Last updated: 23 May 2019
MedPlanner Sdn. Bhd. is incorporated in Malaysia with Company No. 1252735-W and is subject to the applicable provisions of the Personal Protection Act 2010 (“PDPA”) currently in force, including any regulation, order, judgment, subsidiary legislation, binding code of conduct or minimum standard promulgated thereunder.
For GDPR, General Data Protection Regulation (EU) 2016/679, please see below.
1. CONSENT TO PROCESS PERSONAL DATA
1.2 You have the right to withdraw your consent at any time. Since the basis of processing your Personal Data is the consent you grant, withdrawing your consent will require the closing of your Account on our Application and the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.
2. INFORMATION COLLECTION AND USE
2.1 We may collect your Personal Data when you register with us to create your user profile on our applications (“Account”), when you use any of our Services, when you subscribe to any of our publications, newsletters or notifications, when you accept our cookies on your device, when you interact with our customer experience team or other representatives, when you interact with us on our social media accounts, when you respond to a customer survey or any other request for additional Personal Data, or when you voluntarily submit your Personal Data to us for any reason or otherwise contact us online.
2.2 Whatever the activity may be, we will only collect personal data to the extent deemed reasonably necessary to fulfil your requests and to improve our Services.
2.3 The types of personal data we collect include, without limitation, the following:
• Registration information you provide when you create an Account, including your first name and surname, country of residence, gender, date of birth, email address, Regulator registration number, username and password.
• Transaction information you provide for any Free Trial or Subscription, including your billing address, where applicable.
• Information you provide in clinical bulletins, public forums or functionalities on our Application.
• Location information when you use our Application or the Services thereunder, including location information either provided by a mobile device interacting with our Application (including through beacon technologies) or associated with your IP address, where we are permitted by law to process this information.
• Usage, viewing and technical data, including your device identifier or IP address, when you visit our website or open emails we send.
2.4 We may use and disclose your Personal Data for purposes necessary to provide you with our services, including, but not limited to, registering and maintaining your Account and verifying your identity or age; providing you with ancillary services and functions related to your Account; communicating with you with respect to any of your queries, requests or feedback; communicating with you with respect to your Account and matters related thereto; communicating with you with respect to any changes in our policies; conducting market and customer research, analysis or tracking; monitoring and ensuring compliance with our Terms and Conditions; or any other act to comply with any applicable law, regulation, order or binding minimum standard or code of conduct.
2.5 Please note that where a specific purpose in relation to a particular service is not covered above, we may separately notify you on the product or service page.
2.6 If you do not submit personal data when asked by us, your refusal may limit our ability to process your Account creation, provision of Services, contest or promotion registration, or request for technical support.
3. EUROPEAN LEGISLATION MAY APPLY TO CONTENT THAT IS SENSITIVE PERSONAL DATA PROVIDED BY REGULATED USERS
3.1 Each Regulated User acknowledges that the General Data Protection Regulation (EU) 2016/679 (“GDPR”) may apply to Content that is personal data, including sensitive personal data (as defined under the European legislation), relating to data subjects who are in the European Economic Area (“EEA”) and the processing of that Content relates to the offering to them of any goods and services within the EEA or if their behaviour is monitored in the EEA.
3.2 Furthermore, each Regulated User acknowledges that the Switzerland Federal Data Protection Act of 19 June 1992 (“FDPA”) or the United Kingdom Data Protection Act 2018 (“DPA”) may apply to Content that is personal data, including sensitive person data (as defined under the FDPA or the DPA, as the case may be), relating to data subjects who are in Switzerland or the United Kingdom.
3.3 If the GDPR, FDPA or DPA applies to the processing of any personal data forming the whole or any part of the Content, each Regulated User acknowledges that they are using that personal data and is a controller or a processor, as applicable, of that personal data under the relevant legislation and each Regulated User warrants and undertakes that it will comply with the obligations applicable to it under the relevant legislation.
3.4 If the relevant legislation so applies, each Regulated User warrants that any instructions or actions performed on the Application or any Services thereunder, with respect to the Content, is authorised.
3.5 We will enable the Regulated Users to delete the Content during the Subscription in a manner that is consistent with the Terms of Service. If the Regulated User uses the Services to delete any Content, during the term of the Subscription, and such Content cannot be recovered by us, this will constitute an instruction to us to delete the relevant Content from our archives or backup systems in accordance with applicable law. On the expiry of the Subscription, we will, within ninety (90) days, delete all Content from our archives or backup systems unless retention of that Content is mandated or permitted by law.
