Your data is safe with HansMed
您的 资料 受到妥善保护
We understand that health data is among the most personal information you can share. HansMed is built from the ground up with your security and privacy as the top priority — not an afterthought.
我们深明健康资料是您最私密的个人资讯。HansMed 从设计之初便将您的安全与隐私放在首位,并非附加考量。
How your data is protected · 资料保护措施
Encrypted Passwords · 加密密码
Your password is never stored as plain text. We use bcrypt encryption — the same standard used by banks. Even HansMed staff cannot read your password.
您的密码从不以明文储存,采用银行级 bcrypt 加密,连 HansMed 员工亦无法查阅。
Secure Connection (HTTPS) · 安全连线
All data between your device and HansMed is transmitted over HTTPS — an encrypted connection that prevents anyone from intercepting your information in transit.
所有资料传输均采用 HTTPS 加密,防止任何人在传输过程中拦截您的资讯。
Login Protection · 登入保护
After 5 failed login attempts your account is temporarily locked for 15 minutes. Two-step verification for doctor and admin accounts is on the roadmap before public launch.
登入失败 5 次后帐号将暂时锁定 15 分钟。医师及管理帐号将于正式上线前启用双重验证。
Health Data — Practitioners Only · 健康资料仅限中医师查阅
Your health records, photos, and consultation notes are only accessible to your assigned TCM practitioner and authorised HansMed staff. We do not share your health data with third parties.
您的健康纪录、照片及问诊笔记仅供您的主诊中医师及授权员工查阅,不会与第三方共享。
Data Stored in Singapore · 资料储存于新加坡
Your data is stored on secure servers in Singapore (Google Cloud asia-southeast1), an adequate jurisdiction under PDPA §129. We do not transfer your health data outside Asia-Pacific without your explicit consent.
您的资料储存于新加坡(Google Cloud asia-southeast1)安全伺服器,符合 PDPA §129 充分保障要求。未经您明确同意不会将健康资料转移至亚太区外。
Audit Trail · 存取记录
Every access to your health records is logged with a timestamp and the identity of who accessed it. You can request this log at any time.
每次查阅您健康纪录的时间及人员均有完整记录,您可随时要求查看。
Your rights under PDPA 2010 · 您在个人资料保护法下的权利
| Right权利 | What it means含义 | How to exercise如何行使 |
|---|---|---|
| Access查阅 | Request a copy of all data HansMed holds about you.索取本公司所持有与您相关之所有个人资料副本。 | [email protected] or My Portal → Settings → Export my data[email protected] 或:我的入口 → 设定 → 汇出个人资料 |
| Correct更正 | Request correction of inaccurate personal data.要求更正不准确的个人资料。 | Update directly in My Portal, or email us于我的入口直接更新,或来信告知 |
| Delete删除 | Request deletion of your data (subject to the 7-year clinical record retention required by T&CM Act 2016).要求删除个人资料(须遵守 T&CM 2016 法令所规定之七年临床纪录保留期)。 | [email protected] |
| Withdraw Consent撤回同意 | Withdraw marketing or AI-processing consent at any time.随时可撤回行销或 AI 处理之同意。 | My Portal → Privacy Settings我的入口 → 私隐设定 |
| Complain投诉 | Lodge a complaint with Malaysia's Personal Data Protection Commissioner.向马来西亚个人资料保护委员会提交投诉。 | pdp.gov.my |
What we will never do · 我们绝对不会做的事
We will never sell your personal data to advertisers or third parties.
We will never use your health photos for AI training without your explicit, separate consent.
We will never share your medical history with your employer, insurer, or family without your consent.
We will never spam you or share your contact details with marketing companies.
本公司绝不出售个人资料、未经同意不会用于 AI 训练、不会向雇主/保险公司/家人透露病历、不发送垃圾讯息。
Found a security issue? · 发现安全问题?
We take security reports seriously. If you believe you have found a vulnerability in HansMed, please contact us immediately at [email protected] with the subject line "Security Report". We will respond within 24 hours and credit you in our security acknowledgements (with your permission).
若您发现任何安全漏洞,请立即发送电邮至 [email protected],主旨注明「Security Report」。我们将于 24 小时内回复,并在您同意下将您列入安全致谢名单。