Privacy policy

Your privacy is clinical practice, not small print.

This notice explains how MindBridge Medical Ltd collects, uses, protects, and discloses your personal data when you use our telepsychiatry services in Malaysia.

Personal Data Protection Notice under the Personal Data Protection Act 2010 · Effective: August 2026 · Last reviewed: July 2026

01 · Who we are

MindBridge Medical Ltd [SSM No.] provides consultant-supervised telepsychiatry services to adults in Malaysia. For the purposes of the Personal Data Protection Act 2010 ("PDPA"), MindBridge Medical Ltd is the data user responsible for your personal data.

Questions about this notice or your data: admin@mindbridgemedical.com

02 · What we collect

Personal data

  • Identity and contact details — name, IC/passport number, date of birth, address, phone number, email.
  • Payment information — billing details and transaction records (card numbers are processed by our payment providers and are not stored by us).
  • Technical data — device and connection information generated when you use our website or video platform.

Sensitive personal data

  • Health information — screening questionnaire responses, assessment findings, diagnoses, treatment plans, prescriptions, clinical notes, and correspondence about your care.

Under section 40 of the PDPA, health information is sensitive personal data and is processed only with your explicit consent, or where otherwise permitted by law (for example, for medical purposes undertaken by a healthcare professional owing a duty of confidentiality).

03 · Why we use it
  • To assess, diagnose, and treat you — the core clinical purpose.
  • To schedule appointments, send secure video links and questionnaires, and manage your patient record.
  • To process payments and issue itemised receipts.
  • To communicate with you about your care.
  • To meet our legal, regulatory, and professional obligations — including record-keeping requirements under Malaysian healthcare law and Malaysian Medical Council guidelines.

We do not use your data for marketing without your separate, explicit consent, and we never sell personal data.

04 · Telemedicine

Our services are delivered in line with Malaysia's telemedicine framework, including the Telemedicine Act 1997, and applicable Ministry of Health (KKM) guidance on virtual consultations. Consultations take place on secure, end-to-end encrypted video platforms. Consultations are not recorded unless you are told beforehand and give explicit consent.

Where care is supervised by our consultant psychiatrist, relevant clinical information may be reviewed by the supervising consultant as part of your treatment. Everyone involved in your care is bound by professional duties of medical confidentiality.

05 · Disclosure

We disclose your personal data only:

  • With your explicit consent — for example, sharing your diagnostic report with your GP or another treating doctor.
  • To service providers who process data on our behalf (secure video, scheduling, payment processing), under contractual confidentiality and security obligations.
  • Where required or permitted by law — for example, a court order, or where disclosure is necessary to prevent serious harm to you or others, consistent with medical ethics.

Transfers outside Malaysia

Because our clinical governance includes consultant oversight based in Ireland, limited clinical data may be accessed from outside Malaysia. Any such transfer is made under section 129 of the PDPA — with your consent, for the performance of your care, and with safeguards equivalent to those described in this notice.

06 · Security & retention

We protect your data with encryption in transit and at rest, access controls limited to those involved in your care, password-protected clinical documents, and staff confidentiality obligations.

Medical records are retained in line with Malaysian healthcare record-keeping standards and Malaysian Medical Council guidance — as a general rule, for a minimum of seven years from your last contact with the service, or longer where the law requires. When data is no longer required, it is securely destroyed in accordance with the PDPA's retention standard.

07 · Your rights

Under the PDPA you have the right to:

  • Access your personal data (section 30);
  • Correct inaccurate or incomplete data (section 34);
  • Withdraw consent to processing, by written notice (section 38) — noting that withdrawing consent for clinical data may limit our ability to continue treating you safely;
  • Limit processing likely to cause distress (section 42), and opt out of any direct marketing (section 43).

To exercise any of these rights, email admin@mindbridgemedical.com. We respond within 21 days as the PDPA requires. A modest fee may apply to data access requests, as permitted by the Act. If you're unhappy with our response, you may complain to the Department of Personal Data Protection (JPDP), Malaysia.

08 · This notice

We may update this notice as our services or the law change; the latest version is always on this page with its effective date. Significant changes will be communicated to active patients directly.

This notice is issued in English and Bahasa Malaysia as required by section 7(3) of the PDPA. Baca notis ini dalam Bahasa Malaysia →