Privacy Policy

QueueMed Healthtech Sdn Bhd ("Qmed Asia", "we", "our", or "us") operates digital health products, including websites, mobile applications, APIs, and customer-deployed solutions. This Privacy Policy explains how we collect, use, disclose, transfer, and protect your personal data when you use our products and services — whether accessed directly, through partners, or through app marketplaces.

This policy applies to patients, healthcare professionals, business users, and visitors interacting with our services. By using our services, you agree to the data handling practices described in this policy.

• To provide, operate, and improve our services and app functionality.
• To support healthcare operations, including scheduling, communication, and clinical workflows.
• To authenticate users, secure accounts, and prevent fraud or abuse.
• To respond to user inquiries and provide customer or technical support.
• To monitor service quality, troubleshoot errors, and improve reliability.
• To comply with legal obligations, regulatory requirements, and contractual commitments.

Depending on the service module, device type, and feature you use, our applications may request access to device or browser capabilities. We request only the access needed to deliver the relevant function.

• Camera: To capture profile photos, scanned documents, or clinical images when initiated by the user.
• Photos / files: To upload attachments or download files required by service workflows.
• Notifications: To send reminders, care updates, and important service alerts.
• Microphone (if enabled): For voice input, dictation, or audio communication features.
• Location (if enabled): For location-based functions such as facility navigation or service localization.

You can manage permissions through your device operating system and browser settings. Disabling certain permissions may limit related features.

Depending on the service context, we may act as a data controller (for example, for account management, platform administration, and support operations) or as a data processor / service provider on behalf of a healthcare organization or enterprise customer that controls the underlying patient or operational data. Where we process data for a customer, that customer may provide additional privacy terms.

We do not sell personal data. We share personal data only when required for service delivery, legal compliance, or business operations:

• With healthcare providers, hospitals, clinics, or organizations connected to your care or service account.
• With vetted service providers (hosting, infrastructure, analytics, communications, and support), under confidentiality terms.
• With authorities, regulators, or law enforcement when legally required.
• With advisors or counterparties for audits, mergers, acquisitions, or corporate restructuring, subject to appropriate safeguards.

We retain personal data only for as long as needed to provide services, fulfill legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods vary by product module, customer contract, and applicable laws. When data is no longer required, we delete or de-identify it using secure methods.

We implement administrative, technical, and physical safeguards to protect personal data from unauthorized access, use, alteration, or disclosure.

• Encryption in transit and at rest where appropriate.
• Role-based access controls and authentication safeguards.
• Security monitoring, logging, and incident response procedures.
• Regular security testing, patching, and risk assessments.

Subject to local law, you may request to:

• Access a copy of your personal data.
• Correct inaccurate or incomplete data.
• Delete your account or personal data, where applicable.
• Restrict or object to specific processing activities.
• Withdraw consent where processing is based on consent.
• Receive data portability where legally available.

To request account deletion or exercise privacy rights, email hello@qmed.asia from your registered account email with the subject line "Privacy Request". We may verify identity before processing requests.

Our services are not directed to children except where a healthcare provider, institution, parent, or legal guardian lawfully uses our services for care delivery. If you believe personal data of a child has been collected inappropriately, contact us so we can review and take action.

We may process data in Malaysia and other jurisdictions where our partners and service providers operate. Where cross-border data transfers occur, we apply contractual, technical, and organizational safeguards to protect personal data in line with applicable data protection laws.

Depending on your location and service context, we process personal data based on one or more of the following:

• Your consent.
• Performance of a contract or service agreement.
• Compliance with legal obligations.
• Our legitimate interests in operating secure and effective services.

We aim to comply with relevant laws, including the Personal Data Protection Act 2010 (Malaysia), and other applicable privacy regulations depending on deployment context.

Our services may integrate with third-party platforms, customer systems, or websites. Third-party services operate under their own privacy terms, and we are not responsible for their independent practices.

We may update this policy periodically to reflect service changes, legal requirements, or security practices. Material updates will be communicated through appropriate channels, such as app notices, website notices, or direct communication where required.

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: