23 Century Regen Specialist Centre Sdn Bhd (hereinafter the “Company”) is committed to protecting the privacy and personal data of our users (“Users”). This Privacy Policy (“Policy”) outlines how we collect, use, disclose, transfer, and protect personal information in compliance with applicable data protection laws, including but not limited to the Malaysian Personal Data Protection Act (PDPA), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act, the Australian Privacy Act, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant laws in jurisdictions where our Users reside.
Definition of Personal Information
“Personal Information” means any information relating to an identified or identifiable living individual. This includes, but is not limited to, names, dates of birth, addresses, telephone numbers, email addresses, identification numbers, location data, online identifiers such as IP addresses or cookie IDs, and factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a person.
Collection of Personal Information
We collect personal information through:
- Information provided directly by Users via our contact form, email, or other means (e.g., name, contact details, inquiries, health condition, treatment preferences)
- Medical records or diagnostic information, collected with explicit prior consent, as part of service provision
- Automatically collected data during Site use, including device details, IP address, browser type, cookie information, access times, and referring URLs
Purposes of Use
We use personal information for purposes including:
- Providing and improving our services (medical consulting, treatment travel support, coordination with medical providers)
- Responding to inquiries and verifying identity
- Arranging travel, accommodation, and local service providers
- Sending service updates, treatment-related news, and marketing communications (where consented)
- Conducting surveys for service improvement
- Complying with legal obligations
- Other purposes directly related to the above
Legal Basis for Processing (GDPR/EU & UK Users)
For Users in the EU/UK, our legal bases for processing include: (a) Consent; (b) Contract performance; (c) Legal obligation; (d) Legitimate interests; and (e) Protection of vital interests.
Restriction on Use Outside the Stated Purpose
We will not use personal information beyond the stated purposes unless required or permitted by applicable law, or with the User’s consent.
Provision to Third Parties
We do not sell personal information for commercial purposes. We may share data with third parties only:
- With User consent
- To comply with applicable law
- To protect life, safety, or property where consent is impracticable
- With government authorities for lawful purposes
- With service providers (e.g., medical institutions, travel agencies) bound by confidentiality and data protection obligations
- In corporate transactions (e.g., mergers, acquisitions)
International Data Transfers
Your personal information may be transferred to, stored, and processed in countries outside your country of residence, including Malaysia. Where such transfers occur, we implement appropriate safeguards (such as Standard Contractual Clauses under the GDPR) to ensure adequate protection.
Cookies and Tracking Technologies
We use cookies and similar technologies to improve site functionality and user experience. Users can manage or disable cookies in browser settings, though some features may be unavailable as a result. We use Google Analytics in accordance with Google’s Privacy Policy. You can opt out of Google Analytics via the Google Analytics Opt-out Add-on.
Data Subject Rights
Subject to applicable law, Users have the right to:
- Access their personal information
- Request correction or deletion
- Request restriction of processing
- Object to processing
- Request data portability
- Withdraw consent at any time without affecting prior lawful processing
- (For CCPA Users) Opt out of the sale or sharing of personal information
Requests may be submitted via our contact form. We will verify identity before processing any request.
Security Measures
We implement appropriate technical and organizational measures to protect personal information, including encryption, access controls, and employee training. Where required by law, we will notify Users and regulators of personal data breaches without undue delay.
Children’s Privacy
We do not knowingly collect personal information from children under the minimum consent age in their jurisdiction (e.g., 13 under CCPA, 16 under GDPR) without parental or guardian consent.
Compliance and Updates
We comply with applicable data protection laws and review this Policy regularly. Updates will be posted on this page with the “Last Updated” date, and significant changes will be communicated where required by law.
Contact
For questions about this Policy or your personal data, please contact us via our contact form.
End