1. Introduction

MedFix Sdn Bhd (“MedFix”, “we”, “our”, or “us”) is committed to safeguarding the privacy, confidentiality, and security of personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable industry standards.

This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our orthopedic implant solutions, clinical support services, regulatory compliance activities, and business operations.

2. Scope of this policy

This Policy applies to personal data we process in relation to:

• Visitors to our website and digital platforms
• Healthcare professionals, surgeons, and clinical partners
• Hospitals, medical institutions, and corporate customers
• Suppliers, distributors, and service providers
• Job applicants, interns, and prospective employees
• Participants in trainings, workshops, and professional events organised or supported by MedFix

3. Personal data we collect

A. Identification & contact details

We may collect information such as:

• Name
• Email address
• Phone number
• Job title and role
• Organisation, hospital, or company affiliation

B. Professional & operational information

This may include:

• Clinical specialty or professional area
• Product enquiries, usage, and service requests
• Order, delivery, and logistics information
• Participation in trainings, workshops, or events

C. Website & technical data

When you interact with our website, we may collect:

• IP address and device information
• Browser type and settings
• Pages visited, time spent, and interaction logs

D. Recruitment & application data

For job applicants and interns, we may collect:

• Curriculum vitae (CV) and qualifications
• Employment and education history
• Professional references and related information

4. How we use personal data

MedFix processes personal data for legitimate business, clinical, and regulatory purposes, including:

• Providing orthopedic implants, medical devices, and related services
• Coordinating clinical support, product information, and technical assistance
• Managing orders, logistics, delivery, and product traceability
• Ensuring compliance with MDA, GDPMD, ISO 13485, and other applicable standards
• Responding to enquiries, feedback, and customer service requests
• Organising and managing trainings, workshops, and professional education programmes
• Improving our website, services, and user experience
• Processing job applications, recruitment, and talent evaluation
• Internal reporting, auditing, risk management, and corporate governance

5. Disclosure of personal data

We may disclose personal data, on a need-to-know basis, to the following parties:

• Healthcare institutions, surgeons, and clinical partners (where relevant to services provided)
• Regulatory authorities, including the Medical Device Authority (MDA), where required by law
• Logistics, warehousing, and delivery service providers
• IT service providers, system hosts, and technical support partners
• Professional advisors such as legal, compliance, or audit firms

We do not sell, rent, or trade personal data to third parties. Any disclosure is controlled, purpose-specific, and carried out in accordance with PDPA and applicable regulations.

6. Data security

MedFix implements administrative, technical, and physical safeguards to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures may include:

• Access controls and role-based permissions
• Secure storage and restricted access to sensitive records
• Use of secure communication channels where appropriate
• Quality management systems aligned with ISO 13485 and GDPMD
• Periodic reviews, audits, and process improvements

While we strive to maintain a high level of security, no system is completely free from risk. We are committed to continuously improving our safeguards in line with best practices.

7. Data retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law, regulation, or industry standards, including:

• Regulatory and traceability requirements for medical devices
• Contractual and operational obligations
• Audit, compliance, and reporting needs

When personal data is no longer required, we will take reasonable steps to securely delete, anonymise, or otherwise dispose of it in a manner that protects confidentiality.

8. Your rights under PDPA

Subject to applicable laws and exemptions, you may have the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate, incomplete, or outdated data
• Withdraw consent to processing, where processing is based on consent
• Request clarification on how your personal data is used or disclosed

Certain requests may be subject to legal, regulatory, or contractual limitations. We may require reasonable proof of identity before processing your request.

9. Cookies and website tracking

Our website may use cookies and similar technologies to enhance user experience, analyse site performance, and understand how visitors interact with our content.

You may adjust your browser settings to block or delete cookies. However, some website features may not function properly if cookies are disabled.

10. Third-party websites

Our website may contain links to third-party websites or services. MedFix is not responsible for the privacy practices, security, or content of such external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Updates to this policy

MedFix may update this Privacy Policy from time to time to reflect changes in legal requirements, regulatory expectations, or our internal practices.

The latest version of this Policy will be made available on our website. We encourage you to review it periodically to stay informed about how we protect personal data.

12. Contact information

If you have any questions about this Privacy Policy, or if you wish to exercise your rights regarding personal data, please contact us: