Data Privacy Policy

 

As at: 7 October 2020

 

The  purpose  of  this  document  (“Data  Privacy  Policy”)  is  to  inform  you  of  how  Genting Dementia Centre Sdn Bhd (Company No. 201801044713), (“us”, “we” or “our") manages Personal Data (as defined below) which is subject to the Malaysian Personal Data Protection Act 2010 (Act 709), as amended or re-enacted from time to time (“the Act”).

 

Please take a moment to read this Data Privacy Policy so that you know and understand the purposes for which, and the manner in which, we collect, use, process, share, disclose and store your Personal Data.

 

By accessing our website, interacting with us, submitting information to us, or signing up for any services offered by us, you agree and consent to us, as well as our representatives and/or agents collecting, using, processing, disclosing, sharing and storing your Personal Data, and disclosing such Personal Data to relevant third parties in the manner set forth in this Data Privacy Policy.

 

1.        Personal Data

 

1.1       In this Data Privacy Policy, “Personal Data” refers to any information about an individual who can be identified (a) from that information; or (b) from that information  and other information which is in our possession.

 

1.2       Examples of Personal Data include your name, NRIC No, date of birth, passport or other identification number, telephone number(s), mailing address, email address and personal health information.

 

1.3       If you provide us Personal Data of anyone other than yourself, please make sure you have their prior consent to provide us their Personal Data and they understand how we  collect, use, process, share, disclose and store Personal Data as set out in this Data Privacy Policy.

 

1.4       Although we try to provide reasonably adequate information concerning our policy relating to Personal Data, this Data Privacy Policy is not an exhaustive list of all situations or scenarios concerning Personal Data. Please approach us if you need clarification about a specific situation.

 

2.         Collection of Personal Data

 

2.1       Generally, we collect Personal Data in the following ways:

 

(a)        when  you  submit  any form,  including  but  not  limited  to  application forms,  financial assessment forms or other forms relating to our services;

 

(b)        when you provide information for our medical and/or financial assessment in connection with your application for our services;

(c)        when you enter into any agreement with us or provide other documentation or information in respect of your interactions with us, or when you use our services;

 

(d)        when you interact with our staff, including those at the Dementia Care Centre (“DCC”), or when you interact or contact us via telephone (which may be recorded), letters, fax, face-to-face meetings, text messages, social media platforms and emails;

 

(e)        when you interact with us via our websites or use services on our websites;

 

(f)         when you request that we contact you or request that you be included in an email or other mailing list;

 

(g)        when you sign up for any DCC activities, initiatives or training events, or when you respond to any request for additional Personal Data;

 

(h)        when your images are captured by us via CCTV cameras while you are at   our premises, or via photographs or videos taken by us or our representatives when you attend our events or activities;

 

(i)         when you submit  Personal Data to us for any other reasons.

           

2.2       You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the

services  you  have  requested,  or  delays  in  providing  you  with  services  you  have requested, or responding to your queries or processing your application.

 

2.3       We will not knowingly collect or solicit Personal Data from individuals under the age of eighteen (18) without first obtaining verifiable consent from the individual’s parent, guardian or person who has parental responsibility over the individual. If you are under the age of 18, you should not provide your Personal Data to us.

 

3.         Purposes for the Collection, Use and Disclosure of Your Personal Data

 

3.1       Generally, we   collect, use and disclose  Personal Data for the following purposes:

 

(a)        reviewing medical, financial and other relevant information to evaluate applications for our services;

 

(b)        evaluating and monitoring the medical condition and status of people living with dementia who are using our services at DCC;

 

(c)        responding  to,  processing  and  handling  queries,  feedback,  complaints  and requests;

 

(d)        verifying your identity and the identity of potential users or users of our services and their family members or caregivers;

 

(e)        managing and planning the administration and operations of DCC and complying with internal policies and procedures;

 

(f)         requesting feedback or participation in surveys and/or research, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to

design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our  services;

 