3.6 To the maximum extent permitted under the relevant law, each Regulated User fully indemnifies us and holds us harmless against any demand, claim, loss, action or proceeding arising out of, relating to or in connection with a breach of this section howsoever caused.
4. HIPAA MAY APPLY TO CONTENT THAT IS PROTECTED HEALTH INFORMATION PROVIDED BY REGULATED USERS
4.1 Each Regulated User acknowledges that the Health Insurance Portability and Accountability Act generally and any standards or rules promulgated thereunder, including but not limited to, the Standards for Privacy of Individually Identifiable Health Information as consolidated and modified by the Omnibus Final Rule (collectively, “HIPAA”) may apply to Content that is
protected health information (“PHI”) (as defined under HIPAA), relating to data subjects who are in the United States of America.
4.2 If HIPAA applies to the processing of any PHI forming the whole or any part of the Content and that the Regulated User is a Covered Entity under HIPAA, each Regulated User acknowledges that they are using or disclosing that PHI and warrants and undertakes that it will comply with the obligations applicable to it under HIPAA.
4.3 We will enable the Regulated Users to delete the Content during the Subscription in a manner that is consistent with the Terms of Service. If the Regulated User uses the Services to delete any Content, during the term of the Subscription, and such Content cannot be recovered by us, this will constitute an instruction to us to delete the relevant Content from our archives or backup systems in accordance with applicable law. On the expiry of the Subscription, we will, within ninety (90) days, delete all Content from our archives or backup systems unless retention of that Content is mandated or permitted by law.
4.4 To the maximum extent permitted under the relevant law, each Regulated User fully indemnifies us and holds us harmless against any demand, claim, loss, action or proceeding arising out of, relating to or in connection with a breach of this section howsoever caused.
5. LOG DATA
5.1 When you access the Services by or through a mobile device, we may collect usage, viewing and technical data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use and other statistics (“Log Data“).
6. SERVICE PROVIDERS
6.1 We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related services or to assist us in analysing how our Services is used. These third parties are prohibited from using your personal data for purposes other than those requested by us or by law.
6.2 In addition, we may use third party services such as Google Analytics that collect, monitor and analyse log data in order to increase our Services’ functionality. The information these third party service providers will be subject to their own privacy policies.
8.1 We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
9. YOUR CONTROLS AND CHOICES
9.1 We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. In accordance with local law, your controls and choices include the right to correct, update and delete your registration account.
9.2 You may exercise your controls and choices, or request access to your Personal Data, including if for any reason you wish to question, view, correct or delete the personal data collected about you by us or our technical partners, by filling out a Personal Data Correction/Update Form and sending it via email to firstname.lastname@example.org written in the English language, or following instructions provided in communications sent to you. We will be happy to review, update or remove information as appropriate. However, we may still retain Personal Data in our files to resolve disputes, enforce our agreements, due to technical or legal requirements or matters related to security, integrity or operation of our services.
9.3 If you are located in or are a citizen of the European Union, you may have the following rights with some exceptions in relation to Personal Data that we hold about you:
• To request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;
• To request that we rectify or update your Personal Data that is inaccurate, incomplete or outdated;
• To request that we erase your Personal Data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
• To request that we restrict the use of your Personal Data in certain circumstances;
• Where you have given us consent to process your Personal Data, to withdraw your
• To request that we provide a copy of your Personal Data to you in a structured, commonly used and machine-readable format in certain circumstances.
10. COMPLIANCE WITH LAWS
10.1 We will disclose your Personal Data where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Services.
10.2 Third parties may have access to your Personal Data where they perform services on behalf of the data controller(s) (as a data processor) and, unless prohibited under applicable law, for use on their own behalf (as a data controller) including, but not limited to, facilitating the use of any services; consistent with local law and choices and controls that may be available to you, using information collected from you, or from devices associated with you; or detect, investigate and prevent activities that may violate our policies or be illegal.
11. BUSINESS TRANSACTION
13. INTERNATIONAL TRANSFER
13.2 If you are located outside Malaysia and choose to provide information to us, please note that we transfer the information, including Personal Data, to Malaysia and process it there.
14. LINKS TO OTHER SITES
14.2 The Personal Data received by the third party’s site becomes subject its company’s privacy practices. We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.
15. CHILDREN’S PRIVACY
15.1 Our Services are only intended for Regulated Users and are not intended for individuals under the age of 13 (“Children“).
15.2 We do not knowingly collect Personal Data from Children. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that Personal Data from our servers.
17. CONTACT US