Your data is safe with HansMed
您的 資料 受到妥善保護
We understand that health data is among the most personal information you can share. HansMed is built from the ground up with your security and privacy as the top priority — not an afterthought.
我們深明健康資料是您最私密的個人資訊。HansMed 從設計之初便將您的安全與隱私放在首位,並非附加考量。
How your data is protected · 資料保護措施
Encrypted Passwords · 加密密碼
Your password is never stored as plain text. We use bcrypt encryption — the same standard used by banks. Even HansMed staff cannot read your password.
您的密碼從不以明文儲存,採用銀行級 bcrypt 加密,連 HansMed 員工亦無法查閱。
Secure Connection (HTTPS) · 安全連線
All data between your device and HansMed is transmitted over HTTPS — an encrypted connection that prevents anyone from intercepting your information in transit.
所有資料傳輸均採用 HTTPS 加密,防止任何人在傳輸過程中攔截您的資訊。
Login Protection · 登入保護
After 5 failed login attempts your account is temporarily locked for 15 minutes. Two-step verification for doctor and admin accounts is on the roadmap before public launch.
登入失敗 5 次後帳號將暫時鎖定 15 分鐘。醫師及管理帳號將於正式上線前啟用雙重驗證。
Health Data — Practitioners Only · 健康資料僅限中醫師查閱
Your health records, photos, and consultation notes are only accessible to your assigned TCM practitioner and authorised HansMed staff. We do not share your health data with third parties.
您的健康紀錄、照片及問診筆記僅供您的主診中醫師及授權員工查閱,不會與第三方共享。
Data Stored in Singapore · 資料儲存於新加坡
Your data is stored on secure servers in Singapore (Google Cloud asia-southeast1), an adequate jurisdiction under PDPA §129. We do not transfer your health data outside Asia-Pacific without your explicit consent.
您的資料儲存於新加坡(Google Cloud asia-southeast1)安全伺服器,符合 PDPA §129 充分保障要求。未經您明確同意不會將健康資料轉移至亞太區外。
Audit Trail · 存取記錄
Every access to your health records is logged with a timestamp and the identity of who accessed it. You can request this log at any time.
每次查閱您健康紀錄的時間及人員均有完整記錄,您可隨時要求查看。
Your rights under PDPA 2010 · 您在個人資料保護法下的權利
| Right權利 | What it means含義 | How to exercise如何行使 |
|---|---|---|
| Access查閱 | Request a copy of all data HansMed holds about you.索取本公司所持有與您相關之所有個人資料副本。 | [email protected] or My Portal → Settings → Export my data[email protected] 或:我的入口 → 設定 → 匯出個人資料 |
| Correct更正 | Request correction of inaccurate personal data.要求更正不準確的個人資料。 | Update directly in My Portal, or email us於我的入口直接更新,或來信告知 |
| Delete刪除 | Request deletion of your data (subject to the 7-year clinical record retention required by T&CM Act 2016).要求刪除個人資料(須遵守 T&CM 2016 法令所規定之七年臨床紀錄保留期)。 | [email protected] |
| Withdraw Consent撤回同意 | Withdraw marketing or AI-processing consent at any time.隨時可撤回行銷或 AI 處理之同意。 | My Portal → Privacy Settings我的入口 → 私隱設定 |
| Complain投訴 | Lodge a complaint with Malaysia's Personal Data Protection Commissioner.向馬來西亞個人資料保護委員會提交投訴。 | pdp.gov.my |
What we will never do · 我們絕對不會做的事
We will never sell your personal data to advertisers or third parties.
We will never use your health photos for AI training without your explicit, separate consent.
We will never share your medical history with your employer, insurer, or family without your consent.
We will never spam you or share your contact details with marketing companies.
本公司絕不出售個人資料、未經同意不會用於 AI 訓練、不會向僱主/保險公司/家人透露病歷、不發送垃圾訊息。
Found a security issue? · 發現安全問題?
We take security reports seriously. If you believe you have found a vulnerability in HansMed, please contact us immediately at [email protected] with the subject line "Security Report". We will respond within 24 hours and credit you in our security acknowledgements (with your permission).
若您發現任何安全漏洞,請立即發送電郵至 [email protected],主旨註明「Security Report」。我們將於 24 小時內回覆,並在您同意下將您列入安全致謝名單。