Privacy Policy
Pemmi Dhillon Skin, Hair and Laser Clinic No. 9-3 (3rd Floor), Jalan Medan Tuanku Satu, 50300 Kuala Lumpur, Malaysia Email: drpemmi@gmail.com | Phone: 012-330 3273
Last updated: April 2026
1. Introduction
Pemmi Dhillon Skin, Hair and Laser Clinic (“the Clinic”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of all individuals who interact with our clinic, whether in person, through our website at drpemmi.com, or through any other communication channel.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to that data. It applies to all patients, website visitors, and individuals who contact us for any reason.
By using our website or services, you agree to the collection and use of information as described in this policy.
2. Who We Are
The data controller responsible for your personal data is:
Pemmi Dhillon Skin, Hair and Laser Clinic Led by Dr. Perminder Kaur Dhillon, MBBS (Delhi), MJSC (Japan), Dip. Derm (London) Registered Medical Practitioner under the Medical Act 1971, Malaysia No. 9-3 (3rd Floor), Jalan Medan Tuanku Satu, 50300 Kuala Lumpur, Malaysia
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
Contact and Identity Information
- Full name
- Email address
- Phone number
- Date of birth
- Gender
Medical and Health Information
- Medical history relevant to your treatment
- Current medications and allergies
- Skin, hair, and health concerns
- Treatment records, consultation notes, and clinical photographs (before and after)
- Consent forms and assessment records
Communication Data
- Messages sent to us via our website contact or consultation form
- WhatsApp messages and call records
- Email correspondence
Website Usage Data
- IP address
- Browser type and version
- Pages visited and time spent on our website
- Referral source (how you found us)
- Cookies and similar tracking technologies
Booking and Transaction Data
- Appointment history
- Payment records (we do not store full card details)
4. How We Collect Your Personal Data
We collect personal data through the following means:
- When you fill in our online consultation or contact form at drpemmi.com
- When you contact us by phone, WhatsApp, or email
- When you attend a consultation or treatment at our clinic
- When you interact with our website (automatically via cookies)
- When you leave a review on Google or other platforms
- When you provide referrals or are referred to us by another patient or healthcare provider
5. Why We Collect and Use Your Personal Data
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| To provide medical consultations and aesthetic treatments | Performance of a contract / Legitimate interest |
| To maintain accurate medical and treatment records | Legal obligation (Medical Act 1971) |
| To contact you regarding your appointment or consultation | Performance of a contract |
| To send appointment reminders or follow-up care instructions | Legitimate interest |
| To respond to your enquiries and messages | Legitimate interest |
| To improve our website and services | Legitimate interest |
| To comply with legal, regulatory, and professional obligations | Legal obligation |
| To send marketing communications (with your consent) | Consent |
We will never use your medical information for marketing purposes without your explicit consent. You may withdraw your marketing consent at any time by contacting us at drpemmi@gmail.com.
6. Medical Records and Confidentiality
As a registered medical practice, we are bound by strict legal and professional obligations regarding the confidentiality of your medical records under the Medical Act 1971 and the Private Healthcare Facilities and Services Act 1998, Malaysia.
Your medical records will only be shared with:
- Members of our clinical team directly involved in your care
- Other healthcare providers, with your consent, where a referral is necessary
- Regulatory or legal authorities where we are required by law to disclose information
- Emergency services, where disclosure is necessary to protect your life or the life of another person
We will never sell, rent, or share your medical records with third parties for commercial purposes.
7. Sharing Your Personal Data
We may share your non-medical personal data with carefully selected third-party service providers who assist us in operating our business. These include:
- Website hosting and maintenance providers (to operate drpemmi.com)
- Email and communication platforms (to manage correspondence)
- Appointment and booking software (to manage scheduling)
- Analytics providers (to understand website usage — data is anonymised where possible)
- Payment processors (to process any online transactions securely)
All third-party providers are required to handle your data securely and in accordance with applicable data protection laws. We do not permit them to use your data for their own purposes.
We do not sell your personal data to any third party under any circumstances.
8. Cookies and Website Tracking
Our website at drpemmi.com uses cookies — small text files stored on your device — to improve your browsing experience and help us understand how visitors use our site.
Types of cookies we use:
| Cookie Type | Purpose |
|---|---|
| Essential cookies | Required for the website to function correctly |
| Analytics cookies | Help us understand page visits and user behaviour (Google Analytics) |
| Marketing cookies | Track visits from Google Ads to measure campaign performance |
You can control cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of our website.
If our website uses a cookie consent banner, your preferences will be recorded and respected.
9. How Long We Keep Your Data
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following:
| Data Type | Retention Period |
|---|---|
| Medical and treatment records | Minimum 7 years after last treatment, as required by Malaysian medical regulations |
| Consultation enquiry data | 2 years from the date of enquiry |
| Website analytics data | 26 months (Google Analytics default) |
| Marketing consent records | Until consent is withdrawn, plus 1 year |
| Payment records | 7 years for accounting and tax compliance |
After the applicable retention period, your data will be securely deleted or anonymised.
10. Your Rights
Under Malaysia’s Personal Data Protection Act 2010 (PDPA), you have the following rights in relation to your personal data:
Right to Access You may request a copy of the personal data we hold about you at any time.
Right to Correct If any information we hold about you is inaccurate or incomplete, you have the right to request that we correct it.
Right to Withdraw Consent Where we process your data on the basis of your consent (for example, for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to Limit Processing In certain circumstances, you may request that we restrict how we use your data.
Right to Enquire You have the right to enquire about what personal data we hold about you and how it is being used.
To exercise any of these rights, please contact us at:
Email: drpemmi@gmail.com Phone: 012-330 3273 Post: No. 9-3 (3rd Floor), Jalan Medan Tuanku Satu, 50300 Kuala Lumpur
We will respond to your request within 21 days. In certain circumstances, we may need to verify your identity before fulfilling your request.
11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure. These measures include:
- Secure, password-protected systems for storing patient records
- Limited access to personal and medical data — restricted to authorised clinical staff only
- Encrypted communication channels where applicable
- Regular review of our data security practices
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. If you have any concerns about the security of your data, please contact us immediately.
12. Third-Party Links
Our website may contain links to third-party websites, including Google Maps, social media platforms, and external directories. This Privacy Policy applies only to our website and clinic. We are not responsible for the privacy practices of any third-party websites and encourage you to read their privacy policies before providing any personal data.
13. Children’s Privacy
Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make significant changes, we will update the “Last updated” date at the top of this page.
We encourage you to review this policy periodically. Continued use of our website or services after any changes constitutes your acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal data, please contact us:
Pemmi Dhillon Skin, Hair and Laser Clinic No. 9-3 (3rd Floor), Jalan Medan Tuanku Satu, 50300 Kuala Lumpur, Malaysia Email: drpemmi@gmail.com Phone: 012-330 3273 Website: drpemmi.com
This Privacy Policy was prepared in accordance with Malaysia’s Personal Data Protection Act 2010 (PDPA) and applicable medical confidentiality obligations under the Medical Act 1971 and the Private Healthcare Facilities and Services Act 1998.
Mon–Fri: 10 AM – 6 PM | Sat: 10 AM – 4 PM