PRIVACY POLICY

Thank you for visiting us online at www.gleneaglesmedini.com.my. Your privacy is important to us. At Gleneagles Medini (“GM”), we strive to do everything we can to respect the trust customers have in our brand and our commitment to your privacy is no exception. We are committed to protecting and safeguarding your privacy. This policy applies to all who visit our website or use our online services. GM service is provided to you subject to the GM Website Terms and Conditions and in accordance with the laws of Malaysia. GM will act in accordance with current Malaysian legislation on personal information protection in this Policy and as far as practicable. By using this website and/or by submitting personal data to GM, you agree to the processing of your personal data as explained in this Policy. If you do not agree with this Policy, please do not use this website or provide GM with your personal data. Table of Contents: 1. We Care About Your Privacy 2. About Information Collection 3. Personal Information 4. Purposes and Use of Personal Information 5. Customer Consent (Opt In & Unsubscribe) 6. Accuracy of Information 7. Accessing and Updating Personal Information 8. Effective Date and Changes to the Privacy Policy 9. Security of Your Personal Information 10. Links to Other Sites 11. Cookies 12. The Privacy of Children 13. GKL Patient Experience 14. Contacting Us

1. We Care About Your Privacy

1.1. At GM, we recognise that the protection of your Personal Information is a very important principle in building trust and maintaining a good relationship with you. In this Privacy Policy the first person (“we”, “our”, “us”, “ours”) denotes GM, its subsidiaries or any of its subsidiaries all connected to GM brand, its parent company or to any subsidiary or other companies in the IHH Healthcare Berhad Group (in short, “GM”) responsible for the collection of the Personal Information and bound by this Privacy Policy. The second person (“you”, “your”, “yours”) denotes you as the customer, or generally the individual providing Personal Information or any other information, being the subject matter of this Privacy Policy. 1.2. This Privacy Policy details our commitments and your rights regarding the Processing of your Personal Information for the use of Purposes as stated in section 5 below. 1.3. 1.3 We are responsible for the Personal Information under our control, including Personal Information disclosed by us to a Vendor (often referred to as the data processor). “Vendor” in this Privacy Policy means in relation to Personal Information any person or entity (other than an employee of GM) who Processes the Personal Information on behalf of GM. “Processing”, in relation to Personal Information means for example collecting, obtaining, recording, holding, using or storing the Personal Information in carrying out any operation or set of operations on the Personal Information including organisation, compilation, retrieval disclosure of the Personal Information for verification Purposes. 1.4. In certain specific instances, this Privacy Policy may also be supplemented by additional policies and terms, or by short Privacy Statements used in connection with particular purpose(s) or on various forms, which we may identify to be applicable. 1.5. We take every measure to provide a comparable level of protection for Personal Information should the information be Processed by a Vendor. 1.6. By providing your Personal Information, you consent to the collection and use or otherwise Processing (including disclosure) of your Personal Information in the manner and for the Purposes described in this Privacy Policy.

2. About Information Collection

2.1. We communicate with you through a variety of means and channels, including through hospital, our customer loyalty schemes, through the internet (via our information or other related digital channels) and whether by post, email, phone, fax, or text messaging on your mobile phone, although we do generally note that our preferred means of communication is email which has the least impact on the environment. Such communications may involve giving to you, as well as receiving information from you. Some of the information that we receive is personally identifiable information (as defined in section 3 below), while some information (particularly information collected through your access of our website) is non-personally identifiable information (as described in section 4 below). This Privacy Policy is primarily concerned with the Processing of Personal Information. 2.2. We provide you with information that explains why the Personal Information is needed and how the Personal Information will be processed.

