Privacy Notice

Last Updated: 8 January 2026

1. Introduction

This Privacy Notice outlines how Public Medicare Group Sdn. Bhd. and its subsidiaries (“PMG Group”, “we”, “our”, “us”) process your personal data in compliance with the Personal Data Protection Act 2010 and the PDPA Amendment Act 2024 (“PDPA”). This notice also includes specific practices for users of the PMG super app. This notice explains your rights with respect to your personal data that has been and will be processed by PMG Group. You may choose not to provide certain personal data, however in doing so may affect PMG Group’s ability to provide healthcare or related services stated in this notice.

2. Collection of Personal Data

We have and will collect your personal data to be processed on your behalf during your present or future dealings with PMG Group. Your personal data enables us to achieve the “Purpose” herein that is in connection with our business in providing the best possible healthcare, dental, medical, pharmaceutical, and related services.

3. Description of Personal Data

The personal data collected may include, but is not limited to:

  • Personal Identification Data: Name, identification number or passport number, gender, nationality, date of birth, demographic information, and race.
  • Contact Information: Address, telephone number, email address, and emergency contact details.
  • Health and Medical Data (Sensitive Personal Data): Medical and dental history records, current medication prescriptions, diagnoses, laboratory test results, allergies, vaccination records, treatment notes, and other information necessary for the vital interest of patient’s care. (collected only with explicit consent)
  • Biometric Data: Fingerprints, facial recognition, retinal data as defined as sensitive personal data under PDPA Amendment 2024. (collected only with explicit consent)
  • Financial and Administrative Data: Payment details, billing information, insurance and third-party administrator (TPA) data, as well as information required for claims or statutory reporting.
  • Transactional and Loyalty Data: Purchase history, redemptions, membership activity.

4. Purpose of Collection of Personal Data

By providing any of your personal data to PMG Group via the internet or otherwise, you hereby agree that PMG Group shall process personal data for the following lawful purposes, including but not limited to:

  • Identity verification and account registrations.
  • Fulfillment of healthcare, dental, prescriptions, and pharmaceutical services.
  • Marketing and promotional communications, subject to explicit consent.
  • Legal, billing, auditing, tax, and regulatory compliances.
  • Loyalty program participation, rewards, and redemptions.
  • Customer support and quality service enhancements.
  • Recruitment and employment-related processes, where applicable.
  • Internal analysis and business performance improvement.

5. Source of Personal Data

PMG Group collects personal data from the following sources:

  • Patient or customer, parent or guardian: PMG Group collects your personal data directly from you or indirectly through your authorized/legal representatives (such as family members, next of kin, parent/guardian), insurers or third-party administrators), and/or your employer or corporate panel when you or they submit enquiries, applications and/or registration forms to us through various channels, including online platforms and physical hardcopies at our premises or outreach locations. We may also collect certain data via cookies when you use our website or app.
  • Independent consultants or potential independent consultants: PMG Group collects your personal data directly from you or through recruitment firms/headhunters engaged by us when you or they provide your enquiry and/or application forms or curriculum vitae via online means or physical hardcopies. Limited technical data may also be collected through cookies on our website.
  • Vendor, supplier or service provider: PMG Group collects your personal data directly from you or indirectly from your employer and/or relevant third parties (including credit reference or verification agencies where applicable) when tendering for projects or when you submit enquiries and/or credit-related forms via online channels or physical hardcopies. We may also collect limited data through cookies when you access our website.

6. Lawful basis for Processing Personal Data

We process your personal data based on one or more of the following lawful grounds:

  • Consent: Freely given and explicit consent, including for marketing purposes.
  • Contractual Necessity: To provide healthcare, pharmaceutical, dental, and healthcare related services.
  • Legal Obligations: Compliance with MOH requirements, clinical governance, statutory reporting, and audit requirements.
  • Vital Interest: For emergency treatment or to protect life and health.
  • Legitimate Interests: To improve service quality, maintain system security, prevent fraud, manage operations, financial transactions, and enhance patient experience.

