1.
Interpretation
1.1. This Terms & Conditions and Privacy Notice (“Policy”) describe
how MyDocLab Sdn. Bhd., its respective subsidiaries, affiliates, associated
companies and jointly controlled entities (collectively “MyDocLab”, “we”, “us”
or “our”) collect, use, process and disclose your Personal Data through the use
of MyDocLab’s mobile application and websites (respectively “Apps” and
“Websites”), as well as products, features and other services globally,
operated by MyDocLab (collectively, “Services”).
1.2. This Policy applies to our customers, agents, vendors, suppliers,
partners, contractors and service providers (collectively “you”, “your” or
“yours”).
1.3. MyDocLab is a data user, so are our Clients
i.
In respect of any User and the processing of all
their Personal Data (including but not limited to Linking Data and Portal
Data), MyDocLab acts as a data user. For further information on how
MyDocLab collects, uses and discloses Users’ Personal Data, refer Item 4
(Privacy Notice)
ii.
Due to the way MyDocLab for Business works,
MyDocLab does not process any Personal Data for and on behalf of the Client.
Accordingly, MyDocLab is not the data processor of the Client, but an
independent data user in respect of all Personal Data that it processes in
the course of providing MyDocLab for Business feature. Likewise, the Client is
an independent data user of the Personal Data (e.g. the Linking Data and Portal
Data) that it discloses to and/or receives from MyDocLab.
iii.
As independent data users, MyDocLab and the
Client individually determine the purposes and means of processing Personal
Data, subject to the provisions set out in the Terms & Conditions and
Privacy Notice. MyDocLab and the Client are also individually responsible to
ensure the protection of Personal Data under their charge.
2.
Privacy Notice
MyDocLab
respects and is committed to protect clients’ personal data and information
shared with MyDocLab in strict accordance with the requirements of the Personal
Data Protection Act, Malaysia, 2010 (PDPA). The below notice will explain how
MyDocLab collects and handles client’s personal information.
By interacting
with us, submitting information to us or signing up for services offered by
MyDocLab, client hereby agrees and gives consent to MyDocLab as well as its
representatives and/or agents collecting, using, disclosing and sharing amongst
themselves your Personal Data, and disclosing such Personal Data to MyDocLab
authorised service providers and relevant third parties in the manners set
forth in this Privacy Notice.
Please note that
MyDocLab may amend this Privacy Notice at any time without prior notice and
will notify client of any such amendment via our website.
Sensitive
Personal Data
Some of the
Personal Data that we collect are sensitive in nature. This includes Personal
Data pertaining to your race, national ID information, religious beliefs,
background information (including financial and criminal records, where legally
permissible), health data, disability, marital status and biometric data, as
applicable. We collect this information only with your consent and/or in strict
compliance with applicable laws.
When you
provide Personal Data of other individuals to us
In some
situations, you may provide Personal Data of other individuals (such as your
spouse, family members or friends) to us. For example, you may add them as your
emergency contact. If you provide us with their Personal Data, you represent
and warrant that you have obtained their consent for their Personal Data to be
collected, used and disclosed as set out in this Policy.
2.1. Types of Personal Data MyDocLab Collects.
i.
The types of Personal Data that MyDocLab
collects directly from client or from third parties may include (but not
limited to):
●
client’s personal data
(name, age, gender, identity card number, passport number, date of birth,
origin, nationality, citizenship).
●
contact details (address,
email, phone numbers)
●
travel information (travel
history, flight information, airlines used to travel)
●
family information (marital
status, name of spouse, children and/or immediate family
●
medical or personal health
information (medical and healthcare history, health and mental condition and
diagnosis)
●
demographic information (age
group, medical history, genetic characteristics)
●
payment information
(credit/debit card number, name of cardholder, card issuing country, card
expiry date and banking details)
●
photographs, CCTV recordings
and other images
●
other information related to
processing activities services used by the client (Refer to 4.1.2)
ii.
