P Hub B2B access is available for approved pharmacy members only.
Privacy Policy
This Privacy Policy explains how P-Hub collects, uses, discloses, stores and protects personal data in connection with its website, private B2B portal, membership, procurement, pharmacy directory and related services.
P-Hub respects your privacy and is committed to protecting your personal data.
P-Hub is operated by PHARMALINK ALLIANCE SDN. BHD., Registration No. 202601006536 (1668634-M).
In this Privacy Policy, “P-Hub”, “we”, “us” and “our” refer to PHARMALINK ALLIANCE SDN. BHD.
This Privacy Policy is issued in accordance with the Personal Data Protection Act 2010, its amendments and other applicable Malaysian laws and regulatory requirements.
1. Introduction
This Privacy Policy and Personal Data Protection Notice explains how we collect, use, process, disclose, store and protect personal data when you:
- Visit the P-Hub website.
- Apply to become a pharmacy Member or Supplier.
- Create or use a P-Hub account.
- Access the private B2B portal.
- Request a quotation or submit an order.
- Participate in a P-Hub programme or event.
- Submit information for a pharmacy directory listing.
- Contact or communicate with P-Hub.
- Use any P-Hub progressive web application, mobile application or digital service.
2. Scope of This Privacy Policy
This Privacy Policy applies to personal data processed through:
- The P-Hub public website.
- The private B2B Member portal.
- Member and Supplier registration.
- Account and profile management.
- Product catalogues and quote-request functions.
- Procurement and transaction administration.
- Pharmacy directory listings.
- P-Hub email, telephone and messaging channels.
- Events, programmes, surveys and campaigns.
- Future P-Hub applications and digital services.
- Offline forms and business communications associated with P-Hub.
This Privacy Policy applies to Visitors, pharmacy owners, pharmacists, authorised employees, Member representatives, Supplier representatives, service providers, event participants, business contacts and other individuals who interact with P-Hub.
It does not govern personal data independently collected by a Member pharmacy from its own customers or patients.
3. Meaning of Personal Data
“Personal data” means information relating directly or indirectly to an individual who is identified or can reasonably be identified from that information or from other available information.
Business information concerning a company may not, by itself, be personal data. However, information concerning a sole proprietor, director, pharmacist, employee, representative or individual business contact may constitute personal data.
“Sensitive personal data” may include information relating to health, physical or mental condition, religious beliefs, political opinions, alleged offences, biometric information and other information classified as sensitive under applicable law.
4. Personal Data We May Collect
The personal data collected depends on how you interact with P-Hub.
4.1 Identity and contact information
- Full name.
- Job title and position.
- Employer or represented organisation.
- Business and correspondence address.
- Email address.
- Telephone or mobile number.
- Identification or passport information where reasonably required for verification.
- Signature or electronic acknowledgement.
- Preferred language and communication method.
4.2 Business and professional information
- Company or business name.
- Company-registration number.
- Registered and operating addresses.
- Pharmacy name and premises details.
- Pharmacy, wholesale or other business licence information.
- Pharmacist name and professional-registration details.
- Ownership, directorship or authorised-representative information.
- Tax, invoicing and billing information.
- Supplier appointment, distribution or product-authorisation documents.
- Supporting due-diligence or compliance documents.
- Bank-account details where needed for authorised payments, refunds or Supplier administration.
4.3 Account and authentication information
- Username.
- Email address associated with the account.
- Encrypted or hashed password information.
- Account role and permissions.
- Login date, time and activity.
- Failed-login attempts.
- Password-reset requests.
- Authentication and security records.
- Account status and approval history.
You are responsible for keeping your login details confidential and restricting account access to authorised personnel.
4.4 Procurement and transaction information
- Products viewed, selected or requested.
- Quote-request details.
- Product quantities and variations.
- Purchase orders.
- Member pricing and agreed commercial terms.
- Invoices and credit notes.
- Delivery and billing addresses.
