As at: 7 October 2020
1. Personal Data
1.2 Examples of Personal Data include your name, NRIC No, date of birth, passport or other identification number, telephone number(s), mailing address, email address and personal health information.
2. Collection of Personal Data
2.1 Generally, we collect Personal Data in the following ways:
(a) when you submit any form, including but not limited to application forms, financial assessment forms or other forms relating to our services;
(b) when you provide information for our medical and/or financial assessment in connection with your application for our services;
(c) when you enter into any agreement with us or provide other documentation or information in respect of your interactions with us, or when you use our services;
(d) when you interact with our staff, including those at the Dementia Care Centre (“DCC”), or when you interact or contact us via telephone (which may be recorded), letters, fax, face-to-face meetings, text messages, social media platforms and emails;
(e) when you interact with us via our websites or use services on our websites;
(f) when you request that we contact you or request that you be included in an email or other mailing list;
(g) when you sign up for any DCC activities, initiatives or training events, or when you respond to any request for additional Personal Data;
(h) when your images are captured by us via CCTV cameras while you are at our premises, or via photographs or videos taken by us or our representatives when you attend our events or activities;
(i) when you submit Personal Data to us for any other reasons.
2.2 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the
services you have requested, or delays in providing you with services you have requested, or responding to your queries or processing your application.
2.3 We will not knowingly collect or solicit Personal Data from individuals under the age of eighteen (18) without first obtaining verifiable consent from the individual’s parent, guardian or person who has parental responsibility over the individual. If you are under the age of 18, you should not provide your Personal Data to us.
3. Purposes for the Collection, Use and Disclosure of Your Personal Data
3.1 Generally, we collect, use and disclose Personal Data for the following purposes:
(a) reviewing medical, financial and other relevant information to evaluate applications for our services;
(b) evaluating and monitoring the medical condition and status of people living with dementia who are using our services at DCC;
(c) responding to, processing and handling queries, feedback, complaints and requests;
(d) verifying your identity and the identity of potential users or users of our services and their family members or caregivers;
(e) managing and planning the administration and operations of DCC and complying with internal policies and procedures;
(f) requesting feedback or participation in surveys and/or research, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to
design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services;
(g) designing training programmes for dementia awareness, dementia care and related
(h) matching or updating any Personal Data we hold which relates to users or potential users of our services, their family members or caregivers;
(i) preventing, detecting and investigating crime and analysing and managing commercial
(j) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(k) monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification
(l) in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice,
and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(m) conducting any form of investigations including but not related to those relating to disputes, payment, fraud, offences, prosecutions, etc;
(n) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us and our holding company Genting Berhad and its subsidiaries (collectively, “Group”) (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
(o) marketing promotions of our facilities, services, activities and events; and/or
(p) purposes which are reasonably related to the aforesaid.
3.2 In addition, we collect, use and disclose your Personal Data for the following purposes depending on the nature of our relationship:
(a) If you are a prospective, current or former user of our services at DCC:
(i) providing customer service and support (including but not limited to customer relationship management, processing registration and settlement of payment, providing follow-up calls, and providing administrative support);
(ii) administering and processing your requests including creating and maintaining profiles of users of our services in our system database for administrative purposes;
(iii) personalising your experience at DCC’s touchpoints and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our services;
(iv) liaising with third party specialist doctors (if required), and contacting clinics, hospitals and/or medical Institutions in the event of a medical emergency(including providing them with access to medical records);
(v) administering debt recovery and debt management; and/or
(vi) purposes which are reasonably related to the aforesaid.
(b) If you are a nominated caregiver or next-of-kin of users of our services at DCC:
(i) informing or discussing with you the user’s medical condition/progress and
cognitive functions and behavior;
(ii) contacting you to inform you of activities and events at DCC;
(iii) contacting you for matters relating to the users of our services at DCC; and/or
(iv) purposes which are reasonably related to the aforesaid.
