Privacy Policy
Mawarni Dental Clinic Privacy Policy
Last updated: June 2025
At Mawarni Dental Clinic, we respect your privacy and are committed to protecting your personal data in accordance with Malaysia’s Personal Data Protection Act 2010 (PDPA) and other applicable laws. This Privacy Policy explains how we collect, use, store, share, and protect your personal data, whether you interact with us in person or via our website.
1. Who We Are
Mawarni Dental Clinic (“we,” “us,” or “Clinic”) is located in Taman Tun Dr. Ismail (TTDI), Kuala Lumpur. We offer general and specialized dental services—including check-ups, cleanings, crowns, implants, orthodontics, and more—to individuals and families in Klang Valley area.
If you have questions or concerns about your personal data, you may contact us at:
Email: kpmawarni@gmail.com
Phone: +60192909419 / +60176600160
Mailing Address: Klinik Pergigian Mawarni TTDI, No. 14 (Ground Floor) Jalan Datuk Sulaiman, Taman Tun Dr Ismail, 60000 Kuala Lumpur, Malaysia.
2. Personal Data We Collect
We only collect personal data that is necessary for providing you with dental services and communicating with you. Below is the data we may collect:
a. Patient Registration & Care
Identity & Contact: Name, NRIC/Passport number, date of birth, gender, address, email, phone number, emergency contact.
Health & Medical: Medical and dental history, current medications, allergies, X-rays, intra-oral scans, treatment plans, and records of procedures.
Financial & Billing: Payment information (bank transfer details, credit/debit card number, insurance or panel provider details), billing address, claims documentation.
b. Website & Online Interaction
Technical & Usage: IP address, device type, browser type, pages visited, time on site, and cookies (see Section 7).
Communication: Information you provide when you fill out our “Book Appointment” form, newsletter sign-up, or contact us via WhatsApp, email, or live chat.
3. How We Use Your Personal Data
We use your personal data for the following legitimate purposes only:
Dental Treatment & Care
Scheduling and managing appointments.
Conducting clinical examinations, X-rays, and treatments.
Preparing and updating treatment plans, progress notes, and prescriptions.
Handling emergencies and referrals.
Billing & Insurance Claims
Processing payments and issuing receipts.
Submitting and managing claims with insurance providers and Panel companies.
Verifying coverage and billing details.
Patient Communication
Sending appointment reminders via SMS, WhatsApp, or email.
Providing post-treatment instructions, lab results, or follow-up care.
Responding to inquiries, feedback, or complaints.
Clinic Operations & Improvement
Maintaining patient records as required by Malaysian law.
Conducting audits, quality control, and staff training.
Sending occasional newsletters or promotional offers (only if you opt in).
Website Functionality & Analytics
Understanding website usage to improve our online experience.
Supporting our booking system, chat widgets, and contact forms.
4. Legal Basis & Consent
Under PDPA, we rely on one or more of the following bases when processing your data:
Consent: You explicitly agree to us collecting and using your personal data for the purposes listed above (for example, when you sign a patient consent form or tick “I agree” on our website’s booking form). You have the right to withdraw consent at any time (see Section 9).
Contractual Necessity: Processing is necessary to fulfill our agreement with you—namely, to provide dental care and related services.
Legitimate Interest: We may process certain information (such as website analytics or appointment reminders) for the clinic’s legitimate operational needs, so long as it does not override your rights.
Legal Obligation: We may need to keep patient records for the minimum duration required by the Malaysian Dental Council and the Ministry of Health (e.g., medical records retention).
5. How We Store & Protect Your Data
Your privacy is important to us. We take reasonable technical and organizational measures to keep your personal data secure and confidential:
Physical Security:
Patient hard-copy records (consent forms, X-ray films) are kept in locked filing cabinets in a secured room accessible only to authorized staff.
The clinic premises are under 24/7 CCTV surveillance.
Electronic Security:
Electronic patient records (digital X-rays, treatment notes) are stored on encrypted servers with daily backups.
Access to electronic records is role-based. Only authorized clinicians and staff with unique logins may view or update your files.
We use SSL encryption (HTTPS) on our website to protect data in transit.
Firewalls, antivirus software, and regular security audits help safeguard our network.
Retention Period:
Malaysian regulations require us to keep adult dental records for at least seven (7) years after the last visit, and pediatric records until the patient turns 18 plus six (6) years.
After the retention period, we will securely destroy or anonymize your data unless we have a legal reason to keep it longer.
6. When & Why We Share Your Data
We will not sell or rent your personal data to third parties. We only share your data in the following scenarios:
Within the Clinic Team
Our dentists, hygienists and front-desk staff may access your records to provide seamless care.
All staff members sign confidentiality agreements and undergo regular PDPA training.
Service Providers & Business Partners
Insurance Companies/Panel Providers: For claim submission and verification.
Labs & Specialists: When you require lab tests, prosthetics (crowns, bridges), or specialist referrals (oral surgery, orthodontics). We share only the minimum information needed to carry out your care.
Payment Gateways & Banks: To process credit/debit card or online transfers. We do not store your full card details—instead, we rely on secure third-party payment processors.