- Delivery instructions and recipient details.
- Bank-transfer references and payment status.
- Order history.
- Returns, shortages, complaints and replacement records.
- Communications concerning the transaction.
- Supplier and fulfilment records.
Where an external payment service is used, payment credentials may be processed directly by that service provider in accordance with its own privacy notice.
4.5 Pharmacy directory information
- Pharmacy or business name.
- Business address and map location.
- Public telephone number.
- Public email address.
- Website and social-media details.
- Opening hours.
- Services and facilities.
- Languages spoken.
- Pharmacy images, logos or descriptions.
- Names and professional details of individuals authorised for publication.
Information submitted for a public directory may be visible to website visitors, search engines and third-party indexing services.
4.6 Communications and support records
- Contact forms.
- Email.
- Telephone calls.
- WhatsApp or other messaging platforms.
- Support requests.
- Surveys and feedback.
- Meetings and business correspondence.
- Complaints and dispute-resolution processes.
Telephone or online meetings will only be recorded where appropriate notice has been provided.
4.7 Website, device and technical information
- Internet Protocol address.
- Browser type and version.
- Device type and operating system.
- Language and time-zone settings.
- Cookie or device identifiers.
- Login and session information.
- Pages visited.
- Products viewed.
- Links clicked.
- Referring website or source.
- Date, time and duration of visits.
- Error, diagnostic and security logs.
- Approximate location derived from an Internet Protocol address.
4.8 Marketing and participation information
- Marketing preferences.
- Newsletter subscriptions.
- Event or programme registrations.
- Campaign participation.
- Responses to surveys.
- Promotional-code usage.
- Email delivery and engagement information.
- Communication opt-in or opt-out records.
4.9 Sensitive personal data and patient information
P-Hub is principally a pharmacy-alliance, procurement and business-support platform. It is not intended to collect patient medical records through ordinary website, registration, quotation or contact forms.
- Prescriptions.
- Patient medical records.
- Diagnosis or treatment information.
- Medication histories.
- Identification documents belonging to pharmacy patients.
- Other confidential patient information.
Where P-Hub introduces a service that requires sensitive personal data, an additional notice, appropriate security measures and explicit consent will be provided where required.
5. How We Collect Personal Data
Directly from you
We may collect information when you:
- Complete an application or registration form.
- Create or update an account.
- Request a quotation.
- Submit a purchase order.
- Contact P-Hub.
- Register for an event.
- Complete a survey.
- Submit a directory listing.
- Communicate through email, telephone or messaging platforms.
From the organisation you represent
A pharmacy, Supplier, employer or business partner may provide your details to establish you as an authorised representative or account user.
From Members, Suppliers and business partners
We may receive information where necessary to coordinate procurement, delivery, directory services, Supplier relationships or joint programmes.
From publicly available and verification sources
We may verify information using:
- Public company records.
- Professional or regulatory registers.
- Business websites.
- Pharmacy directories.
- Government or licensing databases.
- Other lawful and credible sources.
Automatically through the Platform
Cookies, server logs and similar technologies may automatically collect technical and usage information when you access the Platform.
6. Purposes for Processing Personal Data
6.1 Registration and verification
- Processing Member and Supplier applications.
- Verifying identity and authority.
- Confirming business-registration and licensing information.
- Conducting due diligence.
- Determining eligibility for Platform access.
- Reviewing and renewing Member or Supplier status.
6.2 Account administration
- Creating and maintaining accounts.
- Assigning access permissions.
- Authenticating users.
- Managing passwords.
- Maintaining account security.
- Providing user support.
- Communicating important account information.
6.3 Procurement and transaction administration
- Responding to Product enquiries.
- Preparing quotations.
- Processing purchase orders.
- Coordinating Products with Suppliers.
- Producing invoices and transaction records.
- Confirming payments.
- Arranging delivery and fulfilment.
- Managing complaints, returns and shortages.