Below you will find an overview of the data
processing activities by MyDocLab, irrespective of whether or not the data is
subject to the GDPR and irrespective of whether MyDocLab is qualified under
Applicable Law as a data controller or processor. In the table below, data
which is not to be considered as personal data under the GDPR is indicated in
red. This data constitutes the bulk of the data processed by MyDocLab, being
the PCR-data and derived results, as well as anonymized and aggregate non-personal
data.
Even though GDPR
does not apply to this type of data, MyDocLab wants to emphasize that it
handles all data – be it personal data under the scope of the GDPR or not –
with all due care.
Types of (Personal) Data processed by MyDocLab
|
Ways, purposes, means of the data processing activities. |
Duration of the data processing |
Categories of Data subjects |
PCR-data and derived results
(Patient de-identified test data
including but not limited to raw
data, genetic data, results,
subject-information, used assay
plugins …)
Laboratory information (including but not limited to laboratories, devices)
|
Store, process, visualize.
To improve and/or expand the products and services offered by MyDocLab.
Project management
Support services
|
Stored for 10 years, or the
complete product lifecycle
period of the product as a
medical device (required by
ISO 13485)
|
Patient (de-identified)
End User
|
Anonymized and aggregate non-personal data
(i.e. information that has been
stripped of subject-information
and aggregated with information
of others or anonymized so that
the subject cannot reasonably be
identified as an individual)
|
May be shared with third-parties e.g. through anonymized demo data, epidemiology analyses or summary reports.
|
Stored for up to 100 years
|
Patient (de-identified)
|
User identification information
(i.e. personal (e-)identification data such as e-mail address, name, title, geography, IP address, cookies, session information._
|
Store, process, visualize.
To improve and/or expand the products and services offered by MyDocLab.
Support services (including personalised follow-up regarding old and new features)
User information is stored within the Admin module in the West-European region.
|
Stored until 5 years after license expiry
|
User
|
CRM information
(i.e. financial identification data: name, geography, identification number, etc.)
|
Used for accounting and compliance purposes.
Used for customer due diligence, embargo, and sanctions screening
To provide summary reports to diagnostic companies where applicable
|
Customer and accounting information is stored for 10 years
|
End User
|
iii.
In addition, MyDocLab may from time to time
request for certain other personal information, that may be relevant to
MyDocLab services implementation.
iv.
All information requested is obligatory to be
provided by the client unless stated otherwise. MyDocLab would not be able to
process client’s request or provide relevant facilities and/or services and/or
transactions should the client fail to furnish MyDocLab with the necessary information.
2.2. How MyDocLab Collects Client’s Personal Data?
i.
Any Personal Data is obtained by MyDocLab via;
i.
Online booking through MyDocLab mobile
application.
ii.
A person acting on behalf of the individual
whose data are provided.
iii.
Other sources and related links in connection
with providing of client’s needs and services.
2.3. How MyDocLab Uses Client’s Personal Data?
i.
Purposes for which data may be used and/or
processed are as follows:
i.
To process requested medical services and
facilities.
ii.
To process any payments relevant to the client.
iii.
For insurance purposes.
iv.
For internal investigations, audit or security
purposes.
v.
To comply with MyDocLab’s legal and regulatory
obligations in the conduct of its business.
vi.
For MyDocLab’s internal record management.
vii.
For prevention, hindrance, reporting of any
crime including but not limited to fraud, bribery and money laundering.
viii.
Purposes relating thereto.
2.4. Why MyDocLab Collects Client’s Personal Data?
i.
Providing services and features
i.
Provide you with Services across our various
business verticals;
ii.
Engage you to provide Services;
iii.
Create, administer and update your account;
iv.
Conduct due diligence checks;
v.
Verify your identity;
vi.
Verify your age (where necessary);
vii.
Process payments;
viii. Make your experience more seamless, such as automatically filling in
your registration information (such as your name or phone number) from
one Service to another Service or when you participate in our surveys;
ix.
Perform internal operations necessary to provide
our Services, including troubleshooting software bugs and
operational problems, conducting data analysis, testing and
research, monitoring and analysing usage and activity trends;
x.
