Privacy Policy & Personal Data Protection Notice

Effective Date: 29th May 2026
Lay Dental Clinic / Lay Dental Mont Kiara (“Lay Dental”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality and security of the personal data entrusted to us by our patients, prospective patients, parents or guardians, website visitors, employees, service providers and business partners.
This Privacy Policy explains how we collect, use, store, disclose and protect personal data in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”), its regulations, standards and applicable healthcare-related confidentiality obligations. The PDPA provides rights such as access, correction and withdrawal of consent, and includes provisions relating to sensitive personal data.
By providing your personal data to us, visiting our clinic, using our website, submitting online forms, communicating with us through WhatsApp, telephone, email, social media, advertisements or other channels, you acknowledge that you have read and understood this Privacy Policy.

Personal Data We May Collect
We may collect and process personal data including, but not limited to:
A. Identification and Contact Information
Name, age, date of birth, gender, NRIC/passport number, nationality, address, telephone number, WhatsApp number, email address and emergency contact details.
B. Patient and Dental Information
Dental history, medical history, allergies, medication records, oral health condition, diagnosis, treatment plans, appointment records, clinical notes, consent forms, X-rays, intraoral scans, dental photographs, treatment progress records and other information required to provide dental care.
C. Parent / Guardian Information
For children or minors, we may collect information relating to parents, guardians or authorised representatives, including contact details and consent records.
D. Payment and Billing Information
Invoices, receipts, payment method records, insurance or claim-related information where applicable.
E. Communication and Enquiry Information
WhatsApp messages, phone call notes, email correspondence, website form submissions, social media enquiries, Meta/Facebook/Instagram lead forms, appointment requests, feedback and survey responses.
F. Website and Digital Information
IP address, browser type, device information, cookies, website usage behaviour, referral source and advertising interaction data, where applicable.
G. Marketing Consent and Preferences
Consent status, communication preferences, appointment reminders, promotional opt-ins and opt-outs.
Because dental and medical-related information may reveal health-related details, it may be treated as sensitive personal data and handled with a higher level of care. Under the PDPA, sensitive personal data includes information relating to health or physical/mental condition.

Sources of Personal Data
We may collect personal data directly or indirectly from:
  1. You, when you contact us, visit our clinic, complete forms or request treatment.
  2. Parents, guardians, family members or authorised representatives.
  3. Our website, booking forms, WhatsApp, telephone, email and social media channels.
  4. Meta/Facebook/Instagram lead forms, advertisements or campaign landing pages.
  5. Referring dentists, doctors, healthcare providers, laboratories or specialists.
  6. Payment providers, insurance providers, administrative service providers or other authorised third parties.
  7. CCTV or clinic security systems, where applicable and permitted by law.
Purposes of Processing Personal Data
We may collect, use and process your personal data for the following purposes:
A. Dental Care and Treatment
To register you as a patient, assess your dental and medical condition, provide dental consultation, diagnosis, treatment planning, treatment delivery, follow-up care, referrals and dental record management.
B. Appointment and Communication
To schedule, confirm, remind, reschedule or follow up on appointments via phone, WhatsApp, SMS, email or other communication channels.
C. Paediatric and Family Dental Care
For child patients, to communicate with parents or guardians, obtain consent, explain treatment needs and maintain child dental records.
D. Billing and Administration
To process payment, issue receipts, manage invoices, handle refunds, maintain accounting records and fulfil internal administrative requirements.
E. Legal, Regulatory and Professional Obligations
To comply with applicable laws, regulatory requirements, professional standards, dental record obligations, patient safety requirements, audit requests, legal proceedings or government requests.
F. Marketing and Patient Education
To send dental education, appointment reminders, clinic updates, service information, promotional offers or campaign-related communication, where permitted by law and/or where consent has been obtained.
G. Website, Advertising and Analytics
To improve our website, social media communication, advertising campaigns, user experience and service delivery, including measuring campaign performance.
H. Security and Risk Management
To protect patient safety, clinic security, staff safety, fraud prevention, data security and internal record integrity.

Processing of Children’s Personal Data
Where the patient is a child or minor, personal data may be provided by a parent, guardian or authorised representative. By providing the child’s personal data, the parent or guardian confirms that they have authority to do so and consent to Lay Dental processing the child’s personal data for dental care, communication, billing, record keeping and related purposes.
We take additional care when handling children’s personal data, including dental images, treatment records and communication involving minors.

Patient Photos, Videos and Testimonials
We may take clinical photographs, dental images, X-rays, intraoral scans, videos or treatment progress records for diagnosis, treatment planning, monitoring and clinical documentation.
We will not use identifiable patient photos, videos, before-and-after images, testimonials, case studies or treatment stories for marketing, advertising, social media, website, training or public education purposes unless we have obtained separate consent from the patient or, where applicable, the parent/guardian.
Patients may withdraw marketing-related consent, subject to legal, clinical and record-keeping requirements.