(g)        designing training programmes for dementia awareness, dementia care and related

areas;

 

(h)        matching or updating any Personal Data we hold which relates to users or  potential users of our services, their family members or caregivers;

 

(i)         preventing, detecting and investigating crime and analysing and managing commercial

risks;

 

(j)         managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);

 

(k)        monitoring  or  recording  phone  calls  and  customer-facing  interactions  for  quality assurance,  employee  training  and  performance  evaluation  and  identity  verification

purposes;

 

(l)         in  connection  with  any  claims,  actions  or  proceedings  (including  but  not  limited  to drafting and reviewing documents, transaction documentation, obtaining legal advice,

and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;

 

(m)       conducting  any form  of  investigations  including  but  not  related to those  relating  to disputes, payment, fraud, offences, prosecutions, etc;

 

(n)       meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us and our holding company Genting Berhad and its subsidiaries (collectively, “Group”) (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);

 

(o)        marketing promotions of our facilities, services, activities and events; and/or

 

(p)        purposes which are reasonably related to the aforesaid.

 

3.2       In addition, we collect, use and disclose your Personal Data for the following purposes depending on the nature of our relationship:

 

(a)        If you are a prospective, current or former user of our services at DCC:

(i)         providing customer service and support (including but not limited to customer relationship management, processing registration and settlement of payment, providing  follow-up  calls,  and  providing    administrative support);

 

(ii)        administering and processing your requests including creating and maintaining profiles of users of our services in our system database for administrative purposes;

 

(iii)       personalising your experience  at  DCC’s touchpoints  and  conducting market  research,  understanding  and  analysing  customer  behaviour,  location, preferences and demographics in order to improve our services;

 

(iv)       liaising with  third  party  specialist  doctors (if required), and contacting clinics,  hospitals  and/or  medical Institutions  in the event of a medical emergency(including providing them with access to medical records);

 

(v)        administering debt recovery and debt management; and/or

 

(vi)       purposes which are reasonably related to the aforesaid.

(b)       If you are a nominated caregiver or next-of-kin of users of our services at DCC:

(i)         informing  or  discussing  with  you  the  user’s  medical  condition/progress  and

cognitive functions  and behavior;

(ii)        contacting you to inform you of activities and events at DCC;

(iii)       contacting you for matters relating to the users of our services at DCC; and/or

(iv)       purposes which are reasonably related to the aforesaid.

 

3.3       Furthermore, where permitted under the Act, we may also collect, use and disclose your Personal Data for the following “Additional Purposes”:

 

(a)       taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles, research programmes

and publicity materials;

 

(b)       providing ancillary services and benefits to users of our services, their family members or caregivers, including promoting activities and events at DCC;

 

(c)        organising roadshows, training events, campaigns (including health talks, health checks

or    dementia  awareness or dementia care programmes and campaigns) and other related events or activities;

 

(d)        matching Personal Data with other data collected for other purposes and from other

sources (including third parties) in connection with research, regulatory   submissions, publication and/or the provision or offering of services;

 

(e)       sending  you  details  of  services,  clinic  updates,  health-related  information,  either  to users or potential users of our services  generally, or which we have identified may be of interest to you;

 

(f)         conducting   market   research,   aggregating   and   analysing   user   profiles,   location, preferences, demographics and data to determine health-related patterns and trends, and for research, publication, regulatory filings;

 

(g)       understanding and analysing  behavior of people living with dementia and their care givers  for research, publication, regulatory filings, designing training programmes and

for us to offer you other products and services relevant to you; and/or

 

(h)        purposes which are reasonably related to the aforesaid.

