Privacy Policy

Welcome to Mednext (“we,” “us,” or “our”). We are committed to protecting the privacy and security of our users’ personal data (“you,” “your”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.mednext.id and use our medical software services (collectively, the “Services”).

This policy is designed to comply with applicable laws and regulations, including Indonesia’s Law No. 27 of 2022 concerning Personal Data Protection (PDP Law) and related health regulations.

By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several different types of information for various purposes to provide and improve our Services to you.

1. Data You Provide Directly

When you register, create a profile, or interact with our Services, we may ask you to provide us with certain personally identifiable information, which may include:

• Identity Data: Full name, National Identity Number (NIK), place and date of birth, gender.
• Contact Data: Email address, phone number, residential address.
• Account Data: Username, password, and other registration details.
• Professional Data (for Healthcare Professionals): Registration Certificate Number (STR), Practice License Number (SIP), specialization.
• Sensitive Personal Data (Health Data): This is the most sensitive data we handle, and we treat it with the utmost care. This may include:
• Medical history and electronic health records (EHR).
• Laboratory and diagnostic test results.
• Prescription information.
• Consultation records with healthcare professionals.
• Health insurance information.

1. Data Collected Automatically (Usage Data)

When you access our website, we may collect certain information automatically. As this site is built on WordPress, this data may be collected by the WordPress core, plugins, or themes we use. This information includes:

• Device and Connection Information: Internet Protocol (IP) address, browser type and version, operating system, device type.
• Log Information: Time and date of access, pages you visited, time spent on those pages, and other statistics.
• Cookies and Tracking Technologies: We use cookies to track activity on our Services and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

2. How We Use Your Information

We use the collected data for various legitimate purposes, including:

• To Provide and Manage the Services: To process your registration, manage your account, and deliver the core functionalities of our medical software.
• For Medical Purposes: To facilitate consultations, diagnoses, treatment, and health management between you and healthcare professionals.
• For Communication: To send you important service-related notifications, updates, appointment reminders, and to respond to your inquiries or support requests.
• For Legal Compliance: To comply with applicable legal obligations, such as regulations regarding the retention of medical records (e.g., Regulation of the Minister of Health No. 24 of 2022, which requires the retention of electronic health records for at least 25 years).
• For Security: To protect the security and integrity of our platform and to prevent fraud and other illegal activities.
• For Analysis and Improvement: To understand how users interact with our Services for the purpose of improving our products, services, and user experience. Data used for this purpose will be anonymized to the extent possible.

IMPORTANT: We will not use or share your sensitive health data for marketing purposes without your explicit (clear and written) consent.

3. Legal Basis for Processing Data

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the data we collect and the specific context in which we collect it. In accordance with the PDP Law, our basis for processing is:

• Consent: You have given your clear and legitimate consent for the processing of your personal data for one or more specific purposes.
• Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

4. Sharing and Disclosure of Information

We do not sell or rent your personal data. We may only share your information in the following situations:

• With Healthcare Professionals: At your direction and with your consent, we will share your health data with the doctors, clinics, or hospitals providing care to you through our platform.
• Third-Party Service Providers: We may employ third-party companies and individuals to facilitate our Services (e.g., hosting providers, payment processors, data analytics). They have access to your data only to perform these tasks on our behalf and are obligated by strict confidentiality agreements.
• For Legal Reasons: If required by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business Transfers: If we are involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

5. Data Security

The security of your data, especially your health data, is our top priority. We implement appropriate technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using SSL/TLS technology.
• Encryption of sensitive data at rest.
• Strict access controls to ensure only authorized personnel can access the data.
• Regular security audits and system monitoring.

However, no method of transmission over the Internet or method of electronic storage is 100% secure.

6. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Specifically, for electronic health records, we will adhere to the applicable regulations from the Indonesian Ministry of Health regarding minimum retention periods. Thereafter, the data will be securely deleted or anonymized.

7. Your Rights as a Data Subject

In accordance with the PDP Law, you have the following rights regarding your personal data:

• The Right to Access: To request a copy of the personal information we hold about you.
• The Right to Rectify: To request that we correct any information you believe is inaccurate or incomplete.
• The Right to Erasure: To request the deletion of your personal data, under certain conditions (“the right to be forgotten”).
• The Right to Withdraw Consent: To withdraw your consent at any time for data processing that is based on your consent.
• The Right to Restrict Processing: To request that we limit the way we use your personal data.

To exercise these rights, please contact us via the contact details below.

8. Children’s Privacy

Our Services are not intended for anyone under the age of 16 (“Children”) without consent from a legal parent or guardian. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.

9. Links to Other Websites

Our website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.¹

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Company/Legal Entity Name: ecomedia bintania.cv
• Email: [email protected]
• Address: batam center, batam island, Indonesia
• Phone Number: +62 823 3888 2021