- Maintaining order histories.
- Supporting Product recalls and traceability.
6.4 Membership and Supplier management
- Managing P-Hub membership.
- Administering Member programmes.
- Supporting Supplier onboarding.
- Managing business relationships.
- Providing procurement and operational support.
- Communicating programme or policy updates.
- Reviewing participation and compliance.
6.5 Pharmacy directory services
- Creating and maintaining pharmacy listings.
- Displaying participating pharmacy information.
- Responding to listing-update requests.
- Improving public access to pharmacy-business information.
- Promoting approved P-Hub Members and programmes.
6.6 Communication and customer support
- Responding to enquiries.
- Providing technical support.
- Managing feedback and complaints.
- Sending operational notices.
- Keeping records of business communications.
- Resolving disputes.
6.7 Security and fraud prevention
- Protecting accounts and Platform infrastructure.
- Detecting unauthorised access.
- Investigating suspicious activities.
- Preventing fraud and misuse.
- Enforcing Platform terms.
- Maintaining audit and security records.
- Protecting P-Hub, Members, Suppliers and other users.
6.8 Analytics and service improvement
- Understanding Platform usage.
- Diagnosing technical problems.
- Improving navigation and performance.
- Developing new functions and services.
- Conducting internal business analysis.
- Evaluating programme and service effectiveness.
- Producing aggregated or anonymised reports.
6.9 Marketing and business communications
Subject to your choices and applicable law, we may:
- Send information about P-Hub services.
- Provide Member or Supplier updates.
- Announce events and programmes.
- Share relevant Product or procurement information.
- Conduct surveys.
- Send newsletters or promotional communications.
- Measure the effectiveness of communications.
6.10 Legal, regulatory and administrative purposes
- Comply with laws and regulatory requirements.
- Maintain accounting, tax and audit records.
- Respond to lawful government requests.
- Support inspections, recalls or investigations.
- Establish, exercise or defend legal rights.
- Enforce contracts and policies.
- Manage insurance or professional-adviser requirements.
- Support a business restructuring, investment, acquisition or transfer.
7. Grounds for Processing
Depending on the circumstances, P-Hub may process personal data:
- With your consent.
- To take steps at your request before entering into a contract.
- To perform a contract with you or the organisation you represent.
- To comply with a legal or regulatory obligation.
- For legitimate business interests that do not unfairly prejudice your rights.
- To protect the security and integrity of the Platform.
- To prevent fraud or unlawful activity.
- To establish, exercise or defend legal rights.
- To protect vital interests where applicable.
- In other circumstances permitted by applicable law.
Consent for optional marketing will be treated separately from information required to provide an account, service or transaction.
You may withdraw consent where processing is based on consent. Withdrawal will not affect processing lawfully carried out before the withdrawal became effective.
8. Mandatory and Optional Information
Some personal data is required for P-Hub to:
- Verify a Member or Supplier.
- Create an account.
- Prepare a quotation.
- Process an order.
- Issue an invoice.
- Coordinate delivery.
- Meet legal or regulatory obligations.
- Protect Platform security.
Required fields will normally be identified in the relevant form.
Failure to provide required information may mean that P-Hub cannot approve an application, establish an account, process a quotation, complete a transaction or provide the requested service.
Information marked as optional may be omitted without affecting basic access, although certain features may be unavailable.
9. Information About Other Individuals
Where you provide personal data concerning an employee, pharmacist, director, representative, delivery recipient or another individual, you confirm that:
- The information is accurate.
- You are authorised to provide it.
- The individual has been informed of this Privacy Policy.
- Any required consent has been obtained.
- The information is not being submitted for an unlawful purpose.
Members and Suppliers are responsible for maintaining their authorised-user information and removing access when an individual no longer represents the organisation.
10. Disclosure of Personal Data
P-Hub does not sell or rent personal data for monetary consideration.
We may disclose personal data, where reasonably necessary, to the following categories of recipients.
