where law requires longer retention.
• 帐户资料：帐户关闭后30日内删除，惟法律另有要求者除外。

7. Security · 资料安全

Data is encrypted in transit (TLS 1.3) and at rest. Access is role-based: patients see only their own data; practitioners see patient details only for patients assigned to them. The shared clinic calendar shows other practitioners' appointments as occupied time slots — labelled with the practitioner and time only, without revealing the patient — so the clinic can coordinate scheduling without exposing patients across practitioners. We maintain audit logs of all access to medical records.

资料传输采 TLS 1.3 加密，储存亦加密。存取权限依角色划分：患者仅见自身资料；中医师仅就获分派之患者查看患者资料。共用诊所日历仅将其他医师之预约显示为已占用时段（只标示医师与时间，不显示患者），以便协调排程而不向其他医师揭露患者身分。所有医疗记录存取均有稽核记录。

8. Your rights under PDPA · 您于 PDPA 下之权利

• Access — request a copy of your data.
• 存取权 — 申请取得资料副本。
• Correction — fix inaccurate data.
• 更正权 — 修正不准确之资料。
• Withdrawal of consent — opt out at any time (may end our ability to provide care).
• 撤回同意 — 可随时撤回（可能影响本公司提供治疗之能力）。
• Deletion — subject to the retention requirements in §6.
• 删除权 — 受第6条保存期限规范。
• Portability — receive your data in a machine-readable format.
• 可携权 — 以机器可读格式取得资料。

To exercise any right, email [email protected]. We will respond within 21 days as required by PDPA.

行使上述权利请电邮 [email protected]，本公司将于 PDPA 要求之21日内回复。

9. Cookies & analytics · Cookies 及分析

We use a single session cookie for login. We do not use third-party advertising trackers. Optional analytics (privacy-respecting, IP-anonymised) may be added in future with a banner for opt-in.

本公司仅使用单一登入会话 cookie，不使用第三方广告追踪器。未来若加入匿名化分析工具，将以横幅请求同意。

10. Contact & complaints · 联络及投诉

Questions or complaints: [email protected]. If unresolved, you may contact the Personal Data Protection Commissioner, Malaysia — pdp.gov.my.

如有疑问或投诉，请电邮 [email protected]。若未能解决，可联络马来西亚个人资料保护专员 — pdp.gov.my。