7. Disclosure of Personal Data

With your consent, PMG Group may routinely disclose your personal data to:

  • Regulatory and Government Authorities: As required by law or regulation.
  • Subsidiaries, Affiliates, and Business Partners: For integrated healthcare, pharmacy, clinics, and management purposes.
  • Third-Party Service Providers: Under confidentiality agreements and PDPA 2024 compliance.
  • Marketing, Delivery, and Loyalty Partners: With your consent, for marketing, delivery, or rewards programs.
  • App and System Vendors: For data hosting, analytics, and security support.

8. Rights of Data Subject

We process your sensitive personal data only with your explicit consent, except where processing is otherwise permitted or required by law.

You have the right to:

  • Request access to your personal data.
  • Request correction of any inaccurate or incomplete information.
  • Request deletion of your data, subject to legal or regulatory requirements.
  • Request data portability in a structured, commonly used, and machine-readable format.
  • Withdraw or modify your consent preferences at any time.
  • Lodge a complaint with the Personal Data Protection Commissioner (PDPC) if you believe your data protection rights have been violated.

PMG Group may request reasonable proof of identity before processing your request. PMG Group may also refuse manifestly unfounded, excessive, or unlawful requests. If you withdraw your consent, we will stop processing your personal data for the purposes you withdrew from. Withdrawal does not affect processing already carried out lawfully before the withdrawal. Please note that some services may be limited or unavailable if we no longer have the necessary personal data.

9. Security of Personal Data

PMG Group implements strict procedures and security features to prevent any unauthorized access and to safeguard personal data, including but not limited to:

  • Data encryption and secure system infrastructure
  • Role-based access control management across platforms
  • Periodic security audits and compliance assessments
  • Tamper-resistant and redundancy-enabled data storage systems

10. Data Breach Notification

In the event of a personal data breach which may incur significant harm, PMG Group will:

  • Notify the Personal Data Protection Commissioner within seventy-two (72) hours of becoming aware of the incident
  • Promptly inform the affected individual
  • Launch a full-scale investigation and apply appropriate remedial action and corrective measures without delay

11. Retention of Personal Data

PMG Group retains personal data only for as long as necessary to fulfil the purposes stated in this Notice and to comply with applicable legal, regulatory, and professional obligations. Where data is no longer required, it will be securely destroyed, permanently deleted, or anonymized in accordance with PDPA and our internal retention schedule. PMG Group implements robust, secure, encrypted, and tamper-proof data storage methods to protect data subject’s information from unauthorized access or disclosure.

12. Personal Data of Minors

Personal data relating to individuals under the age of 18 is processed only with the explicit and verified consent from a parent or legal guardian.

13. Cross-Border Data Transfers

When personal data is transferred outside Malaysia for processing or hosting, PMG Group ensures that the receiving party complies with data protection standards that are equivalent to, or more stringent than, those required under the PDPA and its amendments. PMG Group uses contractual safeguards, encryption in-transit and transfers only to jurisdictions with PDPA-equivalent protection.

14. Cookies Usage and Tracking Technologies

PMG Group use cookies and similar technologies to enhance user experience on our website and mobile app. Cookies will be used to track analytics and user interactions, to deliver targeted promotional contents. Users may choose to disable cookies through their browser’s settings. However, doing so may limit or impair certain functionalities of the PMG website/ mobile application.

15. Data Controller and DPO Contact

Public Medicare Group Sdn. Bhd. is the data controller for your personal data.

For further inquiries relating to personal data protection, you may reach out to our Data Protection Officer at dpo@pmg2u.com or +6016-7140485.

To opt out of communications or data usage for marketing purposes, please email to cs@pmg2u.com

16. Notice Updates

PMG Group reserves the right to amend this Privacy Notice from time to time without prior notice. Please refer to our website at pmg2u.com for the latest version of this Privacy Notice.

By continuing to use PMG services or platforms, you acknowledge and accept the terms set out in this Privacy Notice.