3. Personal Information

3.1. In view of the definition of “Personal Data” as ascribed to it in the Personal Data Protection Act 2010, personal data may take various forms, including: a) Name b) Date of birth c) Passport or identity card number; d) Home address, telephone number, facsimile number or email address; e) Photograph; f) Age, gender, marital or family status; g) Ancestry, race, nationality, or national or ethnic origin; h) Religion or religious belief, association or activity; i) Blood type, finger prints or hereditary characteristics, DNA; j) Education, employment or occupation, or educational, employment or occupational history; k) Source of income or financial circumstances, activities or history; l) Criminal history including regulatory offences; and m) Personal health information about an individual: “Personal health information” means “recorded information about an identifiable individual that relates to: i. The individual’s health or “health care” history; ii. The provision of health care to the individual; or iii. Payment for health care provided to the individual, and includes; – The “Medical Record Number” and any other identifying number, symbol or particular assigned to an individual, and – Any identifying information about the individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care. “Health Care” means any care, service or procedure i. Provided to diagnose, treat or maintain an individual’s physical or mental condition; ii. Provided to prevent disease or injury or promote health, or iii. That effects the structure or a function of the body, and includes the sale or dispensing of a drug, device, equipment or other item pursuant to a prescription. NOTE: This list is not exhaustive, as the word “including” is used, clauses (a) – (m) do not set out the only information which is personal information 3.2. We at GM limit the amount and type of information that we collect to that which is necessary for the identified purposes and do not collect your Personal Information unless you (directly or indirectly) provide it to us voluntarily.

4. Collection of Non-Personal Information

4.1. Where we collect information through our website, as is the case with many other websites, we automatically collect certain non-personal information regarding website use that does not identify you. Examples include the Internet Protocol (IP) address of your computer, the IP address of your Internet Service Provider, the date and time you access the website, the internet address of the website from which you linked directly to our website, the operating system you are using, the sections of the website you visit, the website pages read and images viewed, and the content you download from our website. 4.2. We may use non-personal information to compile tracking information reports regarding site user demographics and site traffic patterns. None of the tracking information in the reports can or will be connected to the identities or other Personal Information of individual users. 4.3. In this way, your visit to our website will be logged; however, you will remain anonymous to us unless you specifically choose to share information with us. We use this information about the way in which our customers use our website to better understand which features are most popular and best meet the needs of our visitors.

5. Purposes and Use of Personal Information

5.1. We collect Personal Information that you provide to us voluntarily on GM website, GM World of Wellness Programme, our customer loyalty schemes, customer feedback form and its other related channels and process it for the following purposes (“Purposes”): 5.1.1. to complete transactions with you and to administer and to manage/verify your membership with our preferred client services (if you are our preferred client), our World of Wellness Programme (if you are a subscriber), our customer loyalty schemes (if you are a member); 5.1.2. to direct market to you; 5.1.3. to understand and analyse our services, and your needs and preferences; 5.1.4. to develop, enhance, market and provide products and services to meet your needs; 5.1.5. to enable you to participate in events, promotions and contests; 5.1.6. to enable you to participate in customer research or focus groups; 5.1.7. to personalize our services; 5.1.8. to improve the quality of our services; 5.1.9. to respond to requests or complaints; and 5.1.10. to manage and respond to enquiries, requests or complaints. 5.2. We only keep Personal Information for as long as is necessary to satisfy the specified Purposes, for which it was collected. We retain Personal Information in accordance with our own guidelines, procedures and principles and in line with applicable legislation. 5.3. We may disclose your Personal Information to other subsidiaries within GM group of companies or any of its subsidiaries all connected to GM brand, its parent company or to any subsidiary or other companies in the IHH Healthcare Berhad Group or to a Vendor as explained in section 1.3 above. These subsidiaries will treat your Personal Information as confidential, in accordance with this Privacy Policy and with all applicable Data Protection legislation and will process such Personal Information only for the Purposes and within the terms set out herein. 5.4. We may disclose your Personal Information if we are required to do so by law or requirement of a competent authority. 5.5. In addition to the above, we may from time to time work on specific initiatives with carefully selected third party companies/organisations (outside of GM) to share opportunities with you. If we do this, we will inform you at the time of such initiatives that, if you decide to submit any Personal Information, it will be shared with those selected companies/organisations and we will only do so with your prior consent. 5.6. You will always be given the opportunity to consent (opt in) to your information being shared pursuant to section 5.5, and the selected companies/organisations will be sufficiently identified to allow you to make an informed decision. If you do consent (opt in) and subsequently visit such companies’/organisations’ websites, we cannot control how they use or otherwise process any Personal Information you provide directly to them. We always encourage you to check their sites’ terms and conditions and privacy policy before you give out any Personal Information. 5.7. If you do consent (opt in) to receive these communications you may unsubscribe at any point in the future by contacting us as provided at section 6.4 below. 5.8. Where we need to collect your Personal Information for a purpose about which we have not previously informed you and that is not set out in this Privacy Policy, we will endeavour to notify you and obtain your consent before such collection, or in the event that this is not practicable, as soon thereafter as is reasonable. We will however only use your Personal Information for a purpose that has been specified prior to its use or where the Processing of your Personal Information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract or Processing is necessary for other legal purposes.

