Privacy Policy
Last updated: 24 June 2026 Effective date: to be set at public launch
This is the initial default Privacy Policy for the CCMS Medical Documentation Hub. It is intended to satisfy the basic requirements of the Personal Data Protection Act 2010 (PDPA Malaysia) for a public-facing informational site. Site-specific clauses (e.g., MOH-context terms, cross-border transfer details, retention timelines specific to the feedback system) will be added in a subsequent revision before public launch.
1. Introduction
This Privacy Policy describes how the CCMS Medical Documentation Hub (the "Site", "we", "us", "our") collects, uses, discloses, and protects personal data in accordance with the Personal Data Protection Act 2010 of Malaysia ("PDPA").
By accessing or using the Site, you ("User", "you") consent to the practices described in this Policy.
2. Data controller
The data controller responsible for personal data processed through the Site is:
CCMS Medical Documentation Hub Operated by Fuad Jaafar (CCMS Facilitator) Contact: ilmpressnet@gmail.com
Future revisions will name the institutional data controller (Ministry of Health Malaysia or applicable clinic operator) once governance is formalised.
3. Data we collect
We collect personal data in the following limited circumstances:
3.1 Feedback submissions
When you voluntarily submit feedback through the Site's feedback form, we may collect:
- Your name (optional)
- Your email or other contact information (optional)
- The page URL and title you are providing feedback about
- Your comment, suggestion, or report
- Submission timestamp
- Browser user-agent string (for diagnostic purposes)
You are not required to provide your name or contact information. Anonymous feedback is accepted.
3.2 Analytics
We use Cloudflare Web Analytics, a privacy-first, cookieless analytics service, to collect aggregated, non-personally-identifying usage data (e.g., page views, referrers, country-level region, browser/operating-system, and page-performance metrics) to understand how the Site is used and to improve content. It does not set cookies, does not fingerprint visitors or track them across other websites, and does not collect personal data. No personal data is sold or shared with third parties for advertising purposes. See Cloudflare's Web Analytics for details.
3.3 Server logs
Standard web server logs (IP addresses, request paths, timestamps) are retained for security and operational purposes for a limited period.
4. How we use your data
Personal data submitted through the feedback form is used solely to:
- Review the substance of your feedback and improve Site content
- Follow up with you (only if you provided contact information and the feedback warrants a response)
- Identify and prevent abuse of the feedback system
We do not use feedback data for marketing, profiling, or any purpose unrelated to improving the Site.
5. Where your data is stored
Personal data submitted through the Site is stored in a managed database hosted on Cloudflare infrastructure. Access is restricted to authorised operators of the Site. Cloudflare's data-handling practices are governed by Cloudflare's own privacy and data-processing terms.
Some legacy feedback may also reside in a private Google Sheet hosted on Google Workspace infrastructure, access to which is limited to the Site operator. Any further change to where data is stored will be reflected in this Policy and dated accordingly.
6. Disclosure to third parties
We do not sell, rent, or trade your personal data. We may disclose data only:
- With your explicit consent
- To service providers strictly necessary to operate the Site (e.g., hosting providers), under appropriate confidentiality obligations
- When required by Malaysian law, court order, or lawful regulatory request
7. Retention
Feedback submissions are retained as long as they remain useful for content improvement. We periodically review and remove submissions that are no longer relevant. You may request removal of your feedback at any time by contacting us.
8. Your rights under the PDPA
Under the PDPA, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete personal data
- Withdraw consent to our processing of your personal data
- Limit processing of your personal data
- Lodge a complaint with the Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi, JPDP) at https://www.pdp.gov.my
To exercise any of these rights, contact us at ilmpressnet@gmail.com.
9. Cookies
The Site uses only the minimum cookies necessary for operation (e.g., theme preference, sidebar state). No third-party advertising or tracking cookies are set without your consent. Our analytics provider, Cloudflare Web Analytics, is cookieless and sets no analytics or tracking cookies — so no analytics consent banner is required.
10. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. However, no internet transmission or electronic storage is 100% secure; you provide data at your own risk.
11. Children's privacy
The Site is intended for healthcare professionals and is not directed at children under 18. We do not knowingly collect personal data from minors.
12. International transfers
Data submitted through the Site may be processed and stored on infrastructure located outside Malaysia (e.g., Cloudflare's and Google's global data centres). By using the Site, you consent to such transfers, subject to the protections required by the PDPA.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted on the Site.
14. Contact
For questions, requests, or complaints regarding this Policy or our handling of your personal data:
Email: ilmpressnet@gmail.com
See also: Medical Disclaimer · Terms of Use