-
1. Introduction
• Pathlab Health Management Sdn. Bhd. (hereinafter referred to as “PHM,” “we,” “us,” or “our”), in its capacity as a corporate agency engaged in the facilitation of insurance products and related services—directly and through the digital distribution platform operated by MetaFin Sdn. Bhd. (the “Platform” respectively “Apps” and “Websites”)—is committed to upholding the highest standards in the protection of personal data. • This Privacy Policy (“Policy”) sets forth the manner in which PHM collects, processes, stores, and otherwise manages the personal data of individuals (“you” or “your”). By availing yourself of our services or otherwise interacting with us, you consent to the terms herein. -
2. Governing Law and Compliance
2.1. This Policy shall be governed by, and construed in accordance with, the laws of Malaysia, including the Personal Data Protection Act 2010 (PDPA) and all other applicable data protection regulations. 2.2. It is expressly recognised that PHM shall undertake all reasonable measures to ensure that its handling of personal data is compliant with the relevant statutes and regulatory requirements. -
3. Scope of This Policy
3.1. This Policy is applicable to personal data collected through various channels, including but not limited to: • Direct engagement with PHM (e.g., telephone, e-mail, face-to-face interactions); • Filling up a user profile or registration forms; • Online interactions via the Platform provided by MetaFin Sdn. Bhd. or webpages, or social media pages; • Advertisements displayed on or through the Platform, including those served by MetaFin and third-party advertisers; • Participation in contests or events organised by us; • Earning incentives and cashbacks; • Filling up of demographic information in surveys; and • Third-party sources, such as insurers, reinsurers, healthcare providers, and governmental bodies. 3.2. The provisions herein govern any subsequent use or disclosure of such personal data, save where a more specific agreement or legal instrument may supersede. -
4. Categories of Personal Data Collected
4.1. This may comprise your personal data you entered in the Platform such as your full name, NRIC/Passport number, postal address, electronic mail address, telephone number, location, and any other particulars that may assist in identifying you. 4.2. This may include transaction information such as bank account details, payment card details, information relating to insurance coverage, policy numbers, premium history, underwriting documents, and claims data. 4.3. Where deemed necessary for the underwriting or claims process, PHM may collect information pertaining to your medical history, laboratory test results, physician’s reports, or other health-related documents. 4.4. When you access our services or the Platform, certain data such as your Internet Protocol (IP) address, browser specifications, device identifiers, and usage patterns may be collected to facilitate functionality and security. 4.5. Any additional data that you elect to share with us, including information of how you interacted with the Platform (such as features used and content viewed) or that we may legitimately obtain from third-party sources (e.g., healthcare providers or public registries) for the purpose of administering insurance products and related services. 4.6. When we collect Personal Data from other sources, we make sure that that data is transferred to us in accordance with applicable laws. Such sources include referral programmes; our business partners, such as agent partners, payment providers, enterprise partners and transport partners; insurance and financial providers; publicly available data; governmental sources of data; when our users add you as an emergency contact; and marketing services providers or partners. -
5. Basis and Purpose of Processing
5.1. Your Personal Data will be used to provide, personalise, maintain and improve our products and services. This includes using your Personal Data to provide you with Services across our various business verticals; engage you to provide Services; verify your identity; create, administer and update your account; validate your vehicle and process payments; offer, obtain, provide or facilitate insurance or financing solutions; perform internal operations necessary to provide our Services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analysing usage and activity trends; process and manage your rewards; protect the security or integrity of the Services and any facilities or equipment used to make the Services available; and enable our partners to manage and facilitate insurance solutions. 5.2. We may process your personal data for the fulfilment of obligations arising out of an insurance contract, including premium collection, claims administration, and underwriting. 5.3. We shall process personal data insofar as it is mandated by any applicable legislation or regulation, such as anti-money laundering requirements or directives issued by the authorities. 5.4. Processing may be grounded in PHM’s legitimate interests, including but not limited to fraud prevention, internal record-keeping, and service improvement, provided such interests do not override your fundamental rights and liberties. 5.5. In instances where none of the above bases apply or where legally required—particularly in the context of sensitive personal data (e.g., health information)—we shall seek your explicit consent. 5.6. Where permitted by law or subject to your consent, PHM may use your personal data to apprise you of new products, services, or offers. You shall be entitled to withdraw such consent or opt out at any time. -