Protect the security or integrity of the
Services and any facilities or equipment used to make the Services
available;
xi.
enable our partners to manage and allocate fleet
resources; and
xii.
fulfill the services to you as a data processor,
where you have provided consent to the data controller (i.e. the organisation
you had purchased goods or services from, and for whom MyDocLab is providing
services on behalf of) for such services to be rendered.
ii.
Safety and Security
i.
Verifying your identity when you log in.
ii.
Using device, location, profile, usage and other
Personal Data to prevent, detect and combat fraud or unsafe activities;
iii.
Monitoring compliance with our terms and
conditions, policies and our partner’s and staff Code of Conduct; and
iv.
Detecting, preventing and prosecuting crime.
iii.
Customer Support
i.
Investigate and address concerns;
ii.
Monitor and improve our customer support
responses;
iii.
Respond to questions, comments and feedback; and
iv.
Inform you about steps taken to resolve customer
support issues.
iv.
Research and development and security
i.
Testing, research, analysis and product
development.
ii.
Understand and analyse client’s needs and
preferences.
iii.
Protect client’s Personal Data, improve and
enhance the safety and security of our Services.
iv.
Develop new features, products and services, and
facilitate insurance and finance solutions.
v.
Legal Purposes
i.
To investigate and resolve claims or disputes,
or as allowed or required by applicable law.
ii.
When we are required, advised, recommended,
expected or requested to do so by our legal advisors or any local or foreign
legal, regulatory, governmental or other authority. For example, we may use
your Personal Data to: comply with court orders or other legal, governmental or
regulatory requirements; enforce our Terms of Service or other agreements; and
protect our rights or property in the event of a claim or dispute.
iii.
Utilize data in connection with mergers,
acquisitions, joint ventures, sale of company assets, consolidation,
restructuring, financing, business asset transactions, or acquisition of all or
part of our business by another company.
vi.
Marketing and promotions
i.
We may use your Personal Data to market
MyDocLab, sponsors’ and advertisers’ products, services, events or promotions.
For example, we may: send you alerts, newsletters, updates, mailers,
promotional materials, special privileges, festive greetings; and notify,
invite and manage your participation in our events or activities.
ii.
We may communicate such marketing to you by
post, telephone call, short message service, online messaging service, push
notification by hand and by email.
2.5. Disclosure of Client’s Personal Data
i.
Data held by MyDocLab relating to the client
will be kept confidential but MyDocLab may provide or disclose such information
to the following parties (whether within or outside of Malaysia)
i.
Governmental agencies, governmental authorities
and other regulatory bodies.
ii.
Subsidiaries, associated companies, jointly
controlled entities and affiliates.
iii.
Relevant third parties as required under law for
the purposes stated in 4.3 above.
iv.
Independent consultants and specialists within
MyDocLab
v.
Professional advisers such as external auditors,
legal advisors, and/or financial advisers or any third party required by law,
regulation, subpoena, court order or other legal process.
vi.
Third part payers including insurance companies.
2.6. Complaints
i.
If a client has any queries or complaints
relating to this Privacy Notice or otherwise relating to misuse or suspected
misuse of client’s data, complaints may be submitted trough email at
2.7. Retention of Client’s Personal Data
i.
MyDocLab retains your Personal Data for the
period necessary to fulfill the Purposes outlined in this Policy unless a
longer retention period is required or allowed by law. Once your Personal Data
is no longer necessary for the Services or Purposes, or we no longer have a
legal or business purpose for retaining your Personal Data, we take steps to
erase, destroy, anonymise or prevent access or use of such Personal Data for
any purpose other than compliance with this Policy, or for purposes of safety,
security, fraud prevention and detection, in accordance with the requirements
of applicable laws.
2.8. Cookies And Advertising On Third Party Platforms
i.
MyDocLab, and third parties with whom we
partner, may use cookies, web beacons, tags, scripts, local shared objects such
as HTML5 and Flash (sometimes called “flash cookies”), advertising identifiers
(including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID)
and similar technology (“Cookies”) in connection with your use of the Websites
and Apps. Cookies may have unique identifiers, and reside, among other places,
on your computer or mobile device, in emails we send to you, and on our web
pages. Cookies may transmit Personal Data about you and your use of the
Service, such as your browser type, search preferences, IP address, data
relating to advertisements that have been displayed to you or that you have
clicked on, and the date and time of your use. Cookies may be persistent or
stored only during an individual session.
ii.
