Hello Health Group — Privacy Policy
I. What is this Privacy Policy and what does it contain?
Hello Health Group understands the importance of personal data privacy to our users. This Privacy Policy (‘Policy’) forms the basis upon which Hello Health Group and its affiliates (‘we’, ‘us’, ‘our’) collect, use, share and process data of prospective users, users, and authorised representatives of users, in accordance with applicable data privacy laws. We also inform you of your rights.This Policy applies to websites and applications that we own and operate, including information and services available through our websites and applications, referred to as the ‘Services’.You confirm that you have read and understood this Policy and our Terms of Use. By using the Services, you confirm that you agree to all of our Terms of Use, which constitute a contract between you and us. You also confirm that you have given us permission to collect, use, share or process your personal data in accordance with this Policy.
II. What types of data do we process?
‘Personal data’ means data, whether true or not, about an individual who can be identified from that data or from that data together with other information we have access to.Depending on the nature of your interaction with us, examples of personal data we may collect include: name, identity card number, date of birth, residential address, email address, telephone number, nationality, age, gender, marital status, health information, photographs, employment information, and financial details such as credit card or banking information.
III. How do we collect and use personal data?
We generally collect personal data only when (a) it is provided voluntarily by you after you have been informed of the purpose and given valid consent, or (b) collection without consent is permitted by applicable law.We use your personal data to: provide and improve our services; personalise your experience; respond to your enquiries; send you relevant information and newsletters with your consent; analyse usage trends; provide lead generation services; detect fraud; manage your account; share with authorised third parties; send you promotional information with your consent; conduct surveys; and comply with applicable laws.
IV. How is personal data shared?
We may share your personal data with our affiliates, business partners, service providers, professional advisers, and relevant authorities where required by law. We require third parties to protect your personal data and use it only for the purposes for which it was shared.
Hello Wellness, Shopline and Standard Foods Group (SFG)
Hello Health Group has entered into a strategic collaboration with SFG. As part of this collaboration:
- Hello Wellness branded content may appear as sponsored content within Hello Doktor, including sponsored articles, category pages, and banners. At this stage, no personal data is shared with SFG.
- When you click through to Shopline — the e-commerce platform operated by SFG — Hello Doktor will share the following information with SFG via a secure Single Sign-On (SSO) mechanism to enable seamless access without re-registration: your unique Hello Doktor user ID; your registered email address; your name (only where required for a specific transaction); your phone number (only where required for a specific transaction).
- Hello Doktor will never transmit your medical records, diagnostic data, health assessment results, or any sensitive health information to Hello Wellness, Shopline, or SFG via SSO or any other automated mechanism.
- SFG may operate a separate Hello Wellness content platform in the future. If you access that platform through Hello Doktor, the same SSO mechanism and data sharing described above will apply.
Your use of Shopline and any Hello Wellness platform is subject to SFG’s own Terms & Conditions and Privacy Notice.
V. Deemed Consent Through Notification
Subject to applicable data privacy laws, we may rely on deemed consent through notification where we notify you of the purposes for which we intend to collect, use or disclose your personal data, and you do not object within the period specified in the notification.
VI. Reliance on Legitimate Interests Exception
In certain circumstances, we may collect, use or disclose your personal data without your consent where it is in our legitimate interests to do so, provided that such collection, use or disclosure does not adversely affect your interests.
VII. How to withdraw your consent
You may withdraw your consent at any time by giving us reasonable notice. For users who have linked their Hello Doktor account to Hello Wellness or Shopline, there are two types of consent you may withdraw separately:(i) Service-necessary consent (SSO account linking) — withdrawing this will disable your access to Hello Wellness and Shopline through your Hello Doktor account. Your Hello Doktor account will continue to function normally.(ii) Marketing consent — withdrawing this will stop Hello Doktor from using your data for personalised offers and marketing communications. This does not affect your access to Hello Doktor, Hello Wellness, or Shopline.You may manage or withdraw either type of consent at any time through your Hello Doktor account settings or by contacting our Data Protection Officer.
VIII. How to access and correct personal data
You have the right to request access to and correction of your personal data that we hold. Please contact our Data Protection Officer at the contact details in Section XIII. We will respond within a reasonable period of time.
IX. How is personal data protected?
We take reasonable steps to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction, including technical, administrative and physical safeguards. No method of transmission over the Internet is 100% secure.
X. Accuracy of Personal Data
We take reasonable steps to ensure that personal data we collect is accurate, complete and up to date. Please ensure that personal data you provide to us is accurate and inform us of any changes.
XI. How is personal data retained?
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws. When personal data is no longer needed, we will take reasonable steps to destroy or anonymise it.
XII. Transfer of Personal Data Outside Malaysia
We may transfer your personal data to countries outside Malaysia in connection with the purposes stated in this Policy. Any such transfer is conducted in accordance with Section 129 of the Personal Data Protection Act 2010 (Malaysia) and we will ensure appropriate safeguards are in place.This includes transfers to Google (GA4) and Meta (Conversions API) servers in the United States for analytics purposes.
XIII. How to contact our Data Protection Officer
For users in Malaysia, please also refer to our Malaysia Privacy Addendum which supplements this Privacy Policy.
Data Protection Officer, Malaysia Email: [email protected]
Response time: Within 21 business days
XIV. Effect of Policy and Changes to Policy
We may revise this Policy from time to time without prior notice. Your continued use of our Services after any changes constitutes your acceptance of the changes.
XV. Deleting Your Account and Personal Data
You may request deletion of your account and associated personal data at any time by contacting our Data Protection Officer. We may retain certain personal data as required by law even after your account has been deleted.
In the event of any inconsistency between the English and Bahasa Malaysia versions, the Bahasa Malaysia version shall prevail.