1. Types of Personal Data We Collect

We may collect the following categories of personal data directly or indirectly:

• Identification Information: Full name, IC/passport number, date of birth, gender, nationality, marital status
• Contact Information: Home address, email address, mobile number, telephone number
• Transaction Information: Purchase records, loyalty or membership activities, payment information
• Health-related Information: Prescription details, medication history, consultation information (only with explicit consent)
• Biometric Information: Where required and only with explicit consent
• Children's Information: Personal data of individuals under 18 years old, collected only with verified parental or guardian consent
• App and Device Information: Operating system version, device identifiers, crash logs, screen activity, notification tokens, advertising identifiers, and location data (only if permission is granted)
• Additional Information: Survey responses, customer feedback, inquiries, and communication records

2. Purpose of Data Collection

Your personal data may be collected and processed for the following purposes:

• Identity verification and account registration
• Provision of healthcare, pharmacy, and wellness services
• Prescription fulfillment and medical consultation support
• Customer service and support
• Loyalty programs, rewards, and promotions
• Marketing and promotional communications (subject to opt-in consent)
• Service improvement, analytics, and internal business evaluation
• Legal, regulatory, audit, and compliance requirements
• Billing, payment processing, and financial record management
• Recruitment and employment-related processes (where applicable)

3. Consent and Your Rights

Promedix processes your personal data only with your consent, unless otherwise permitted or required under applicable laws.

You have the right to:

• Request access to your personal data
• Request correction of inaccurate or incomplete personal data
• Request deletion of your personal data (subject to legal or regulatory limitations)
• Request data portability in a structured and machine-readable format
• Withdraw or restrict your consent at any time
• Lodge a complaint with the Personal Data Protection Commissioner (PDPC) if your rights have been violated

Requests regarding personal data can be submitted via email. Processing time and any applicable administrative fees will be communicated prior to completion.

4. Data Security and Retention

We implement appropriate technical and organizational security measures to protect your personal data, including but not limited to:

• Data encryption and secure infrastructure
• Role-based access control
• Regular security audits and compliance reviews
• Tamper-resistant and redundant data storage systems

Personal data will only be retained for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Once the retention period expires, data will be securely deleted or permanently anonymized.

5. Data Breach Notification

In the event of a personal data breach that may pose a significant risk to individuals, Promedix will:

• Notify the Personal Data Protection Commissioner within seventy-two (72) hours
• Inform affected individuals as soon as reasonably possible
• Take immediate remedial and corrective actions

6. Disclosure to Third Parties

Your personal data may be disclosed to the following parties where necessary:

• Government authorities or regulatory bodies as required by law
• Subsidiaries, affiliates, and business partners for operational purposes
• Third-party service providers bound by confidentiality and PDPA compliance obligations
• Marketing partners, delivery partners, and loyalty program partners (with your consent)
• Technology vendors for system hosting, security, and analytics services

7. Cross-Border Data Transfers

In certain circumstances, personal data may be transferred outside Malaysia for data processing, system hosting, or operational purposes. Promedix ensures that such transfers comply with PDPA requirements and that the receiving parties provide adequate data protection safeguards.

8. Cookies and Tracking Technologies

Our website and applications may use cookies and similar tracking technologies to:

• Improve user experience
• Analyze website traffic and user behavior
• Support marketing and promotional campaigns

Users may disable cookies via their browser settings. However, certain features of our services may not function properly if cookies are disabled.

9. Children's Data

Promedix does not knowingly collect personal data from children under the age of 13 through our digital platforms.

If such information is inadvertently collected, parents or guardians may request for the data to be removed.

Offline personal data involving individuals under 18 years old is collected only with verified parental or guardian consent.

10. Contact Information

If you have any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:

Medix Wellness Sdn. Bhd.
(202201033212 / 1478909-D)
No.18, Jalan Balam, Off Jalan Ipoh
51100 Kuala Lumpur, Malaysia

Tel: +603 4043 2699
Fax: +603 4043 2690
Email: medix.wellness@aim-net.com.my

11. Accuracy of Information

You are responsible for ensuring that the personal data you provide to us is accurate, complete, and up to date. Please notify us promptly if there are any changes to your personal information.

12. Policy Updates

Promedix reserves the right to update or modify this Privacy Policy from time to time. Where significant changes are made, we will notify users through appropriate channels.

By continuing to use Promedix services, you acknowledge and agree to the terms outlined in this Privacy Policy.