 

4.         Disclosure of Personal Data

 

4.1       We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:

 

(a)        amongst the Group members (including their staff);

 

(b)       staff and students of University of Malaya who are collaborating with us  in the operations of DCC or who are undertaking research on dementia or dementia care;

 

(c).       third party doctors, clinics, hospitals and/or medical institutions;

 

(d)        companies providing services relating to insurance for  the Group;

 

(e)      agents,  contractors,  sub-contractors  or  third  party  service  providers  who  provide services to the Group, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, security, or other services to the Group;

   

(f)         personnel  of  TauRx  Pharmaceuticals  Limited  and  its  subsidiaries   who  are involved in research in Alzheimer’s Disease;

 

(g)       credit card companies, financial institutions and their respective service providers;

 

(h)       our professional advisers such as consultants, auditors and lawyers;

 

(i)         relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or

 

(j)         any other party to whom you authorise us to disclose your Personal Data to.

 

5.         Security of Personal Data

 

5.1       We will use reasonable commercial efforts to protect Personal Data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

 

5.2       We use various methods to safeguard Personal Data, including physical measures, technical tools and organisational controls.

 

5.3       Online security is also a priority. We incorporate security measures such as encryption   and   authentication   tools   to   protect   your   Personal   Information   from unauthorized  use.  Firewalls are utilized to protect  our  servers  and  network  from unauthorized users accessing and tampering with files and other information that we store.

 

5.4       While we cannot ensure that loss, misuse or alteration of data will not occur, we will make reasonable commercial efforts to prevent such unfortunate occurrences.

 

6.         Retention of Personal Data

 

6.1       We retain   Personal Data provided or made available to us as may be required for  business  or legal purposes, and such purposes do vary according to the circumstances.

 

6.2       Whilst we will securely dispose of or anonymise Personal Data which we can reasonably determine is no longer needed and we do not generally hold on to Personal Data “just in case”, it is in the interests of the users of our services to ensure that our caregivers have a complete set of medical records to avoid risks to the health and safety of the user.

 

6.3       As such, with respect to the medical records of users of our services, unless specific contrary instructions from  such persons  are received,  we  may (but  are  not obliged to) retain such medical records for as long as we  may be potentially consulted by such person’s family members or  doctors even where such consultation may not occur until after a substantial period of time.

7.         Cookies

 

7.1        When you interact with us on our website, we or our authorized service providers may use cookies for collecting and storing information to help provide you with a better, faster and safer web experience.

 

7.2        The information collected by us or our authorized service providers may recognize a return visitor as a unique visitor and may collect information such as: how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

 

7.3        Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser.

 

7.4        The use of cookies, by us on our website is necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our site.

 

7.5        Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, if you decline cookies, you may not be able to take advantage of certain site features or services tools.

 

8.         Contacting Us –  Withdrawal of Consent, Access and Correction of your Personal Data

 

8.1       We have procedures in place in order to receive and respond to enquiries about our policies and practices relating to our handling of Personal Data. Any complaint or enquiry should be made in writing and addressed as shown below. If there are any questions or concerns regarding this Data Privacy Policy or the data collection practices outlined herein, please contact us as follows:

 

(a) by Email: pdpaoffice@gentingdcc.com

(b) by Mail:  Manager, Dementia Care Centre, Lot 34810 and Lot 43096, Persiaran

Arfah, Segambut, 51200 Kuala Lumpur

 

You can request to correct or update your Personal Data held by us by emailing us at the above address.  We will endeavour to provide you with suitable means of accessing your personal data (e.g. by emailing or mailing it to you). You may also request us to correct or update your Personal Data by contacting us at the above address. We reserve the right to verify all requests for the authencity of the request.

 

8.2       You  are  reminded  not  to  send  via  unencrypted  means  (such  as  email)  sensitive information such as passwords, credit card information etc.

 

8.3       Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner), you should contact that organisation or individual to make such

queries, complaints, and access and correction requests.

 

8.4       If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements you have with us. Our legal rights and remedies in such event are expressly reserved.

 

8.5       Governing Law - This Data Privacy Policy shall be governed in all respects by the laws of Malaysia.

 

8.6       If there is a conflict between the English version and the national language version of

this  Data  Privacy  Policy,  the  English  version  shall  prevail,  to  the  extent  of  the discrepancy.