6. Customer Consent (Opt In & Unsubscribe)

6.1. Opt In: We at GM will not use your Personal Information for a purpose that has not previously been specified, unless we have previously obtained your consent or unless such purpose is required by law. 6.2. Consent to provide Personal Information is not a condition for our selling a product and/or services to you, unless the information requested is required to full fill an explicitly specified and legitimate purpose. 6.3. In particular we will generally seek your explicit prior consent (opt in) before sending to you marketing communications (see 5.1.2 above). 6.4. Unsubscribe: At any time, you can withdraw your consent to our collection, use or disclosure (generally Processing) of your Personal Information at the address or medium shown in section 15 of this Privacy Policy. If you have any concerns whatsoever, with regard to the unsubscribe functionality that we make available to you, pursuant to this section, please contact us at the same medium shown in section 15 of this Privacy Policy. 6.5. If you have previously opted into receiving commercial communications from us pursuant to 6.3 above, while also becoming a member of our loyalty scheme or a subscriber of our World of Wellness Programme, should your membership to such scheme comes to an end for whatever reason, we will not take this to imply an automatic request to unsubscribe, and we will assume that we have your continued consent, unless you specifically unsubscribe, as is provided for in section 6.4.

7. Accuracy of Information

7.1. We at GM keep Personal Information as accurate, complete and up-to-date as necessary, taking into account its use and the interests of our customers. 7.2. You are responsible for informing us about changes to your Personal Information and for ensuring that such information is accurate and current.

8. Accessing and Update Personal Information

8.1. Dependant on the legislation, some customers have a qualified right to access, rectify, delete, or object (to the processing of) your Personal Information stored by us and to receive an account of its use and disclosure. Where there is no such right provided by law, we may still allow access to such information. We recommend that all customer requests for access to Personal Information held by GM be made in writing. However, we may require you to provide us with additional information reasonably necessary for us to satisfy your request. GM reserves the right to charge you a reasonable fee for the processing of any data access request. 8.2. We amend the Personal Information contained in our database or elsewhere as required when an individual successfully demonstrates the inaccuracy or incompleteness of the Personal Information. An amendment may involve the correction, deletion or addition of information and notification to third party to whom the data have been disclosed.

9. Effective Date and Changes to the Policy

9.1. This Privacy Policy is effective as of 1st October 2012. 9.2. We reserve the right to change our Privacy Policy from time to time and without prior notice. If we decide to change our Privacy Policy, we will post the revised version here, so we suggest that you check here periodically for the most up-to-date version of our privacy policy. Rest assured, however, that any changes will not be retroactively applied and will not alter how we handle previously collected information. Should you continue to use our services after our Privacy Policy changes you will be bound by those changes. 9.3. If at any point we decide that we wish to use Personal Information for any purpose other than, or in addition to the Purpose(s) listed in this policy (section 5 above) or from that stated at the time this information was collected, we will notify you by way of an email, unless we do not have your email address, in which case we will use any other means of communication available to us depending on the contact details that you have provided to us. We will only proceed with such use, if we receive your consent with respect to such additional Purposes (not previously communicated, or not previously included in this Privacy Policy).

