Privacy and PDPA policy
RAMSAY SIME DARBY HEALTH CARE (“RSDH”) PRIVACY AND PERSONAL DATA PROTECTION POLICY (INDONESIA)
This RSDH Privacy and Personal Data Protection Policy (“Policy”) sets out how RSDH Group in Indonesia which consists of PT Affinity Health Indonesia and its related corporations (“our”, “us” or “we”) processes and protects your personal information that you give us. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Policy.
This Policy is issued to all our immediate and/or prospective clients, employees, goods and/or service providers and serves as our personal data protection notice.
This Policy serves to inform you that your Personal Data (as defined below) is being processed by us or on our behalf. We may process your Personal Data pursuant to this Policy if you have provided your consent or if rely on any other legal bases available under applicable laws.
2. Description of Personal Data
We may process a variety of information and/or data about yourself (“Personal Data”) including but not limited to your name, date of birth, race, religion, gender, company name, Indonesian Identification Card number, nationality, biometrics information, genetics information, e-mail address, address, contact number, credit card details, bank account details, health information, minor’s data, food preference, allergy, photographs, occupation, education, marital status, video recording, CCTV images, medical records, health data and information, confidential personal health data, and all other Personal Data we again process from you on any subsequent occasion.
Your Personal Data is being or is to be collected and further processed for:
- performing pre-contractual activities and our contractual obligations with you and ensuring the performance by you of your pre-contractual and contractual obligations to us;
- ensuring that you continue to receive medical treatment;
- contacting you in case of any change of appointment dates;
- managing medical records and medical reports;
- facilitating payment process relating to the patients;
- reporting Personal Data to the relevant regulatory bodies and/or third parties under applicable laws, including laws in the healthcare industry and relating to personal data protection;
- sharing Personal Data with the group holding company and related companies (within and/or outside Indonesia jurisdiction in accordance with applicable laws);
- conducting research, analysis and improvement;
- marketing and advertisement purposes and surveys;
- facilitating overseas patient’s personal requirements (for example, visa applications);
- administering and responding to request, queries, complaints and legal issues;
- facilitating human resource management activities relating to employees;
- submission, registration of relevant forms, licences to regulatory authorities and/or third parties under laws applicable to healthcare industry;
- education and training (with anonymized data where possible);
- assessing your credit worthiness and processing any payments relevant to you;
- insurance purposes, third party administration and any other relevant third parties;
- purposes of enforcing our contractual rights, legal rights and / or obtaining professional or legal advice;
- internal records management;
- conducting internal activities such as evaluating the effectiveness of marketing, market surveys/research, trend analysis, statistic compilation, reporting, audit, compliance, risk management, and data analytics to improve our services;
- complying with any legal or regulatory requirements, such as, audit and/or requests from regulatory bodies;
- instituting debt recovery proceedings against defaulters;
- providing and improving our products and/or services to you and advertising and providing you with information (such as events, offers or promotions) relating to our and our related corporations’ and business partners’ products and/or services, including without limitation sending you e-newsletters, promotional marketing materials, seasonal/birthday greetings and messages, gifts and/or vouchers;
- managing and giving effect to your commercial transaction with us;
- granting you access to, and monitoring your use of, any online platforms, mobile applications or sites owned, operated or managed by us or on our behalf (“Platform”) and administering and managing the Platform; and/or
- such other purposes authorised by you or directly related or ancillary to the foregoing.
(collectively, the “Purposes”).
4. Source of Personal Data
Your Personal Data is being or is to be collected:
- directly from you or your representative when you or your representative fill in form to register to use our products and/or services including any online forms and registration forms at our facilities, or contact us via emails, letters or telephone calls, or when taking part in customer surveys and promotions and during marketing activities;
- when you inquire or use our products/services or events, including without limitation when you use our Platform (via the Platform and/or cookies);
- from any information or document submitted or provided by you to us for any of the Purposes (such as your identity card, passport, salary slip and/or bank statement), including without limitation questionnaires or survey forms;
- from any third parties connected with you such as your employer/potential employer, agents, insurance companies, and other healthcare facilities/providers;
- from such other sources to whom you have given your consent to disclose information relating to you;
- from events;
- from CCTV recordings;
- from audio/video recordings;
- from doctors’ letters;
- from medical reports/records;
- from all other Personal Data we again collect from you on any subsequent occasion; and
- from all other information that you may provide us from time to time.
5. Access to, correction of and limiting the processing of Personal Data
Under applicable laws, you have the right to (among others) have information on identity, legal basis, purpose and utilisation of Personal Data, accountability of RSDH, request access to, obtain copies, and to request completion, correction and/or update of your Personal Data and to contact us with any inquiries or complaints in respect of your Personal Data (including the possible choices and means for limiting the processing of your Personal Data, termination and/or postpone the processing of your Personal Data or, erase and/or destroy Personal Data) by contacting the following contact and submit the request in writing:
For RS Premier Bintaro
Designation: Hospital Chief Executive Officer
Address: c/o RS Premier Bintaro Hospital, Jl. Moh. Husni Thamrin No.1, Pd. Jaya, Kec. Pd. Aren, Kota Tangerang Selatan, Banten 15224, Indonesia.
