📧 bustarihealthcare@gmail.com 🌐 www.klinikbustari.com
💬 016-4534234

Privacy Policy & Personal Data Protection Statement

Klinik Bustari (Bustari Healthcare Sdn Bhd) · Last updated: 16 May 2026

Klinik Bustari ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store and protect your personal data in compliance with the Malaysian Personal Data Protection Act 2010 (PDPA) and applicable healthcare confidentiality standards.

1. Who We Are

This Policy is issued by:

  • Bustari Healthcare Sdn Bhd (trading as Klinik Bustari)
  • GF, Lot 4081, Sukma Commercial Centre, Jalan Sultan Tengah, 93050 Kuching, Sarawak, Malaysia
  • Telephone: 082-444234  |  WhatsApp: 016-4534234
  • Email: bustarihealthcare@gmail.com

2. Personal Data We Collect

When you book an appointment, walk in, or otherwise engage with our services, we may collect:

  • Identification data: full name, MyKad/passport number, date of birth, gender
  • Contact data: phone/WhatsApp number, email address, residential address
  • Health & medical data: presenting complaint, medical history, allergies, medications, diagnostic results, treatment notes, panel/insurance information
  • Guardian/next-of-kin data: for minor or dependent patients (name, contact, relationship)
  • Payment data: deposit transaction reference (we do not store card or bank account numbers — these are handled by our payment processor, ToyyibPay)
  • Technical data: IP address, browser type and basic usage analytics, if you use our website

3. How We Use Your Data

We process your personal data for the following purposes:

  1. To schedule, confirm, reschedule or cancel your medical appointment
  2. To deliver medical care, diagnosis, treatment and follow-up
  3. To maintain medical records as required under Malaysian healthcare regulations
  4. To process panel/insurance claims (where applicable)
  5. To send you appointment confirmations and clinical communications via WhatsApp, SMS, or email
  6. To process deposits and payments through our authorised payment gateway
  7. To comply with legal, regulatory and Ministry of Health (MOH) reporting obligations
  8. To improve our services and ensure quality of care

4. Lawful Basis for Processing

We rely on the following lawful bases under the PDPA:

  • Your consent — provided when you submit our appointment form or attend our clinic
  • Performance of a contract — to provide the medical services you have requested
  • Legal obligation — compliance with healthcare and tax laws
  • Vital interests — to protect your life or health in an emergency

5. Disclosure of Your Data

We treat your medical information as strictly confidential. We may share your data only with:

  • Licensed medical professionals within Klinik Bustari directly involved in your care
  • Referral specialists, hospitals or laboratories — only with your knowledge and consent
  • Your appointed panel/insurance provider — for claims you have authorised
  • ToyyibPay (Bumiwangsa Maju Sdn Bhd) — for deposit processing, governed by their own privacy policy
  • Government authorities — only when legally required (e.g. MOH disease reporting, court order)

We do not sell, rent, or trade your personal data to third parties for marketing.

6. Data Storage & Security

Your data is stored on secure servers, with the following safeguards:

  • Encrypted database access (Firebase Authentication + HTTPS)
  • Role-based access — only authorised clinic staff can view patient records
  • Regular backups and access logging
  • Physical paper records, where used, are stored in locked premises

7. Data Retention

Medical records are retained for a minimum of seven (7) years from the date of last consultation, in line with Malaysian Medical Council guidelines. Appointment booking data is retained for as long as needed for clinical continuity, then archived or deleted.

8. Your Rights

Under the PDPA, you have the right to:

  • Access your personal data we hold
  • Correct any inaccurate or incomplete data
  • Withdraw consent for non-essential processing (e.g. promotional messages)
  • Limit processing for direct marketing purposes
  • Make a complaint to the Personal Data Protection Commissioner of Malaysia

To exercise any of these rights, please contact us using the details in Section 1.

9. Cookies & Website Analytics

Our website may use minimal cookies for session management and anonymous analytics. We do not use third-party advertising trackers. You can disable cookies in your browser settings without affecting our core booking service.

10. Children's Privacy

For patients under 18 years, personal data is collected only with the consent of a parent or legal guardian. The guardian's contact details are required for all paediatric and circumcision bookings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at www.klinikbustari.com/privacy-policy.html. Material changes will be communicated via our website or directly to registered patients.

12. Contact & Complaints

Data Protection Enquiries

Bustari Healthcare Sdn Bhd
GF, Lot 4081, Sukma Commercial Centre, Jalan Sultan Tengah, 93050 Kuching, Sarawak
📞 082-444234  |  💬 016-4534234
✉️ bustarihealthcare@gmail.com

By submitting our appointment form or attending our clinic, you acknowledge that you have read and agree to this Privacy Policy.