Get in Touch
Legal

Privacy Policy

How we collect, use, disclose and protect your personal data under Malaysia's Personal Data Protection Act 2010 (as amended by the Personal Data Protection (Amendment) Act 2024).

Last updated: 13 June 2026  ·  Effective: 13 June 2026

1. Who we are

This Privacy Policy is issued by Tigas Pharma (M) Sdn. Bhd. (Company No. 199901022399 / 497299-U) ("Tigas Pharma", "we", "us", "our"), a company incorporated in Malaysia. For the purposes of the Personal Data Protection Act 2010 ("PDPA"), Tigas Pharma is the data controller of the personal data described in this policy.

This policy explains how we handle your personal data when you visit this website, contact us, use our medication-fulfilment and health-cost-intelligence services, or otherwise interact with us.

2. The personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact data — name, organisation, job title, email address, telephone number, and the contents of any enquiry you send us.
  • Commercial data — details about your organisation, your role, and the services you are interested in.
  • Technical data — limited information generated automatically when you use the website (see Section 11, Cookies and tracking).
  • Sensitive personal data — where you engage our medication-fulfilment or health-intelligence services, we may process information relating to physical or mental health, medical history, and prescriptions. Under the PDPA this is sensitive personal data and is subject to stricter protection. We process it only with your explicit consent or where otherwise permitted by law.

You are not obliged to provide personal data to us, but if you do not, we may be unable to respond to your enquiry or provide our services.

3. How we collect your personal data

We collect personal data directly from you (for example, through our contact form, email, or in the course of providing services), from your organisation where it engages us on your behalf, and automatically through your use of the website.

4. Why we use your personal data (Notice & Choice)

We use personal data for the following purposes:

  • to respond to your enquiries and communicate with you;
  • to provide, administer and improve our medication-fulfilment, pharmacy and health-cost-intelligence services;
  • to manage our relationship with you and your organisation, including contracts and billing;
  • to comply with our legal, regulatory and professional obligations (including pharmacy and healthcare regulation); and
  • to maintain the security and integrity of our systems.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider we need it for another compatible purpose, or the law requires or permits otherwise.

5. Our lawful basis and your consent

We process personal data on the basis of your consent, the performance of a contract with you or your organisation, compliance with a legal obligation, or our legitimate interests in operating our business, balanced against your rights. For sensitive personal data, we rely on your explicit consent or another ground expressly permitted under the PDPA. You may withdraw consent at any time (see Section 8).

6. Who we disclose your personal data to (Disclosure)

We may disclose personal data to:

  • pharmacies within the MyTigas Alliance and licensed healthcare providers, where necessary to fulfil medication or services you or your organisation have requested;
  • your employer, insurer, or third-party administrator (TPA), where they have engaged us to provide services in respect of you and to the extent permitted;
  • our service providers and data processors who act on our instructions (for example, IT hosting, communications and form-handling providers); and
  • regulators, law enforcement, or other authorities where we are required or permitted by law to do so.

We do not sell your personal data. Where we engage data processors, we require them by contract to protect personal data and to process it only on our instructions.

7. How we protect your personal data (Security)

We apply practical, technical and organisational measures designed to protect personal data against loss, misuse, unauthorised access, modification or disclosure, consistent with the Security Principle of the PDPA and the standards issued by the Personal Data Protection Commissioner. Access to sensitive personal data is restricted to personnel who need it to perform their duties.

8. Your rights

Subject to the PDPA, you have the right to:

  • Access the personal data we hold about you and request information about how it is processed;
  • Correct personal data that is inaccurate, incomplete, misleading or out of date;
  • Withdraw consent to our processing of your personal data, including for direct marketing;
  • Limit or object to processing that is likely to cause you unwarranted harm or distress; and
  • Data portability — to request that personal data you have provided be transmitted to another data controller, where this is technically feasible and the data formats are compatible (a right introduced by the 2024 amendment).

To exercise any of these rights, contact us using the details in Section 13. We may need to verify your identity before acting on a request. We may charge a prescribed fee for access requests where permitted, and we will respond within the period required by law.

9. How long we keep your personal data (Retention)

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting or reporting requirements. Health-related and pharmacy records are retained in accordance with applicable healthcare and professional record-keeping obligations. When personal data is no longer required, we securely delete or anonymise it.

10. Keeping your data accurate (Data Integrity)

We take reasonable steps to ensure that the personal data we hold is accurate, complete, not misleading and kept up to date for the purpose for which it was collected. Please help us by informing us of any changes to your personal data.

11. Cookies and tracking

This website uses a minimal set of third-party services to function, which may set cookies or process limited technical data — for example Google Fonts (to load typefaces) and our form-handling provider (to deliver enquiries you submit). We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings.

12. Transfers outside Malaysia

Some of our service providers may process personal data outside Malaysia. Where personal data is transferred abroad, we take steps to ensure it receives a standard of protection consistent with the PDPA and the Personal Data Protection Commissioner's cross-border transfer guidelines, including by using appropriate contractual safeguards.

13. Data breach notification

In line with the mandatory data breach notification requirements that took effect under the 2024 amendment, if we become aware of a personal data breach we will notify the Personal Data Protection Commissioner as soon as practicable, and we will notify affected individuals where the breach is likely to result in significant harm.

14. Our Data Protection Officer & how to contact us

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and the PDPA. To exercise your rights, ask a question, or make a complaint about how we handle personal data, please contact:

Data Protection Officer
Tigas Pharma (M) Sdn. Bhd.
Email: tpdata@tigaspharma.com.my
General enquiries: Contact Us
Kuala Lumpur, Malaysia

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi, JPDP), Malaysia.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The current version is always available on this page, and the "Last updated" date above shows when it was last revised.