Mon - Frd : 8:00 -16:00
info@vnrmedicservice.com
Connecting Malaysian Patients to World-Class Cardiac Care in India.
Have Any Questions?
+6011 2159 9937

Privacy Policy

1. Introduction

VNR Medical Service (“we“, “us“, or “our“) is committed to protecting the privacy and personal data of every individual who interacts with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Personal Data Protection Act 2010 (PDPA), Malaysia.

By engaging our services or submitting your information through this website, you consent to the practices described in this Policy.

2. Data Controller

VNR Medical Service
Email: vnrmedicservice@gmail.com
Website: vnrmedicservice.com
Operating in compliance with the laws of Malaysia.

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data: Full name, date of birth, nationality, passport or identity card number.
  • Contact Data: Email address, telephone number, WhatsApp number, postal address.
  • Health & Medical Data (Sensitive Personal Data): Medical history, diagnosis, treatment records, test results, imaging reports, and fitness-to-fly assessments.
  • Travel Data: Flight itineraries, accommodation details, travel insurance information.
  • Financial Data: Bank transfer references and payment confirmation details (we do not store full card numbers).
  • Communications Data: Records of correspondence, enquiries, and feedback submitted to us.
  • Technical Data: IP address, browser type, pages visited, and cookies (see Section 10).

Health and medical data is classified as sensitive personal data under the PDPA. We collect and process it only with your explicit consent and solely to coordinate your medical care.

4. Purposes of Processing

We process your personal data for the following purposes:

  • Coordinating medical appointments, cardiac surgery consultations, and hospital admissions at DDMM Heart Institute and affiliated facilities in India.
  • Arranging travel, accommodation, and airport-to-hospital transport.
  • Facilitating medical report reviews and direct surgeon access for second opinions.
  • Managing post-operative recovery programmes and follow-up care.
  • Communicating service updates, appointment reminders, and care instructions.
  • Processing payments and maintaining financial records as required by law.
  • Complying with legal, regulatory, and contractual obligations.
  • Improving our website and services through aggregated, anonymised analytics.

5. Legal Basis for Processing

We process your personal data on one or more of the following bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes, including the processing of sensitive health data.
  • Contract: Processing is necessary to perform our service agreement with you.
  • Legal Obligation: Processing is required to comply with applicable Malaysian law.
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided your rights are not overridden.

6. Disclosure of Personal Data

We may share your personal data with the following categories of third parties, solely to the extent necessary to deliver our services:

  • Medical Partners: DDMM Heart Institute (Nadiad, Gujarat, India), attending surgeons, anaesthetists, and nursing staff involved in your care.
  • Travel & Logistics Providers: Airport transfer operators, hotels, and travel agencies engaged for your trip.
  • Insurance Providers: Where travel or medical insurance is arranged on your behalf.
  • Professional Advisers: Legal, accounting, or compliance advisers bound by confidentiality obligations.
  • Regulatory Authorities: Government bodies or law enforcement where required by law.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

7. Cross-Border Data Transfers

Because our medical services are delivered in India, your personal data — including sensitive health data — will be transferred to and processed in India by our partner hospital (DDMM Heart Institute). We take appropriate contractual and technical safeguards to ensure your data is protected to a standard equivalent to the PDPA when transferred outside Malaysia.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Active clients: For the duration of our service engagement and up to 7 years thereafter, in accordance with Malaysian record-keeping requirements.
  • Medical records: As required by applicable health regulations and our partner hospital’s retention policies.
  • Enquiry data: Up to 12 months from the date of last contact where no service was engaged.
  • Website analytics: Aggregated data is retained indefinitely; identifiable data is deleted after 26 months.

9. Your Rights Under the PDPA

As a data subject under the PDPA (Malaysia), you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right of Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Withdraw Consent: Withdraw consent to processing at any time, subject to legal or contractual obligations.
  • Right to Limit Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Lodge a Complaint: Lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia if you believe your rights have been infringed.

To exercise any of these rights, please contact us at vnrmedicservice@gmail.com. We will respond within 21 days as required under the PDPA.

10. Cookies

Our website uses cookies and similar technologies to enhance user experience and gather anonymised analytics. You may control or disable cookies through your browser settings. Disabling cookies may affect the functionality of certain pages. We do not use cookies to collect sensitive personal data.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encrypted communications (HTTPS/TLS), restricted staff access on a need-to-know basis, and regular security reviews. However, no method of transmission over the internet is completely secure; we cannot guarantee absolute security.

12. Children’s Privacy

Our services may involve paediatric cardiac care. Where personal data of individuals under 18 years of age is collected, we require explicit consent from a parent or legal guardian before processing.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or data practices. The revised Policy will be posted on this page with the updated effective date. We encourage you to review it periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Data Protection representative:

VNR Medical Service
Email: vnrmedicservice@gmail.com
Website: vnrmedicservice.com

Effective Date: 28 April 2026

About Us

V&R Medical Service is a dedicated medical travel bridge connecting Malaysian patients with world-class cardiac care in India. Partnered with the NABH-accredited DDMM Heart Institute, we provide end-to-end coordination, expert surgery by Dr. Sanjeeth Peter, and affordable heart health solutions with zero waiting lists.

Contact Info

info@vnrmedicservice.com

+6011 2159 9937

Malaysia: 26-B, Jalan Besar Tanjung Sepat , 42800 Tanjong Sepat, Selangor

India: DDMM Heart Institute, Mission Road, Nadiad, Gujarat, India