3.3 Furthermore, where permitted under the Act, we may also collect, use and disclose your Personal Data for the following “Additional Purposes”:
(a) taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles, research programmes
and publicity materials;
(b) providing ancillary services and benefits to users of our services, their family members or caregivers, including promoting activities and events at DCC;
(c) organising roadshows, training events, campaigns (including health talks, health checks
or dementia awareness or dementia care programmes and campaigns) and other related events or activities;
(d) matching Personal Data with other data collected for other purposes and from other
sources (including third parties) in connection with research, regulatory submissions, publication and/or the provision or offering of services;
(e) sending you details of services, clinic updates, health-related information, either to users or potential users of our services generally, or which we have identified may be of interest to you;
(f) conducting market research, aggregating and analysing user profiles, location, preferences, demographics and data to determine health-related patterns and trends, and for research, publication, regulatory filings;
(g) understanding and analysing behavior of people living with dementia and their care givers for research, publication, regulatory filings, designing training programmes and
for us to offer you other products and services relevant to you; and/or
(h) purposes which are reasonably related to the aforesaid.
4. Disclosure of Personal Data
4.1 We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:
(a) amongst the Group members (including their staff);
(b) staff and students of University of Malaya who are collaborating with us in the operations of DCC or who are undertaking research on dementia or dementia care;
(c). third party doctors, clinics, hospitals and/or medical institutions;
(d) companies providing services relating to insurance for the Group;
(e) agents, contractors, sub-contractors or third party service providers who provide services to the Group, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, security, or other services to the Group;
(f) personnel of TauRx Pharmaceuticals Limited and its subsidiaries who are involved in research in Alzheimer’s Disease;
(g) credit card companies, financial institutions and their respective service providers;
(h) our professional advisers such as consultants, auditors and lawyers;
(i) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
(j) any other party to whom you authorise us to disclose your Personal Data to.
5. Security of Personal Data
5.1 We will use reasonable commercial efforts to protect Personal Data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
5.2 We use various methods to safeguard Personal Data, including physical measures, technical tools and organisational controls.
5.3 Online security is also a priority. We incorporate security measures such as encryption and authentication tools to protect your Personal Information from unauthorized use. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.
5.4 While we cannot ensure that loss, misuse or alteration of data will not occur, we will make reasonable commercial efforts to prevent such unfortunate occurrences.
6. Retention of Personal Data
6.1 We retain Personal Data provided or made available to us as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
6.2 Whilst we will securely dispose of or anonymise Personal Data which we can reasonably determine is no longer needed and we do not generally hold on to Personal Data “just in case”, it is in the interests of the users of our services to ensure that our caregivers have a complete set of medical records to avoid risks to the health and safety of the user.
6.3 As such, with respect to the medical records of users of our services, unless specific contrary instructions from such persons are received, we may (but are not obliged to) retain such medical records for as long as we may be potentially consulted by such person’s family members or doctors even where such consultation may not occur until after a substantial period of time.
7.2 The information collected by us or our authorized service providers may recognize a return visitor as a unique visitor and may collect information such as: how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
7.3 Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser.
7.5 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, if you decline cookies, you may not be able to take advantage of certain site features or services tools.
8. Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data
(a) by Email: email@example.com
(b) by Mail: Manager, Dementia Care Centre, Lot 34810 and Lot 43096, Persiaran
Arfah, Segambut, 51200 Kuala Lumpur
You can request to correct or update your Personal Data held by us by emailing us at the above address. We will endeavour to provide you with suitable means of accessing your personal data (e.g. by emailing or mailing it to you). You may also request us to correct or update your Personal Data by contacting us at the above address. We reserve the right to verify all requests for the authencity of the request.
8.2 You are reminded not to send via unencrypted means (such as email) sensitive information such as passwords, credit card information etc.
8.3 Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner), you should contact that organisation or individual to make such
queries, complaints, and access and correction requests.
8.4 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements you have with us. Our legal rights and remedies in such event are expressly reserved.
8.6 If there is a conflict between the English version and the national language version of