For Employers
Legal

Privacy Policy

How we collect, use, disclose and protect your personal data under Malaysia's Personal Data Protection Act 2010 (as amended by the Personal Data Protection (Amendment) Act 2024).

Last updated: 13 June 2026  ·  Effective: 13 June 2026

1. Who we are

The MyTigas Alliance is operated by Tigas Alliance Sdn. Bhd. (Company No. 201501025326 / 1150649-U) ("MyTigas", "the Alliance", "we", "us", "our"), a company incorporated in Malaysia and part of the Tigas Pharma Group. For the purposes of the Personal Data Protection Act 2010 ("PDPA"), Tigas Alliance Sdn. Bhd. is the data controller of the personal data described in this policy.

This policy explains how we handle your personal data when you visit this website, contact us, participate in our corporate prescription-benefit programmes, join the Alliance as a pharmacy, or otherwise interact with us.

2. The personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact data — name, organisation, job title, email address, telephone number, and the contents of any enquiry you send us.
  • Corporate and membership data — for employers, details needed to administer prescription-benefit programmes; for pharmacies, details needed to assess and manage Alliance membership.
  • Technical data — limited information generated automatically when you use the website (see Section 11).
  • Sensitive personal data — where we administer prescription benefits, we process information relating to physical or mental health, medical conditions, and prescriptions of covered individuals. Under the PDPA this is sensitive personal data and attracts stricter protection. We process it only with explicit consent or where otherwise permitted by law.

You are not obliged to provide personal data to us, but if you do not, we may be unable to respond to your enquiry or provide our services.

3. How we collect your personal data

We collect personal data directly from you, from your employer or insurer where they enrol you in a benefit programme, from member pharmacies in the course of dispensing, and automatically through your use of the website.

4. Why we use your personal data (Notice & Choice)

We use personal data to:

  • respond to your enquiries and communicate with you;
  • administer corporate prescription-benefit programmes, including dispensing, claims and savings reporting;
  • manage the empanelment and membership of pharmacies within the Alliance;
  • comply with our legal, regulatory and professional obligations (including pharmacy and healthcare regulation); and
  • maintain the security and integrity of our systems.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider we need it for a compatible purpose, or the law requires or permits otherwise.

5. Our lawful basis and your consent

We process personal data on the basis of your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests, balanced against your rights. For sensitive personal data we rely on your explicit consent or another ground expressly permitted under the PDPA. You may withdraw consent at any time (see Section 8).

6. Who we disclose your personal data to (Disclosure)

We may disclose personal data to:

  • member pharmacies and licensed healthcare providers, where necessary to dispense medication or deliver services;
  • your employer, insurer or third-party administrator (TPA), where they have engaged us in respect of you and to the extent permitted;
  • our service providers and data processors who act on our instructions (for example IT hosting, communications and form-handling providers); and
  • regulators, law enforcement or other authorities where required or permitted by law.

We do not sell your personal data. We require our data processors by contract to protect personal data and to process it only on our instructions.

7. How we protect your personal data (Security)

We apply practical, technical and organisational measures designed to protect personal data against loss, misuse, unauthorised access, modification or disclosure, consistent with the Security Principle of the PDPA and the standards issued by the Personal Data Protection Commissioner. Access to sensitive personal data is restricted to personnel who need it to perform their duties.

8. Your rights

Subject to the PDPA, you have the right to:

  • Access the personal data we hold about you and information about how it is processed;
  • Correct personal data that is inaccurate, incomplete, misleading or out of date;
  • Withdraw consent to our processing, including for direct marketing;
  • Limit or object to processing likely to cause unwarranted harm or distress; and
  • Data portability — to request that personal data you provided be transmitted to another data controller, where technically feasible and the formats are compatible (introduced by the 2024 amendment).

To exercise these rights, contact us using the details in Section 14. We may verify your identity before acting, may charge a prescribed fee for access requests where permitted, and will respond within the period required by law.

9. How long we keep your personal data (Retention)

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting and reporting requirements. Prescription and dispensing records are retained in accordance with applicable healthcare and professional record-keeping obligations. When no longer required, personal data is securely deleted or anonymised.

10. Keeping your data accurate (Data Integrity)

We take reasonable steps to ensure personal data is accurate, complete, not misleading and up to date for its purpose. Please help us by telling us about any changes to your personal data.

11. Cookies and tracking

This website uses a minimal set of third-party services to function, which may set cookies or process limited technical data — for example Google Fonts (to load typefaces) and our form-handling provider (to deliver enquiries you submit). We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings.

12. Transfers outside Malaysia

Some service providers may process personal data outside Malaysia. Where this occurs, we take steps to ensure the data receives a standard of protection consistent with the PDPA and the Personal Data Protection Commissioner's cross-border transfer guidelines, including appropriate contractual safeguards.

13. Data breach notification

In line with the mandatory data breach notification requirements introduced by the 2024 amendment, if we become aware of a personal data breach we will notify the Personal Data Protection Commissioner as soon as practicable, and will notify affected individuals where the breach is likely to result in significant harm.

14. Our Data Protection Officer & how to contact us

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and the PDPA. To exercise your rights, ask a question, or make a complaint, please contact:

Data Protection Officer
Tigas Alliance Sdn. Bhd.
Email: tpdata@tigaspharma.com.my
General enquiries: Contact us
Kuala Lumpur, Malaysia

If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi, JPDP), Malaysia.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The current version is always available on this page, and the "Last updated" date above shows when it was last revised.