Members and Suppliers
Relevant information may be shared between a Member and Supplier to:
- Prepare or fulfil a quotation.
- Process an order.
- Coordinate delivery.
- Resolve a complaint.
- Manage a recall.
- Support an agreed business programme.
Logistics and fulfilment providers
Names, telephone numbers, delivery addresses and order information may be shared with couriers, warehouses, delivery companies and logistics providers.
Financial and payment service providers
Information may be shared with banks, accountants, payment providers or financial-service providers to process payments, refunds, invoicing and account reconciliation.
Technology and service providers
We may engage providers of:
- Website hosting.
- Cloud storage.
- Email delivery.
- Customer-relationship management.
- Account authentication.
- Data backup.
- Analytics.
- Cybersecurity.
- Technical support.
- Document management.
- Business communications.
Service providers acting on P-Hub’s behalf are expected to process personal data only for authorised purposes and to implement appropriate confidentiality and security controls.
Professional advisers
Personal data may be disclosed to lawyers, auditors, accountants, insurers, consultants and other professional advisers where reasonably necessary.
Authorities and regulators
Information may be disclosed to courts, law-enforcement bodies, regulators, government departments or other authorised bodies:
- Where required by law.
- In response to a lawful request.
- To support a regulatory inspection or Product recall.
- To investigate suspected fraud or unlawful activity.
- To protect legal rights or public safety.
Corporate transactions
Personal data may be disclosed to prospective investors, purchasers, advisers or successors in connection with a proposed merger, acquisition, financing, restructuring or sale of part or all of the business, subject to appropriate confidentiality measures.
Other disclosures
We may disclose personal data:
- With your consent.
- At your direction.
- Where necessary to protect the vital interests of an individual.
- Where otherwise permitted by applicable law.
11. Public Pharmacy Directory
Information approved for inclusion in the P-Hub pharmacy directory may be publicly displayed.
Public listing information may include:
- Pharmacy name.
- Business address.
- Telephone number.
- Email address.
- Opening hours.
- Website.
- Services.
- Images.
- Map location.
- Other information approved for publication.
A Member must not submit an individual’s private telephone number, personal email address, photograph or other personal information for public display without proper authority.
Removing information from P-Hub may not immediately remove copies previously cached or indexed by search engines or independent third parties.
12. Cross-Border Transfers
Some P-Hub service providers, cloud systems, software providers or technical infrastructure may be located outside Malaysia or may store information in other jurisdictions.
Where personal data is transferred outside Malaysia, P-Hub will take reasonable steps to ensure that:
- The transfer is permitted under applicable law.
- The purpose and relevant recipient category are appropriately identified.
- Reasonable due diligence is conducted.
- Appropriate contractual or organisational safeguards are used.
- The receiving party provides an appropriate level of protection.
- The transfer method is reasonably secure.
- Records of relevant cross-border transfers are maintained where required.
Where consent is relied upon for a cross-border transfer, the relevant consent will be obtained and recorded.
13. Cookies and Similar Technologies
P-Hub may use cookies, pixels, local storage, session identifiers and similar technologies.
Cookies are small files stored on a browser or device. They may support the operation, security and improvement of the Platform.
13.1 Strictly necessary cookies
These cookies support functions such as:
- Account login.
- Session management.
- Quote or cart functions.
- Security.
- Form submission.
- Fraud prevention.
- User authentication.
Blocking these cookies may prevent parts of the Platform from working.
13.2 Preference cookies
These cookies may remember:
- Language selections.
- Login preferences.
- Display settings.
- Previously selected options.
- Other user choices.
13.3 Analytics cookies
Analytics technologies may help P-Hub understand:
- Number of visits.
- Pages viewed.
- Time spent on pages.
- Navigation patterns.
- Errors and performance.
- General device and traffic information.
Analytics may be configured to use aggregated or pseudonymised information where reasonably possible.
