PRIVACY POLICY

PRIVACY POLICY

Last updated: 23 May 2019

MedPlanner Sdn. Bhd. (“us“, “we“, or “our“) operates the MedPlanner mobile application – Circles.MD (“Application”) and the services offered through the Application (“Services”). Defined terms used in this Privacy Policy shall have the meanings ascribed to them under the Terms of Service unless the context otherwise admits.

MedPlanner Sdn. Bhd. is incorporated in Malaysia with Company No. 1252735-W and is subject to the applicable provisions of the Personal Protection Act 2010 (“PDPA”) currently in force, including any regulation, order, judgment, subsidiary legislation, binding code of conduct or minimum standard promulgated thereunder.

For GDPR, General Data Protection Regulation (EU) 2016/679, please see below.

This Privacy Policy informs you of our policies regarding the collection, use and disclosure of your personal information (“Personal Data”) when you use our Services.

1. CONSENT TO PROCESS PERSONAL DATA

1.1  We will not use or share your Personal Data for any other purpose except as described in this Privacy Policy. By using our Services, you agree and consent to the collection, use and transfer of Personal Data in accordance with this Privacy Policy. We are based in Malaysia and your Personal Data is collected, stored, used and shared in accordance with Malaysian law. To the extent that any of your Personal Data is transferred outside of Malaysia, you acknowledge that those jurisdictions may have privacy legislation that is different from Malaysian law. If you do not agree to this Privacy Policy, please do not use the Application or any Services thereunder or any of our services.

1.2  You have the right to withdraw your consent at any time. Since the basis of processing your Personal Data is the consent you grant, withdrawing your consent will require the closing of your Account on our Application and the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.

1.3  This Privacy Policy describes the treatment of Personal Data provided or collected on the Application where this Privacy Policy is posted. It also explains the treatment of Personal Data provided or collected on applications we make available on third-party websites or platforms if disclosed to you in connection with use of the Application.

1.4  This Privacy Policy applies only to the Application and the Services thereunder, and not to applications, websites, networks or platforms maintained by other companies or organisations to which we may provide links. Please note, however, that when you link to any other third party websites from our Application, this Privacy Policy no longer applies. We do not control the activities on those third party applications and services, and we cannot and do not guarantee the security of any Personal Data disclosed on those third party applications or services.

2. INFORMATION COLLECTION AND USE

2.1  We may collect your Personal Data when you register with us to create your user profile on our applications (“Account”), when you use any of our Services, when you subscribe to any of our publications, newsletters or notifications, when you accept our cookies on your device, when you interact with our customer experience team or other representatives, when you interact with us on our social media accounts, when you respond to a customer survey or any other request for additional Personal Data, or when you voluntarily submit your Personal Data to us for any reason or otherwise contact us online.

2.2  Whatever the activity may be, we will only collect personal data to the extent deemed reasonably necessary to fulfil your requests and to improve our Services.

2.3  The types of personal data we collect include, without limitation, the following:

•  Registration information you provide when you create an Account, including your first name and surname, country of residence, gender, date of birth, email address, Regulator registration number, username and password.

•  Transaction information you provide for any Free Trial or Subscription, including your billing address, where applicable.

•  Information you provide in clinical bulletins, public forums or functionalities on our Application.

•  Location information when you use our Application or the Services thereunder, including location information either provided by a mobile device interacting with our Application (including through beacon technologies) or associated with your IP address, where we are permitted by law to process this information.

•  Usage, viewing and technical data, including your device identifier or IP address, when you visit our website or open emails we send.

2.4  We may use and disclose your Personal Data for purposes necessary to provide you with our services, including, but not limited to, registering and maintaining your Account and verifying your identity or age; providing you with ancillary services and functions related to your Account; communicating with you with respect to any of your queries, requests or feedback; communicating with you with respect to your Account and matters related thereto; communicating with you with respect to any changes in our policies; conducting market and customer research, analysis or tracking; monitoring and ensuring compliance with our Terms and Conditions; or any other act to comply with any applicable law, regulation, order or binding minimum standard or code of conduct.

