Skip to main content

Privacy Policy

Effective Date: 29th November 2025

1. Introduction

NexoPrima Sdn. Bhd. (Company Registration No. 1137946-D) (“NexoPrima”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our products and services, including mCare, NexoMed Connect, NexoMed Integra, and related platforms.

This Privacy Policy is developed in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and applicable healthcare data protection regulations.

2. Data Controller

NexoPrima acts as a data processor on behalf of Healthcare Facilities (data controllers) that use our Services. Healthcare Facilities are responsible for ensuring appropriate legal basis and patient consent for data processing. For data collected directly by NexoPrima (such as business contact information), NexoPrima acts as the data controller.

3. Types of Data We Collect

3.1 Patient Health Data

Through our Services, Healthcare Facilities may process the following types of patient data:

  • Fetal heart rate (FHR) monitoring data and cardiotocography (CTG) readings
  • Maternal vital signs including blood pressure, heart rate, and temperature
  • Uterine contraction data
  • Patient identification information (as provided by the Healthcare Facility)
  • Medical device output data from connected equipment
  • Clinical notes and observations entered by healthcare providers

3.2 Healthcare Professional Data

  • User account information (name, professional credentials, contact details)
  • Access logs and authentication records
  • System usage data and preferences

3.3 Technical Data

  • Device information and system logs
  • IP addresses and connection data
  • Performance metrics and error logs

4. How We Use Data

We process data for the following purposes:

  • Service Delivery: To provide real-time patient monitoring, data visualization, and clinical decision support
  • Alert Management: To generate and deliver clinical alerts for potential fetal distress or abnormal readings
  • System Improvement: To enhance our AI algorithms and improve service quality (using anonymized or aggregated data only)
  • Technical Support: To diagnose and resolve technical issues
  • Compliance: To meet legal and regulatory obligations
  • Communication: To provide service updates, training materials, and support communications

5. Legal Basis for Processing

We process personal data based on the following legal grounds under the PDPA:

  • Consent: Patient consent obtained by the Healthcare Facility
  • Contractual Necessity: Processing necessary for the performance of our service agreements
  • Legal Obligation: Processing required by applicable laws and regulations
  • Vital Interests: Processing necessary to protect the vital interests of patients in emergency situations

6. Data Sharing and Disclosure

We may share data with:

  • Healthcare Facilities: The contracting healthcare institution and their authorized personnel
  • Service Providers: Trusted third-party vendors who assist in service delivery, bound by confidentiality agreements
  • Legal Authorities: When required by law, court order, or government regulation
  • Emergency Services: When necessary to protect patient safety or public health

We do not sell personal data to third parties for marketing purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and role-based authentication
  • Regular security assessments and vulnerability testing
  • Audit logging of system access and activities
  • Employee training on data protection practices
  • Incident response procedures for potential data breaches

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and support the Healthcare Facility’s medical record-keeping requirements. Patient health data retention periods are determined by the Healthcare Facility in accordance with applicable medical records regulations. Upon termination of services, we will securely delete or return data as specified in our service agreements.

9. Your Rights

Under the PDPA, data subjects have the following rights:

  • Right of Access: Request access to your personal data held by us
  • Right of Correction: Request correction of inaccurate or incomplete personal data
  • Right to Withdraw Consent: Withdraw consent for data processing (subject to legal and contractual limitations)
  • Right to Prevent Processing: Object to certain types of data processing

For patient data, requests should be directed to the Healthcare Facility, which maintains the primary patient relationship. For data processed directly by NexoPrima, please contact us using the details below.

10. Cross-Border Data Transfer

Our primary data processing facilities are located in Malaysia. If data transfer outside Malaysia is required, we will ensure appropriate safeguards are in place in compliance with the PDPA and obtain necessary consents where required.

11. AI and Automated Decision-Making

Our Services, including mCare, utilize artificial intelligence for data analysis and clinical decision support. These AI features analyze patterns in fetal heart rate data and other clinical parameters to generate alerts and recommendations. All AI-generated outputs are intended to support, not replace, clinical judgment by qualified healthcare professionals. Healthcare providers retain full responsibility for patient care decisions.

12. Cookies and Tracking Technologies

Our web-based platforms may use cookies and similar technologies to enhance user experience, maintain session security, and collect usage analytics. Users can manage cookie preferences through their browser settings. Essential cookies required for system functionality cannot be disabled.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify Healthcare Facilities of material changes through appropriate channels. The “Effective Date” at the top of this policy indicates when it was last updated.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer

NexoPrima Sdn. Bhd.
Block Heliks-Emas B6-1A
UKM-MTDC Technology Centre
43650 Bangi, Selangor, Malaysia
Tel: +603 8210 7325
Email: privacy@nexoprima.com

Every mother has the right to expect her baby to be born alive and healthy, just as every baby has the right to a living and healthy mother.

NexoPrima Sdn. Bhd.
Block Heliks-Emas B6-1A
UKM-MTDC Technology Centre
43650 Bangi, Selangor, Malaysia

Any questions? Let’s get connected at:

info@mcare.live
+603.8210.7325

Terms & Privacy Statements:

© 2025 NexoPrima Sdn Bhd (1137946-D).
All rights reserved.

Web design by designville