6. Methods of Data Collection
6.1. Data furnished by you via application forms, telephone conversations, emails, or in-person discussions at PHM or its representatives’ offices. 6.2. Data automatically or voluntarily submitted when utilising the Platform hosted by MetaFin Sdn. Bhd. 6.3. Data acquired from insurers, reinsurers, medical practitioners, or public databases, where such collection is lawful and pertinent to your insurance coverage. 6.4. PHM or its authorised partners may utilise cookies, web beacons, or analogous mechanisms to enhance user experience, monitor usage, and maintain security (see Section 9 for more details). -
7. Disclosure of Personal Data
7.1. We may disclose your data to our affiliated entities, subsidiaries, or vendors under confidentiality obligations, strictly for purposes consistent with this Policy (e.g., claims processing, policy administration, data storage). 7.2. Where necessary to facilitate your insurance coverage, we may share your personal data with insurers, reinsurers, brokers, and other relevant parties who are likewise bound by obligations of confidentiality. 7.3. This may include legal counsel, auditors, or consultants who require access to the data for legitimate professional reasons, subject to confidentiality undertakings. 7.4. We may disclose personal data to such authorities as required by law or to respond to lawful requests, directives, or court orders. 7.5. In the event of any merger, acquisition, restructuring, or sale of assets, personal data may be transferred, subject to compliance with applicable data protection standards. -
8. Retention of Personal Data
8.1. PHM shall retain personal data for the period necessary to achieve the purposes specified herein or as otherwise required by law or regulatory guidance. 8.2. Upon expiry of the relevant retention period or once the stated purposes are fulfilled, personal data shall be securely deleted, destroyed, or anonymised, in keeping with our internal retention policies and applicable regulations. -
10. Data Security Measures
10.1. We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, alteration, disclosure, or destruction. Such measures may include, without limitation, encryption protocols, role-based access controls, secure data centres, and ongoing security training for relevant personnel. 10.2. This includes screening referral-partners before enabling their use of our Services; verifying your identity when you log in to the Platform; monitoring compliance with our terms and conditions; and detecting, preventing and prosecuting crime. 10.3. In the event of a suspected or confirmed data breach, PHM shall effect its incident response plan in a timely manner and, where applicable, notify the relevant authorities and impacted individuals in accordance with legal requirements. -
11. Children’s Data
11.1. Our services are primarily designed for individuals of legal capacity to enter into insurance contracts. We do not knowingly solicit or collect personal data from minors without the necessary parental or guardian consent. Where such data must be processed for the issuance of an insurance policy, we will comply with all applicable legal requirements and obtain any requisite consents. -
12. Rights of Data Subjects
12.1. Subject to applicable law, including the PDPA, you may: • Request access to and rectification of your personal data in our possession. • Revoke any consent previously granted for specific data processing activities. • Opt out of direct marketing communications or newsletters at any time. • Submit a complaint to the Personal Data Protection Commissioner if you believe your data has been misused or unlawfully processed. 12.2. All such requests should be submitted to PHM in accordance with the contact details provided in Section 14. We reserve the right to impose reasonable administrative fees where permissible by law. -
13. Amendments to This Policy
13.1. PHM reserves the right to revise or update this Policy from time to time. Any material amendments will be duly notified through appropriate channels (e.g., an announcement on our website or direct communication). The “Last Updated” date at the commencement of this Policy shall be modified accordingly. -
14. Enquiries and Contact Information
14.1. Should you have any questions, concerns, or requests regarding the manner in which PHM collects, processes, or safeguards your personal data, please direct your correspondence to:
Pathlab Health Management Sdn. Bhd.
Block A, Level 9 Unit 901, Pusat Dagangan Phileo Damansara 2,
No.15 Jalan 16/11, Off Jalan Damansara,
46350 Petaling Jaya, Selangor
Email Address: customerservice@phm.com.my14.2. We shall endeavour to address and resolve all enquiries and requests promptly and in compliance with the PDPA and any other applicable legislation. -
15. Disclaimer
15.1. This Policy is intended for general informational purposes and does not purport to constitute legal advice, nor does it create any enforceable rights beyond those mandated by law or contract. 15.2. PHM shall have the right to modify, update or amend the terms of this Policy at any time by placing the updated Policy on the Websites. By continuing to use the Apps, Websites or Services, purchase products from PHM or the Platform or continuing to communicate or engage with PHM following the modifications, updates or amendments to this Policy, you signify your acceptance of such modifications, updates or amendments. 15.3. In proceeding to engage with PHM’s services and/or the Platform, you acknowledge that you have read, understood, and accepted the terms of this Policy.