2.5  Please note that where a specific purpose in relation to a particular service is not covered above, we may separately notify you on the product or service page.

2.6  If you do not submit personal data when asked by us, your refusal may limit our ability to process your Account creation, provision of Services, contest or promotion registration, or request for technical support.

3. EUROPEAN LEGISLATION MAY APPLY TO CONTENT THAT IS SENSITIVE PERSONAL DATA PROVIDED BY REGULATED USERS

3.1  Each Regulated User acknowledges that the General Data Protection Regulation (EU) 2016/679 (“GDPR”) may apply to Content that is personal data, including sensitive personal data (as defined under the European legislation), relating to data subjects who are in the European Economic Area (“EEA”) and the processing of that Content relates to the offering to them of any goods and services within the EEA or if their behaviour is monitored in the EEA.

3.2  Furthermore, each Regulated User acknowledges that the Switzerland Federal Data Protection Act of 19 June 1992 (“FDPA”) or the United Kingdom Data Protection Act 2018 (“DPA”) may apply to Content that is personal data, including sensitive person data (as defined under the FDPA or the DPA, as the case may be), relating to data subjects who are in Switzerland or the United Kingdom.

3.3  If the GDPR, FDPA or DPA applies to the processing of any personal data forming the whole or any part of the Content, each Regulated User acknowledges that they are using that personal data and is a controller or a processor, as applicable, of that personal data under the relevant legislation and each Regulated User warrants and undertakes that it will comply with the obligations applicable to it under the relevant legislation.

3.4  If the relevant legislation so applies, each Regulated User warrants that any instructions or actions performed on the Application or any Services thereunder, with respect to the Content, is authorised.

3.5  We will enable the Regulated Users to delete the Content during the Subscription in a manner that is consistent with the Terms of Service. If the Regulated User uses the Services to delete any Content, during the term of the Subscription, and such Content cannot be recovered by us, this will constitute an instruction to us to delete the relevant Content from our archives or backup systems in accordance with applicable law. On the expiry of the Subscription, we will, within ninety (90) days, delete all Content from our archives or backup systems unless retention of that Content is mandated or permitted by law.

3.6  To the maximum extent permitted under the relevant law, each Regulated User fully indemnifies us and holds us harmless against any demand, claim, loss, action or proceeding arising out of, relating to or in connection with a breach of this section howsoever caused.

4. HIPAA MAY APPLY TO CONTENT THAT IS PROTECTED HEALTH INFORMATION PROVIDED BY REGULATED USERS

4.1 Each Regulated User acknowledges that the Health Insurance Portability and Accountability Act generally and any standards or rules promulgated thereunder, including but not limited to, the Standards for Privacy of Individually Identifiable Health Information as consolidated and modified by the Omnibus Final Rule (collectively, “HIPAA”) may apply to Content that is

protected health information (“PHI”) (as defined under HIPAA), relating to data subjects who are in the United States of America.

4.2  If HIPAA applies to the processing of any PHI forming the whole or any part of the Content and that the Regulated User is a Covered Entity under HIPAA, each Regulated User acknowledges that they are using or disclosing that PHI and warrants and undertakes that it will comply with the obligations applicable to it under HIPAA.

4.3  We will enable the Regulated Users to delete the Content during the Subscription in a manner that is consistent with the Terms of Service. If the Regulated User uses the Services to delete any Content, during the term of the Subscription, and such Content cannot be recovered by us, this will constitute an instruction to us to delete the relevant Content from our archives or backup systems in accordance with applicable law. On the expiry of the Subscription, we will, within ninety (90) days, delete all Content from our archives or backup systems unless retention of that Content is mandated or permitted by law.

4.4  To the maximum extent permitted under the relevant law, each Regulated User fully indemnifies us and holds us harmless against any demand, claim, loss, action or proceeding arising out of, relating to or in connection with a breach of this section howsoever caused.

5. LOG DATA

5.1 When you access the Services by or through a mobile device, we may collect usage, viewing and technical data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use and other statistics (“Log Data“).