Telephone: +62 21 27625500
a. Subject to applicable legal restrictions, contractual conditions and reasonable time period given to us, you have the right to withdraw or amend, in full or in part, your consent given previously for use of your Personal Data.
b. Depending on your request, there may be circumstances where we refuse to comply with a data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.
c. We may also require the requestor of Personal Data (where the requestor is not the Personal Data subject) to provide consent form of the Personal Data subject authorising and indemnifying us to release or correct the Personal Data.
6. Compulsory Personal Data
It is obligatory that you supply us the details marked with asterisk (*) or specified as compulsory in our forms (collectively, “Compulsory Personal Data”).
7. Consequences of Refusal / Failure to Provide Personal Data
If you refuse or fail to provide any Compulsory Personal Data or limit the processing of your Personal Data by us, it may result in the following for which we shall not be held liable for any of the consequences arising from:
- the inability of parties to formalize any contract and/or agreement, to facilitate provision of our services or to hire human resources;
- the inability for us to continue to administer any relationship in place between you and us, provide you with services and/or products requested or continue to perform any contractual obligations owed to you (if any);
- the inability for us to update you on our latest services and/or products and/or appointment dates;
- the inability to complete transactions in relation to our products and/or services;
- the inability to comply with any applicable law, regulation, direction, court order, guidelines and/or codes applicable to us; and/or
- the termination of any arrangements/agreements/contracts between you and us.
8. Disclosure of Personal Data
To the extent where this is permitted under applicable laws, we may disclose your Personal Data to the following:
- other entities within the RSDH Group and our related corporations (within and/or outside Indonesia jurisdiction in accordance with applicable laws);
- our medical specialists/consultants who treat patients in our hospitals;
- insurance companies;
- banks, financial institutions, credit card or debit card issuers for processing of payment;
- credit check companies;
- debt collection agencies to recover outstanding debt owing to us;
- your employer;
- your next of kin or your emergency contact person as may be notified to us from time to time;
- research organizations;
- social welfare organizations;
- medical and healthcare professionals;
- external counterparts for situations where a patient is transferred to another government or private hospital;
- parents or guardians of minors;
- service providers, suppliers, agents, contractors and vendors who process data for us;
- laboratories and diagnostic service providers who may be outside the control of the private hospital environment;
- data centers which host data for the hospitals;
- external lawyers;
- external auditors and accountants;
- governmental bodies, their agencies and other related organisations
- regulatory and/or statutory bodies, including SATU SEHAT (One Health) platform;
- accreditation bodies; and
- any such third party requested or authorised by you for any of the Purposes.
Our third-party data processors are required to process your Personal Data in line with principles specified by us and/or applicable laws. They are also held responsible for securing your Personal Data at an appropriate level of security in relation to applicable data protection laws and accepted industry standards.
9. Protection of Personal Data
Your Personal Data will be kept and processed in a secured manner by us. We are committed to take appropriate administrative and security safeguards and procedures to prevent unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. Access to your Personal Data is limited to and provided only to relevant users for the purpose of performing their duties or otherwise in line with this Policy.
10. Third party personal data
We may require your assistance if the Personal Data relating to other persons (for example, your next of kin) is required to process your Personal Data for the Purposes and you hereby agree to use your best endeavors to assist us when required. In the event that personal data of any third party is supplied by you to us, you shall ensure that such third party has read this Policy and consented to us processing his/her personal data for any of the Purposes prior to the supply of his/her personal data to us.
11. Transfer of Personal Data to places outside Indonesia
To the extent where this is permitted under applicable laws, we may transfer your Personal Data to a place outside Indonesia in accordance with this Policy .
12. Accuracy of your Personal Data
We will verify your Personal Data directly to you to ensure the accuracy, completeness, and consistency of your Personal Data. You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and kept up to date.
13. Processing and Retention Period
We will process and retain your Personal Data for as long as is necessary for the processing of Personal Data to fulfil our purposes in Article 3 above, in accordance with our obligations under applicable laws and regulations.
After the retention period, your Personal Data will either be deleted or anonymised so that it can be used for analytical purposes.
14. Personal Data of minors and others
In respect of: Personal Data relating to (i) a person under 21 years old or not married (“Minor”), please note that consent is required from the Minor’s parent and/or guardian; and (ii) a person with disabilities (“Disabled Person”), please note that we require consent from the relevant Disabled Person themselves and/or their guardian. Where applicable, you hereby confirm that you are authorised to act on the Minor’s or the Disabled Person’s behalf as described above and that you consent, on the Minor’s or the Disabled Person’s behalf, to the processing (including disclosure and transfer) of the Minor’s or the Disabled Person’s Personal Data in accordance with this Policy. We may process your Personal Data (in addition to the Minor’s Personal Data or the Special Person’s Personal Data) pursuant to this Policy if you have provided your consent or if we rely on any other legal bases available under any applicable laws
15. Changes to this Policy
We may change this Policy from time to time as needed for example, to comply with the changes in business operations or laws or regulations and to provide you with our products and/or services.
We will notify you of any changes to this Policy, via notices on our Platform or other appropriate means (e.g. by updating this page). You should check this page from time to time to ensure that you are updated on any changes. By continuing to use our products/services, communicate with us, access or use any of our Platform, and/or agreeing by ticking the box we provide specifically for any changes of the processing of Personal Data, after being notified of any changes to this Policy, you will be considered as having agreed to such changes.
VERSION DATED 12 MAY 2023