MyDocLab may allow third parties to use Cookies
on the Websites and Apps to collect the same type of Personal Data for the same
purposes MyDocLab does for itself. Third parties may be able to associate the
Personal Data they collect with other Personal Data they have about client from
other sources. We do not necessarily have access to or control over the Cookies
they use.
iii.
Additionally, we may share non-personally
identifiable Personal Data with third parties, such as location data,
advertising identifiers, or a cryptographic hash of a common account identifier
(such as an email address), to facilitate the display of targeted advertising
on third party platforms.
iv.
If clients do not wish for your Personal Data to
be collected via Cookies on the Websites, you may deactivate cookies by
adjusting your internet browser settings to disable, block or deactivate
cookies, by deleting your browsing history and clearing the cache from your
internet browser. You may also limit our sharing of some of this Personal Data
through your App (Settings > Privacy > Ads) and mobile device settings.
2.9. Protection Of Personal Data
i.
We will take reasonable legal, organisational
and technical measures to ensure that your Personal Data is protected. This
includes measures to prevent Personal Data from getting lost, or used or
accessed in an unauthorised way. We limit access to your Personal Data to our
employees on a need to know basis. Those processing your Personal Data will
only do so in an authorised manner and are required to treat your information
with confidentiality.
ii.
Nevertheless, please understand that the
transmission of information via the internet is not completely secure. Although
we will do our best to protect your Personal Data, we cannot guarantee the
security of your Personal Data transmitted through any online means, therefore,
any transmission remains at your own risk.
2.10. Clients’ Rights With Respect To Their Personal
Data
i.
In accordance with applicable laws and
regulations, you may be entitled to:
●
Ask us about the processing of your Personal
Data, including to be provided with a copy of your Personal Data;
●
Request the correction and/or (in some cases)
deletion of your Personal Data;
●
In some cases, request the restriction of the
processing of your Personal Data, or object to that processing;
●
Withdraw your consent to the processing of your
Personal Data (where we are processing your Personal Data based on your
consent);
●
Request receipt or transmission to another
organisation, in a machine-readable form, of the Personal Data that you have
provided to us where we are using your Personal Data based on consent or
performance of a contract; and
●
Complain to the relevant data privacy authority
if your data privacy rights are violated, or if you have suffered as a result
of unlawful processing of your Personal Data.
ii.
Where you are given the option to share your
Personal Data with us, you can always choose not to do so. If we have requested
your consent to processing and you later choose to withdraw it, we will respect
that choice in accordance with our legal obligations.
iii.
However, choosing not to share your Personal
Data with us or withdrawing your consent to our use of it could mean that we
are unable to perform the actions necessary to achieve the purposes of
processing described in Section 4.3 (Why MyDocLab Collects Client’s Personal
Data?) or that you are unable to make use of the Services.
iv.
After you have chosen to withdraw your consent,
we may be able to continue to process your Personal Data to the extent required
or otherwise permitted by applicable laws and regulations.
v.
If you wish to make a request to exercise your
rights, you can contact us through our contact details set out in Contact Us
section.
vi.
We will screen and verify all requests
beforehand. In order to verify your authority to make the request, we may
require you to provide supporting information or documentation to corroborate
the request. Once verified, we will give effect to your request within the
timelines prescribed by applicable laws.
2.11. Amendments And Updates
MyDocLab shall
have the right to modify, update or amend the terms of this Policy at any time
by placing the updated Policy on the Websites. By continuing to use the Apps,
Websites or Services, purchase products from MyDocLab or continuing to
communicate or engage with MyDocLab following the modifications, updates or
amendments to this Policy, you signify your acceptance of such modifications,
updates or amendments.
2.12. Client continues usage of MyDocLab, services, facilities and or
account(s) is deemed consent for MyDocLab to collect, process and store the
data in accordance with the above.