13.4 Marketing cookies
Where used, marketing technologies may measure campaign performance or help present relevant P-Hub content.
Non-essential marketing cookies will be managed according to applicable consent and preference requirements.
13.5 Managing cookies
You may manage cookies through:
- The P-Hub cookie-preference tool, where available.
- Your browser settings.
- Device privacy settings.
- Relevant third-party opt-out mechanisms.
Disabling cookies may affect Platform functionality. Removing a cookie does not necessarily prevent a new cookie from being stored if the relevant setting remains enabled.
14. Direct Marketing
P-Hub may send business updates, Product information, programme announcements, surveys, event invitations and other marketing communications where permitted.
Marketing consent is optional and is not a condition of basic Platform use unless the communication is an essential part of a requested service.
You may opt out by:
- Using the unsubscribe function in an email.
- Changing available account preferences.
- Contacting P-Hub at connect@p-hub.com.my.
An opt-out request does not prevent P-Hub from sending necessary non-marketing communications concerning:
- Account security.
- Transactions.
- Quotations.
- Invoices.
- Deliveries.
- Policy changes.
- Membership administration.
- Product recalls.
- Regulatory matters.
P-Hub may retain a limited suppression record to ensure that an opt-out preference continues to be respected.
15. Data Security
P-Hub will implement reasonable administrative, technical and organisational measures designed to protect personal data against:
- Unauthorised access.
- Improper use.
- Accidental loss.
- Unlawful disclosure.
- Alteration.
- Destruction.
- Malware.
- Account compromise.
Measures may include:
- Access controls.
- Role-based permissions.
- Authentication controls.
- Password protection.
- Encryption during transmission where appropriate.
- Security logging and monitoring.
- Backup and recovery controls.
- Software and system updates.
- Staff confidentiality requirements.
- Vendor-security assessments.
- Incident-response procedures.
No website, network or storage system can be guaranteed to be completely secure. Users must also take reasonable precautions, including protecting passwords, devices and account credentials.
16. Retention of Personal Data
P-Hub retains personal data only for as long as reasonably necessary for the purpose for which it was collected or as required by law.
Retention periods may depend on:
- The duration of the Member, Supplier or business relationship.
- The period an account remains active.
- Transaction, accounting and tax requirements.
- Product-traceability and recall obligations.
- Regulatory and professional requirements.
- Contractual limitation periods.
- Existing or anticipated disputes.
- Fraud and security-prevention needs.
- Backup and disaster-recovery cycles.
When personal data is no longer required, P-Hub will take reasonable steps to:
- Securely delete it.
- Destroy it.
- Remove identifying details.
- Anonymise it.
- Restrict further processing where immediate deletion is not technically practicable.
Anonymised information that no longer identifies an individual may be retained for analytical, historical or statistical purposes.
17. Personal Data Breaches
P-Hub will maintain procedures for assessing and responding to suspected personal-data breaches.
Where a breach occurs, P-Hub may:
- Investigate and contain the incident.
- Assess the nature and likely consequences.
- Take remedial and preventive measures.
- Preserve relevant evidence.
- Cooperate with service providers and authorities.
- Notify the Personal Data Protection Commissioner where required.
- Notify affected individuals where required.
- Maintain appropriate incident records.
Notifications will be made within the periods and in the circumstances prescribed by applicable law.
18. Your Rights and Choices
Subject to applicable law and permitted exceptions, you may request to:
- Confirm whether P-Hub processes your personal data.
- Access personal data held about you.
- Correct inaccurate, incomplete, misleading or outdated data.
- Withdraw consent previously provided.
- Stop receiving direct marketing.
- Prevent or restrict certain processing where applicable.
- Request deletion where P-Hub is not legally or operationally required to retain the information.
- Request data portability where the right applies and the transfer is technically feasible.
- Obtain information about relevant processing practices.
- Submit a privacy-related complaint.
Some rights are not absolute. P-Hub may retain or continue processing information where required for legal, regulatory, security, contractual, evidential or legitimate business purposes.