Disclosure of Personal Data
We do not sell your personal data.
We may disclose or share personal data where necessary with:
  1. Dentists, dental surgeons, dental nurses, clinic staff and authorised personnel involved in your care.
  2. Dental laboratories, radiology providers, specialists, doctors or healthcare providers involved in treatment or referral.
  3. IT vendors, website providers, cloud storage providers, CRM providers, WhatsApp/communication tools, appointment systems, payment processors and other service providers.
  4. Accountants, auditors, lawyers, insurers, consultants or professional advisors.
  5. Government bodies, regulators, courts, law enforcement agencies or authorities where required by law.
  6. Parents, guardians, caregivers or authorised representatives where appropriate.
  7. Emergency contacts where necessary to protect health, safety or vital interests.
Any third-party service provider appointed by us is expected to process personal data only for authorised purposes and to maintain reasonable security and confidentiality controls.

Data Security
We take reasonable steps to protect personal data against unauthorised access, disclosure, misuse, loss, alteration or destruction.
Our safeguards may include:
  1. Restricted access to patient records.
  2. Password-protected systems.
  3. Staff confidentiality obligations.
  4. Secure storage of physical records.
  5. Access controls for digital records.
  6. Regular review of data access permissions.
  7. Secure handling of patient photographs, X-rays and treatment files.
  8. Secure disposal of personal data when no longer required.
  9. Staff training and awareness on patient confidentiality.
The official Malaysian Personal Data Protection Standard 2015 sets minimum requirements for security, retention and data integrity for personal data handled electronically and non-electronically.

Retention of Personal Data
We will retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including dental treatment, legal, regulatory, accounting, audit, insurance, dispute resolution and professional record-keeping purposes.
Dental and medical-related records may need to be retained for a legally or professionally required period. When personal data is no longer required, we will take reasonable steps to securely delete, destroy, anonymise or archive it in accordance with our internal procedures and applicable requirements.

Accuracy of Personal Data
You are responsible for ensuring that the personal data you provide to us is accurate, complete, current and not misleading.
Please inform us as soon as possible if your personal details change, including your contact number, email address, medical history, allergies, medication, emergency contact or parent/guardian details.

Your Rights
Subject to the PDPA and applicable law, you may have the right to:
  1. Request access to your personal data.
  2. Request correction of inaccurate, incomplete or outdated personal data.
  3. Withdraw consent to certain types of processing.
  4. Limit processing for marketing purposes.
  5. Ask questions about how your personal data is handled.
  6. Request that we stop sending marketing messages.
The PDPA includes data subject rights such as access, correction and withdrawal of consent, subject to permitted limitations.
To exercise your rights, please contact us using the details below.

Marketing Communications
We may send you appointment reminders, dental care education, clinic updates, service announcements or promotional messages through WhatsApp, SMS, email, phone call or social media channels.
You may opt out of marketing messages at any time by informing us through the relevant channel. However, we may still contact you for non-marketing purposes, such as appointment reminders, treatment follow-up, billing, patient safety or clinic administration.

Website, Cookies and Online Advertising
Our website may use cookies, tracking pixels, analytics tools or advertising technologies to understand visitor behaviour, improve website performance and support digital advertising campaigns.
These tools may collect technical and behavioural information such as browser type, device information, pages visited, referral source and interaction with advertisements.
You may adjust your browser settings to disable cookies, although some website functions may not work properly.

WhatsApp, Social Media and Online Enquiries
When you contact us through WhatsApp, Facebook, Instagram, online forms or other digital channels, we may process the information you provide to respond to your enquiry, schedule appointments, provide general information and follow up with you.
Please avoid sending highly sensitive medical or dental information through social media comments or public messages. For private dental matters, we encourage you to communicate through secure direct channels or during consultation.

Third-Party Links
Our website or social media pages may contain links to third-party websites or platforms. We are not responsible for the privacy practices, content or security of third-party websites.
You should review the privacy policies of those third-party websites before providing any personal data.

Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our clinic operations, legal requirements, technology or data protection practices.
The latest version will be made available through our website, clinic or upon request.
Contact Us
For questions, requests or concerns relating to your personal data, please contact:
Lay Dental Sdn Bhd
Address: 18-G, Jalan Solaris 4, Solaris Mont Kiara, 50480 Kuala Lumpur.
Phone / WhatsApp: +6018 - 375 6368
Email: info@laydental.com.my
Person in Charge: Dr Tan Siew Lay
Image

Follow Us

Contact Info

18-G, Jalan Solaris 4,
Solaris Mont Kiara,
50480 Kuala Lumpur.

018 - 375 6368

info@laydental.com.my

Open daily (10am-8pm)
Close on Tuesday