Law Enforcement & Regulatory Bodies
If required or permitted by law (e.g., court orders, Ministry of Health audits), we may disclose your data to satisfy legal or regulatory obligations.
We will not release your data for unrelated marketing or external research without your explicit consent.
7. Cookies & Website Tracking
Our website (https://mawarnidc.com/) uses small data files called cookies to enhance your browsing experience. Cookies help us:
Remember your preferences (e.g., language settings).
Analyze which pages you visit most often (via Google Analytics).
Provide anonymous, aggregate usage statistics to improve site layout and content.
Types of Cookies:
Essential Cookies: Required for the website to function (e.g., form submission, login sessions).
Performance Cookies: Collect anonymous data about site usage.
Functional Cookies: Remember choices you make (e.g., font size, location).
You can choose to disable cookies in your browser settings; however, this may affect certain features on our website.
8. Third-Party Links & Social Media
Our website may contain links to third-party sites (e.g. dental associations, or our social media pages). Once you click on those links and leave our site, you should read the privacy policy of each external site. We are not responsible for external sites’ privacy practices.
9. Your Rights & Choices
Under PDPA, you have the following rights regarding your personal data:
Right to Access & Request a Copy
You may request access to the personal data we hold about you (e.g., treatment records, billing information).
We will respond to your access request within thirty (30) days. A nominal administrative fee may apply.
Right to Rectify & Update
If you believe any information we hold is inaccurate, incomplete, or outdated, please contact us to correct it.
We will take reasonable steps to update or correct your data within thirty (30) days.
Right to Withdraw Consent
You may withdraw consent for certain processing activities at any time (for marketing communications or data collected via website forms).
Withdrawal of consent will not affect any processing already completed based on your earlier consent or any processing necessary to fulfill our contractual obligations (e.g., providing dental treatment).
Right to Object & Erasure (Under Certain Circumstances)
You may object to processing if you feel it infringes on your rights. If we have no overriding legitimate reason to continue processing, we will comply.
If you ask us to erase your personal data and there is no legal obligation to retain it, we will purge it from our records. Note: Full erasure may not be possible if Malaysian law requires us to keep certain records (e.g., medical history for seven years).
Right to Restrict Processing & Data Portability
In some cases, you may ask us to stop processing your data (e.g., when you contest its accuracy) while we verify or correct it.
You can request an electronic copy of your data in a common, machine-readable format (e.g., PDF, CSV).
Right to Lodge a Complaint
If you believe we have mishandled your personal data, please contact our PDPO first.
If you remain unsatisfied, you may lodge a complaint with the Personal Data Protection Commissioner (PDPC), Malaysia:
Website: https://www.pdp.gov.my
Phone: +60 3 8000 8000
Email: enquiry@pdp.gov.my
10. Security Measures
We implement industry-standard safeguards to protect your personal data, including:
Encryption: All online forms and patient portals use SSL encryption (HTTPS) to secure data in transit.
Access Controls: Role-based access restricts patient data to authorized staff only. Unique user IDs and strong passwords are required.
Regular Audits & Training: Our team undergoes PDPA and cybersecurity training every six months. We conduct security audits and vulnerability assessments to identify and address risks.
Physical Protection: Clinic premises are monitored by CCTV, and physical records are stored under lock-and-key.
Despite our best efforts, no system is 100 % foolproof. If we discover a data breach involving your personal data, we will notify you and the PDPC within seventy-two (72) hours, as required by law.
11. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined above and to comply with legal or regulatory requirements:
Adult Patient Records: Minimum seven (7) years after last visit.
Pediatric Records: Until the patient turns 18 plus six (6) years (total of 24 years).
Financial & Billing Records: Minimum seven (7) years from date of final payment, per Malaysian tax regulations.
Marketing Data (e.g., newsletters): Until you withdraw consent or unsubscribe.
Website Logs & Cookies: Generally up to two (2) years, depending on cookie type.
After the retention period ends, we will securely delete, destroy, or anonymize your data so it can no longer be linked to you.
12. Children’s Personal Data
If you are a parent or guardian providing personal data for a minor (under 18 years old), you represent that you have the legal right to consent on their behalf. Mawarni Dental Clinic does not knowingly collect personal data from children without parental consent. If you believe we have inadvertently collected a minor’s data, please contact us so we can promptly delete it.
13. Updates to This Privacy Policy
We may update this Privacy Policy from time to time (for example, when we introduce new services or in response to changes in the law). Any material changes will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically.
14. Contact & PDPA Officer
If you have any questions, requests, or complaints about our Privacy Policy or the way we handle your personal data, please reach out to:
Klinik Pergigian Mawarni TTDI
No. 14 (Ground Floor), Jalan Datuk Sulaiman, Taman Tun Dr Ismail, 60000 Kuala Lumpur, MalaysiaEmail: kpmawarni@gmail.com
Phone: +60192909419 / +60176600160
We will respond to your inquiries or requests within thirty (30) days, unless a law requires us to respond sooner.
Thank you for entrusting Klinik Pergigian Mawarni TTDI with your dental care. We value your trust and are committed to safeguarding your personal data as we work to keep your smile bright and healthy.