Privacy Policy

How CANVAS Medical Clinic collects, uses and protects your personal information.

Last updated: 29 June 2026

1. Introduction

CANVAS Medical Clinic Sdn. Bhd. ("CANVAS", "we", "us" or "our"), located at Gurney Walk, No. 18A Persiaran Gurney, 10250 George Town, Penang, Malaysia, is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights with respect to that data.

2. Data We Collect

We may collect the following categories of personal data:

  • Identity data: full name, date of birth, gender, identity card or passport number.
  • Contact data: phone number, email address, postal address.
  • Health and medical data: medical history, current medications, treatment records, before-and-after photographs taken for clinical purposes.
  • Appointment data: consultation requests, treatment preferences, physician preferences, scheduling information.
  • Financial data: payment method and transaction records (payment card numbers are processed by our payment provider and not stored by us).
  • Technical data: IP address, browser type, pages visited on our website, and device identifiers collected via analytics tools.
  • Communications data: messages sent to us via WhatsApp, email, or our consultation form.

3. How We Collect Your Data

We collect personal data:

  • Directly from you — via our website consultation form, WhatsApp, telephone, or in person at the clinic.
  • Automatically — when you use our website, via cookies and similar technologies (see Section 9).
  • From third parties — such as referral physicians or medical insurers, where applicable and with your consent.

4. Purposes of Processing

We use your personal data to:

  • Provide, manage and administer your medical and aesthetic treatments.
  • Confirm and manage appointments and consultations.
  • Communicate with you about your care, including post-treatment follow-up.
  • Process payments and maintain accurate financial records.
  • Comply with our legal and regulatory obligations, including those imposed by the Malaysian Medical Council and the Ministry of Health.
  • Improve our website, services and patient experience.
  • Send you marketing communications about relevant treatments or promotions — only where you have given explicit consent, and you may opt out at any time.

5. Legal Basis for Processing

We process your personal data on the following grounds:

  • Consent — for marketing communications and for processing sensitive health data.
  • Contractual necessity — to provide the medical and aesthetic services you have engaged us for.
  • Legal obligation — to comply with Malaysian law, including healthcare recordkeeping requirements.
  • Legitimate interests — to improve and operate our clinic services, provided these interests do not override your rights.

6. Disclosure of Your Data

We do not sell your personal data. We may share it with:

  • Specialist referral physicians — where a referral is necessary for your care.
  • Medical laboratories and diagnostic providers — where tests are arranged on your behalf.
  • IT and software service providers — including clinic management software, appointment systems and website hosting, under strict data processing agreements.
  • Regulatory authorities — where required by law, court order or government directive.

7. Retention of Data

We retain medical and treatment records for a minimum of seven (7) years after your last consultation, as required under Malaysian healthcare regulations. Marketing and contact data is retained until you withdraw consent or request deletion, subject to any overriding legal retention obligations.

8. Your Rights

Under the PDPA and applicable data protection principles, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Withdraw consent for marketing communications at any time.
  • Request restriction or cessation of processing where legally permissible.
  • Request the deletion of your personal data, subject to any overriding legal obligations (such as mandatory medical recordkeeping).

To exercise any of these rights, please contact us at hello@canvas-medical.com or in writing to our clinic address.

9. Cookies and Analytics

Our website uses cookies and similar tracking technologies to understand how visitors use the site and to improve your experience. We use Google Analytics (or a similar analytics provider) to collect anonymised usage data such as pages visited, session duration and device type. You may disable cookies via your browser settings; note that some website functionality may be affected.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include encrypted communications, access controls and regular security reviews. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be posted on this page with the date of last update. Continued use of our services after an update constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or your personal data, please contact us:

CANVAS Medical Clinic
Gurney Walk, Lot G-6 (GF) & Lot S-1 (2nd Floor)
No. 18A, Persiaran Gurney, 10250 George Town, Penang, Malaysia
Email: hello@canvas-medical.com
Tel: +60 11-2854 7882

Penang's premier medical aesthetic clinic. Where science meets artistry.

Visit Us

Gurney Walk, Lot G-6 (GF) & Lot S-1 (2nd Floor)

No. 18A, Persiaran Gurney

10250 George Town, Penang

+60 11-2854 7882 · Medical Aesthetics +60 18-981 5639 · Aesthetics

Hours

Open daily

10:00am – 10:00pm

Follow

Instagram WhatsApp