Your privacy & personal data

1. Who we are

This privacy notice is issued by FSK Healthcare Group PLT (the "Company", "we", "us", "our"), which operates the physiotherapy centre known as Fisiouzma (Pusat Fisioterapi Uzma).

• Company name: FSK Healthcare Group PLT
• Registration number: 202204001421 (LLP0031699-LGN)
• Centre address: 31N-2, Kelana Mall, Jalan SS 6/12, 47301 Petaling Jaya, Selangor, Malaysia
• Contact: booking@fisiouzma.com · WhatsApp +60 13-929 0708

2. Personal data we collect

To deliver physiotherapy care and operate this website, we may collect the following categories of personal data:

From patients and prospective patients

• Name, age, date of birth, gender, MyKad / passport number (where required for insurance)
• Contact details — phone, WhatsApp number, email address, residential address
• Emergency contact name and phone
• Medical and treatment information — including medical history, current medications, presenting condition, diagnostic imaging, surgeon's notes, treatment plans, session notes and progress, body photographs (with separate consent) for clinical assessment and outcome tracking
• Insurance and medical-card information — provider name, card number, employer (for panel verification)
• Payment information — payment method, transaction records

From website visitors

• Information you submit via WhatsApp click-throughs, contact forms or email enquiries
• Standard server log data — IP address, browser type, pages visited, referring URL, timestamps
• Cookies and analytics data (see Section 7 below)

3. Purposes for which we use your personal data

We use your personal data only for purposes that are lawful, proportionate, and necessary, including:

• Delivering physiotherapy services — clinical assessment, diagnosis, treatment planning, and ongoing care
• Administration — appointment scheduling, billing, payment processing, record-keeping
• Insurance and medical-card verification — communicating with your insurance panel provider
• Communication — sending appointment reminders, follow-up messages, important updates about your care
• Clinical safety and quality — reviewing outcomes, maintaining clinical records as required by professional standards
• Legal and regulatory compliance — including obligations under the PDPA, Malaysian Allied Health Professions Council (MAHPC) requirements, and Inland Revenue Board requirements
• Marketing — only with your explicit consent, and only for our own services (we never share your data with third parties for their marketing)

4. Lawful basis for processing

We process your personal data on one or more of the following lawful bases under the PDPA:

• Your consent — given when you book an appointment, submit a form, or otherwise engage with our services
• Performance of a contract — when you become our patient, we process data necessary to deliver care
• Legal obligation — to comply with healthcare professional standards, tax obligations, and other applicable laws
• Legitimate interests — including the safe operation of our centre, fraud prevention, and clinical record-keeping

5. Who we share your personal data with

We do not sell your personal data. We only share it in the following limited circumstances:

• Your insurance / medical-card provider (e.g. PMCare, HealthConnect, MEDKAD, ASP Medical Group, ANGKASA) — for coverage verification and billing
• Your treating doctor or surgeon — when you ask us to share progress notes, or when continuity of care requires it (with your consent)
• Referral partners — diagnostic imaging providers, specialist centres, or other allied health professionals, where you have consented to a referral
• Payment processors — for processing card, e-wallet, and bank-transfer payments
• Service providers bound by confidentiality — IT, hosting, accounting, and other essential business services
• Regulators or law enforcement — where compelled by law (e.g. court order, MAHPC inquiry, tax audit)

6. International transfers

Your personal data is primarily stored on systems located in Malaysia. Where website hosting or analytics services are provided by international providers (e.g. Google Analytics, Cloudflare), data may be transferred and processed outside Malaysia. Where this happens, we ensure such providers offer appropriate data-protection safeguards.

7. Cookies and website tracking

Our website uses minimal cookies and analytics:

• Essential cookies — required for the site to function (e.g. preserving your language preference)
• Analytics — we may use Google Analytics to understand how visitors use our site, which pages are popular, and how to improve the website. Data is aggregated and anonymised where possible
• WhatsApp click tracking — when you click a WhatsApp link, we record the click anonymously to measure conversion rates

You can disable cookies in your browser settings, though some site features may not work correctly.

8. How long we keep your data

We retain personal data only as long as necessary for the purposes set out above:

• Clinical records — minimum 7 years from the date of last consultation, in line with Malaysian healthcare record-keeping standards (longer for paediatric or specific case types)
• Financial records — minimum 7 years, in line with Inland Revenue Board requirements
• Marketing data — until you withdraw consent
• Website analytics — typically 14 months (Google Analytics default)

After the retention period, data is securely deleted, anonymised, or — for clinical records — archived in line with applicable legal obligations.

9. How we protect your data

We use appropriate technical and organisational measures to protect your personal data, including:

• Secure clinical record-keeping with controlled access
• Strong passwords and two-factor authentication on key systems
• Limiting access to personal data on a need-to-know basis
• Confidentiality obligations on all staff and contractors
• Secure disposal of physical records when no longer required
• HTTPS encryption on this website

10. Your rights under the PDPA

Under the Personal Data Protection Act 2010, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or outdated information
• Withdraw consent — withdraw your consent to specific processing activities (note: this may affect our ability to provide certain services)
• Limit processing — restrict how we use your data in certain circumstances
• Lodge a complaint — contact us first, or escalate to the Personal Data Protection Commissioner Malaysia (www.pdp.gov.my)

To exercise any of these rights, email us at booking@fisiouzma.com or WhatsApp +60 13-929 0708. We will respond within 21 days.

11. Children's data

Where we treat minors (under 18), parental or guardian consent is obtained before personal data is collected, and treatment proceeds only with appropriate adult involvement.

12. Changes to this privacy notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the notice was last revised. Material changes will be communicated to active patients via email or WhatsApp.

13. Contact us

If you have questions about this notice or wish to exercise any of your rights:

• Email: booking@fisiouzma.com
• WhatsApp / Phone: +60 13-929 0708
• Postal: FSK Healthcare Group PLT, 31N-2, Kelana Mall, Jalan SS 6/12, 47301 Petaling Jaya, Selangor