Privacy Policy

私隱政策

How HansMed Modern TCM collects, uses, protects, and shares your personal data, in compliance with Malaysia's Personal Data Protection Act 2010 (PDPA).

漢方現代中醫依據馬來西亞《2010年個人資料保護法》（PDPA）收集、使用、保護及分享您的個人資料之方式。

1. Who we are · 資料管控者

HansMed Modern TCM ("HansMed", "we", "us") is a licensed Traditional Chinese Medicine telehealth platform operating in Malaysia under the Traditional and Complementary Medicine Act 2016. We are the data controller for personal data processed through this platform.

漢方現代中醫（「本公司」）為馬來西亞持牌之遠程中醫平台，依據《2016年傳統及輔助醫療法》運營，為本平台處理之個人資料之資料管控者。

Contact: [email protected] · WhatsApp: +60 11-6560 0393

2. What data we collect · 收集資料範圍

We collect only the data necessary to deliver TCM consultations and fulfil legal obligations:

本公司僅收集提供中醫服務及履行法定義務所必需之資料：

• Identity — name, email, phone, date of birth, gender, NRIC/passport (verification only).
• 身份資料 — 姓名、電郵、電話、出生日期、性別、身份證／護照（僅用於驗證）。
• Health — symptoms, tongue images, constitution questionnaire answers, consultation notes, prescriptions, order history.
• 健康資料 — 症狀、舌部影像、體質問卷、問診記錄、處方及訂單。
• Technical — IP address, device type, browser, session timestamps (for security and fraud prevention).
• 技術資料 — IP位址、裝置類型、瀏覽器、時間戳（用於安全及防範詐欺）。
• Payment — processed by Stripe Malaysia; we store only the transaction reference, not your card number.
• 付款資料 — 由 Stripe Malaysia 處理；本公司僅保留交易編號，不儲存信用卡號。

3. How we use your data · 資料用途

• Deliver consultations, issue prescriptions, and fulfil herb orders.
• 提供問診、處方及中藥訂單配送。
• Generate AI-assisted wellness suggestions (tongue analysis, constitution reports) for practitioner review — never as a final diagnosis.
• 生成 AI 輔助健康建議（舌診分析、體質報告）供持牌中醫師審核 — 非作為最終診斷。
• Comply with Ministry of Health (MOH) record-keeping and T&CM Act 2016 retention requirements.
• 遵守衛生部（MOH）記錄保存及《2016年傳統及輔助醫療法》之保存要求。
• Send transactional notifications (appointment reminders, order updates). Marketing is opt-in only.
• 發送交易通知（預約提醒、訂單更新）。行銷訊息須另行同意。

4. Legal basis · 法律依據

We process your data under PDPA §6 on the bases of (a) your explicit consent at registration, (b) performance of a contract (the consultation), and (c) compliance with Malaysian healthcare law.

本公司依據 PDPA 第6條處理資料：(a) 您於註冊時之明確同意、(b) 履行合約（問診）、(c) 遵守馬來西亞醫療法規。

5. Sharing · 資料分享

We share your data only with:

本公司僅於下列情況分享您的資料：

• The licensed TCM practitioner treating you (essential for care).
• 為您提供治療之持牌中醫師（治療必需）。
• The fulfilling pharmacy (for prescription dispensing only).
• 處方配藥之藥房（僅限配藥用途）。
• Stripe Malaysia (payment processing).
• Stripe Malaysia（付款處理）。
• Regulators (MOH, PDP Commissioner) when required by law.
• 監管機構（MOH、個人資料保護專員）於法律要求時。

We do not sell your data and do not share it with advertisers.

本公司不會出售您的資料，亦不會分享予廣告商。

5a. Where your data is stored · 資料儲存地點

HansMed is a Malaysian business serving Malaysian patients, but the underlying servers and database are operated by Railway (a US-incorporated infrastructure provider) on Google Cloud Platform's Singapore region (asia-southeast1). This is permitted under PDPA §129 because (a) you have explicitly consented to this processing in your account registration, and (b) Singapore is recognised as providing data protection at a level comparable to Malaysia's PDPA, through its own Personal Data Protection Act 2012. Railway is SOC 2 Type II audited; encryption at rest (AES-256) and in transit (TLS 1.2+) is applied to all patient data.

漢方為馬來西亞企業，服務馬來西亞患者，惟伺服器及資料庫由 Railway（一家美國註冊之基礎設施供應商）於 Google Cloud Platform 新加坡區（asia-southeast1）運作。此安排符合 PDPA §129，因為（a）閣下已於註冊時明確同意此處理方式，及（b）新加坡依據其《2012 年個人資料保護法》提供與馬來西亞 PDPA 相當之資料保護。Railway 經 SOC 2 Type II 審核；所有患者資料皆以靜態加密（AES-256）及傳輸加密（TLS 1.2+）保護。

Tongue images and other large media files may be stored on object storage in the Asia-Pacific region. Stripe (payment processing) operates from Singapore for Malaysian transactions. We do not transfer patient data to any other jurisdiction.

舌部影像及其他大型媒體檔案可能儲存於亞太區之物件儲存服務。Stripe（付款處理）為馬來西亞交易設於新加坡運營。本公司不會將患者資料轉移至其他司法管轄區。

6. Retention · 保存期限

• Medical records: minimum 7 years after last consultation (MOH requirement).
• 醫療記錄：最後一次問診後至少保存7年（MOH 要求）。
• Financial records: 7 years (Income Tax Act 1967).
• 財務記錄：7年（《1967年所得稅法》）。
• Account data: deleted within 30 days of account closure, except where law requires longer retention.
• 帳戶資料：帳戶關閉後30日內刪除，惟法律另有要求者除外。

7. Security · 資料安全

Data is encrypted in transit (TLS 1.3) and at rest. Access is role-based (patients see only their own data; practitioners see only patients assigned to them). We maintain audit logs of all access to medical records.

資料傳輸採 TLS 1.3 加密，儲存亦加密。存取權限依角色劃分（患者僅見自身資料；中醫師僅見獲分派之患者），所有醫療記錄存取均有稽核記錄。

8. Your rights under PDPA · 您於 PDPA 下之權利

• Access — request a copy of your data.
• 存取權 — 申請取得資料副本。
• Correction — fix inaccurate data.
• 更正權 — 修正不準確之資料。
• Withdrawal of consent — opt out at any time (may end our ability to provide care).
• 撤回同意 — 可隨時撤回（可能影響本公司提供治療之能力）。
• Deletion — subject to the retention requirements in §6.
• 刪除權 — 受第6條保存期限規範。
• Portability — receive your data in a machine-readable format.
• 可攜權 — 以機器可讀格式取得資料。

To exercise any right, email [email protected]. We will respond within 21 days as required by PDPA.

行使上述權利請電郵 [email protected]，本公司將於 PDPA 要求之21日內回覆。

9. Cookies & analytics · Cookies 及分析

We use a single session cookie for login. We do not use third-party advertising trackers. Optional analytics (privacy-respecting, IP-anonymised) may be added in future with a banner for opt-in.

本公司僅使用單一登入會話 cookie，不使用第三方廣告追蹤器。未來若加入匿名化分析工具，將以橫幅請求同意。

10. Contact & complaints · 聯絡及投訴

Questions or complaints: [email protected]. If unresolved, you may contact the Personal Data Protection Commissioner, Malaysia — pdp.gov.my.

如有疑問或投訴，請電郵 [email protected]。若未能解決，可聯絡馬來西亞個人資料保護專員 — pdp.gov.my。