HomeHospitalsSpecialistsMedical InsightsSupport
Back to Home

Privacy Policy

Last updated: May 20, 2026

1. Introduction

Welcome to iCare Medical Concierge. We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) readiness standards, and ISO 27001 guidelines.

2. The Data We Collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: includes first name, last name, username or similar identifier, title, date of birth and gender.
  • Contact Data: includes billing address, delivery address, email address and telephone numbers.
  • Health & Medical Data: includes medical history, current symptoms, consultation records, and any sensitive information you provide to facilitate medical appointments and evacuation.
  • Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (e.g., booking a hospital appointment).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

4. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. All sensitive health and contact data transmitted via our web forms are protected using AES-256-CBC application-level encryption before being stored in our secure database. Access is strictly limited to authorized personnel only. We enforce HTTPS/TLS for all data in transit.

5. Your Legal Rights (GDPR)

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data (Data Subject Access Request).
  • Request correction of inaccurate personal data.
  • Request erasure of your personal data (“Right to be Forgotten” — GDPR Art.17).
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data (data portability).
  • Right to withdraw consent at any time.

To exercise any of these rights, contact our Data Protection Officer (DPO) at dpo@icare.my.id. We will respond within 30 days as required by GDPR Art.12.

6. Data Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention schedule is as follows:

  • Contact Inquiries: Retained for 2 years from the date of submission, then securely deleted.
  • Medical Appointment Records: Retained for 7 years in compliance with applicable healthcare regulations, then securely deleted.
  • Account Data (Members, Agents): Retained for the duration of your account, plus 1 year after account closure, unless you request earlier deletion.
  • Audit Logs: Retained for 7 years for compliance with ISO 27001 and HIPAA audit trail requirements.
  • Cookie / Analytics Data: Retained for a maximum of 13 months in line with GDPR guidelines.

7. Cookies & Tracking

We use cookies to enhance your experience and analyze site usage. We only activate tracking cookies (Analytics, Marketing) after you provide explicit consent via our cookie banner. You may withdraw consent at any time by clearing your browser cookies. For more details on the cookies we use, please refer to our Cookie Policy.

8. Data Breach Notification

In the unlikely event of a personal data breach, we are committed to notifying the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Art.33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

9. Data Protection Officer (DPO)

We have appointed a Data Protection Officer responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact the DPO at: dpo@icare.my.id

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated date and, where appropriate, notifying you by email. We encourage you to review this policy periodically.

Find Hospitals
Find Doctors
Support

iCare Assistant

Online & Secure

Patient Registration & Data Consent

HIPAA CompliantiCare Health & Wellness