6. SERVICE PROVIDERS

6.1  We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related services or to assist us in analysing how our Services is used. These third parties are prohibited from using your personal data for purposes other than those requested by us or by law.

6.2  In addition, we may use third party services such as Google Analytics that collect, monitor and analyse log data in order to increase our Services’ functionality. The information these third party service providers will be subject to their own privacy policies.

7. COOKIES

7.1 We collect information through technology, such as cookies, Flash cookies and Web beacons, when you use our Application or Services thereunder using one or more devices. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services. Please see our Cookie Policy for more information.

8. COMMUNICATIONS

8.1 We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

9. YOUR CONTROLS AND CHOICES

9.1  We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. In accordance with local law, your controls and choices include the right to correct, update and delete your registration account.

9.2  You may exercise your controls and choices, or request access to your Personal Data, including if for any reason you wish to question, view, correct or delete the personal data collected about you by us or our technical partners, by filling out a Personal Data Correction/Update Form and sending it via email to contact@medplanner.io written in the English language, or following instructions provided in communications sent to you. We will be happy to review, update or remove information as appropriate. However, we may still retain Personal Data in our files to resolve disputes, enforce our agreements, due to technical or legal requirements or matters related to security, integrity or operation of our services.

9.3  If you are located in or are a citizen of the European Union, you may have the following rights with some exceptions in relation to Personal Data that we hold about you:

•  To request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;

•  To request that we rectify or update your Personal Data that is inaccurate, incomplete or outdated;

•  To request that we erase your Personal Data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;

•  To request that we restrict the use of your Personal Data in certain circumstances;

•  Where you have given us consent to process your Personal Data, to withdraw your

consent; and

•  To request that we provide a copy of your Personal Data to you in a structured, commonly used and machine-readable format in certain circumstances.

10. COMPLIANCE WITH LAWS

10.1  We will disclose your Personal Data where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Services.

10.2  Third parties may have access to your Personal Data where they perform services on behalf of the data controller(s) (as a data processor) and, unless prohibited under applicable law, for use on their own behalf (as a data controller) including, but not limited to, facilitating the use of any services; consistent with local law and choices and controls that may be available to you, using information collected from you, or from devices associated with you; or detect, investigate and prevent activities that may violate our policies or be illegal.

11. BUSINESS TRANSACTION

11.1 If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

12. SECURITY

12.1 The security, integrity and confidentiality of your information are extremely important to us. We have implemented technical, administrative and physical security measures that are designed to protect guest information from unauthorised access, disclosure, use and modification. From time to time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We will retain your Personal Data for the length of time needed to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

13. INTERNATIONAL TRANSFER

13.1  We operate globally and may transfer your personal data to our related bodies corporate or third parties in locations around the world, where the data protection laws may differ than those from your jurisdiction, for the purposes described in this Privacy Policy.

13.2  If you are located outside Malaysia and choose to provide information to us, please note that we transfer the information, including Personal Data, to Malaysia and process it there.

13.3  Your consent to this Privacy Policy followed by your submission of such information represents your consent to that transfer.

14. LINKS TO OTHER SITES

14.1 Our Services may contain links to other applications or websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s application or website. We strongly advise you to review the privacy policy of every application or website that you visit.

14.2 The Personal Data received by the third party’s site becomes subject its company’s privacy practices. We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.

15. CHILDREN’S PRIVACY

15.1  Our Services are only intended for Regulated Users and are not intended for individuals under the age of 13 (“Children“).

15.2  We do not knowingly collect Personal Data from Children. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that Personal Data from our servers.

16. CHANGES TO THIS PRIVACY POLICY

16.1 We reserve the right to make changes in this Privacy Policy, so please check back from time to time to ensure you are aware of any changes. Please note that the current last updated version will control and take precedence over any prior version. Your continued use of this Application or any Services thereunder will signify your acceptance of these changes.

17. CONTACT US

17.1 If you have any questions about this Privacy Policy, please contact us at contact@medplanner.io.

18. PRIVACY POLICY AND TERMS AND CONDITIONS

18.1 The terms of this Privacy Policy are incorporated into our Terms and Conditions.