You may also submit a complaint to the Personal Data Protection Commissioner of Malaysia if you believe your personal data has been processed contrary to applicable law.
19. Exercising Your Rights
Requests may be submitted using the contact information at the end of this Privacy Policy.
To protect personal data, P-Hub may require:
- Proof of identity.
- Confirmation of your account.
- Evidence that you are authorised to act for another person.
- Sufficient information to identify the relevant records.
- Clarification of an unclear or overly broad request.
P-Hub will respond within the period required by applicable law.
A reasonable fee may be imposed where permitted by law. P-Hub may refuse or limit a request where an applicable legal exception applies and will provide an explanation where required.
Where an account is controlled by a Member or Supplier organisation, certain account-administration information may also be accessible to the organisation’s authorised administrators.
20. Children and Minors
The P-Hub B2B Platform is intended for adult business users and is not directed to children.
Individuals under 18 years old must not create a business account or submit business applications without the involvement of a parent, guardian or properly authorised adult.
P-Hub does not knowingly seek to collect children’s personal data through its ordinary B2B services.
Where P-Hub becomes aware that a child’s personal data has been improperly submitted, reasonable steps may be taken to delete or restrict that information.
21. P-Hub and Independent Member Pharmacies
P-Hub Members are independently owned and operated pharmacies unless expressly stated otherwise.
A Member pharmacy may independently collect information from its customers or patients, including:
- Customer-contact information.
- Membership information.
- Prescriptions.
- Consultation records.
- Medication histories.
- Health-screening results.
- Payment and retail-purchase records.
The Member pharmacy is responsible for its own privacy practices and should provide its own applicable privacy notice.
This P-Hub Privacy Policy does not automatically govern personal data collected directly by a Member pharmacy outside the P-Hub Platform.
Questions concerning information provided directly to a pharmacy should generally be directed to that pharmacy.
22. Third-Party Websites and Communication Platforms
The Platform may contain links to Supplier websites, Member websites, payment providers, logistics providers, social-media platforms, mapping services and other external services.
P-Hub does not control the independent privacy practices of those third parties. You should review their privacy policies before submitting personal data.
Where you communicate with P-Hub through WhatsApp, Facebook, Instagram, LinkedIn or another third-party platform, that platform may separately process information according to its own terms and privacy policy.
23. Changes to This Privacy Policy
P-Hub may update this Privacy Policy to reflect:
- Changes to Platform functions.
- New services or applications.
- Operational changes.
- Changes in service providers.
- Legal or regulatory developments.
- Security or compliance requirements.
The latest version will be published on the P-Hub website with its revision date.
Where a change materially affects registered users, P-Hub may also provide notice through email, an account notification or another appropriate channel.
24. Language
This Privacy Policy should be made available in English and Bahasa Malaysia.
Where translated versions are provided and an inconsistency arises, the English version will prevail to the extent permitted by applicable law.
25. Contact P-Hub
For privacy enquiries, access or correction requests, withdrawal of consent, marketing opt-outs or complaints, please contact:
Privacy Contact
Attention: Privacy Officer
P-Hub
Company
PHARMALINK ALLIANCE SDN. BHD.
Registration No. 202601006536 (1668634-M)
Registered Address
No. 5, Lot 1967, Taman Indah
35800 Slim River
Perak, Malaysia
Contact Details
Telephone:
017-558 5300
Email:
connect@p-hub.com.my
When submitting a request, please provide sufficient information for P-Hub to identify you, locate the relevant records and verify your authority.
Back to topLegal review notice: This Privacy Policy is intended as a structured business draft for P-Hub. It should be reviewed by a qualified Malaysian legal or data-protection professional before publication. A Bahasa Malaysia version, cookie-consent configuration and data-processing review should also be completed based on the actual website plugins, analytics tools, email systems, hosting providers and third-party integrations used by P-Hub.