10. Security of Your Personal Information

10.1. We at GM protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information, regardless of the format in which it is held. 10.2. We use various methods to safeguard Personal Information. They include: 10.2.1. Physical measures: locked filing cabinets, restriction of access to offices, and company alarm systems 10.2.2. Technical tools: passwords and encryption, using generally industry best practices. Only authorized personnel with user ID and password from GM have access to the information. 10.2.3. Organisational controls: confidentiality agreements, limiting access on a need-to-know basis, staff training and security clearances. 10.3. Online security is also a priority. GM incorporates security measures such as encryption and authentication tools to protect your Personal Information from unauthorized use. Firewalls are utilised to protect our servers and network from unauthorised users accessing and tampering with files and other information that we store. 10.4. We use Secure Sockets Layer (SSL) technology to protect your information online. Upon entering the checkout page your computer will begin communicating with our server in secure mode. 10.5. While GM cannot guarantee that loss, misuse or alteration of data will not occur; GM makes reasonable efforts to prevent such unfortunate occurrences. 10.6. You must remember to exit the browser window after use to disable any unauthorized party access. It is your responsibility at any time, not to divulge your personal user ID and password to any third party.

11. Links to Other Websites

11.1. This website or any of GM various other websites may contain links to other third party owned and operated websites or internet resources. When you click on one of those links you are contacting another website or internet resource. We have no responsibility or liability for or control over those other websites or internet resources or their collection, use and disclosure (processing) of your Personal Information. The inclusion of third party websites on our site in no way constitutes an endorsement of such websites’ contents, actions or policies. 11.2. We encourage you to read the privacy policies of those other sites to learn how they collect and use information about you. 11.3. Any promotions and contests hosted on GM related channels such as Facebook are in no way sponsored, endorsed or administered by, or associated with Facebook. You are providing your information to GM for the Purposes of participating in the online activities orchestrated by GM and not to Facebook.

12. Cookies

12.1. Cookies are small text files generated when you visit our website(s) or use our online services that reside on your computer and can uniquely identify your browser. Like most websites, we may use cookies on our website to allow you to set your individual preferences and to help us provide a better user experience. 12.2. You may choose to accept or decline cookies if your browser permits, but declining cookies may affect your use of our website and your ability to access certain features of the site or to engage in transactions.

13. The Privacy of Children

13.1. We will never knowingly collect or solicit Personal Information from individuals under the age of eighteen (18) without first obtaining verifiable parental consent. If you are under the age of 18 you should not provide information to us. If we become aware that a person under 18 has provided Personal Information to us without verifiable parental consent (as may be the case where the information is provided via our website), we will remove such Personal Information from our files.

14. GM Patient Experience

14.1. GM may document and share patient stories (“Stories” or “Story”) in the Patient Experience section of this site. We gathered the Stories through various resources including but not limited to (i) Customer Feedback Form; (ii) Patient Satisfaction Survey; and (iii) the “Feedback” section in this site. Stories are used with permission and patients (“Patient”) who agree to be interviewed may be contacted by telephone or by email. Information collected to produce a Story may include answers to questions about Patient health status. Any personally identifiable information is stored in a secure system. Patients who have agreed to be interviewed for a Story are given the opportunity to review the final Story and to have the Story published anonymously. Patient-approved Stories may be posted on this Site, incorporated into printed materials, or provided to selected media or other third parties. Patient information will not be shared without consent.

15. Contacting Us

15.1. GM has procedures in place in order to receive and respond to enquiries about GM’s policies and practices relating to its handling of Personal Information. Any complaint or enquiry should be made in writing and addressed as shown in section 15 below. If there are any questions or concerns regarding this Privacy Policy or the data collection practices outlined herein, please contact us as follows: a) By Email: inquiry@gleneaglesmedini.com.my b) By Mail: Privacy Policy Enquiries Marketing and Communications Department Gleneagles Medini. You are reminded not to send via unencrypted means (such as email) sensitive information such as passwords, credit card information etc. If you wish to unsubscribe, please refer to paragraph 6.4 above. IMPORTANT: By assessing this website and any of its pages you are agreeing to the terms set out above in our Privacy Policy. Updated as of 1st September 2012