Dementia Care Centre
Data Privacy Policy
As at: 7 October 2020
The purpose of this document (“Data Privacy Policy”) is to inform you of how Genting Dementia Centre Sdn Bhd (Company No. 201801044713), (“us”, “we” or “our") manages Personal Data (as defined below) which is subject to the Malaysian Personal Data Protection Act 2010 (Act 709), as amended or re-enacted from time to time (“the Act”).
Please take a moment to read this Data Privacy Policy so that you know and understand the purposes for which, and the manner in which, we collect, use, process, share, disclose and store your Personal Data.
By accessing our website, interacting with us, submitting information to us, or signing up for any services offered by us, you agree and consent to us, as well as our representatives and/or agents collecting, using, processing, disclosing, sharing and storing your Personal Data, and disclosing such Personal Data to relevant third parties in the manner set forth in this Data Privacy Policy.
1. Personal Data
1.1 In this Data Privacy Policy, “Personal Data” refers to any information about an individual who can be identified (a) from that information; or (b) from that information and other information which is in our possession.
1.2 Examples of Personal Data include your name, NRIC No, date of birth, passport or other identification number, telephone number(s), mailing address, email address and personal health information.
1.3 If you provide us Personal Data of anyone other than yourself, please make sure you have their prior consent to provide us their Personal Data and they understand how we collect, use, process, share, disclose and store Personal Data as set out in this Data Privacy Policy.
1.4 Although we try to provide reasonably adequate information concerning our policy relating to Personal Data, this Data Privacy Policy is not an exhaustive list of all situations or scenarios concerning Personal Data. Please approach us if you need clarification about a specific situation.
2. Collection of Personal Data
2.1 Generally, we collect Personal Data in the following ways:
(a) when you submit any form, including but not limited to application forms, financial assessment forms or other forms relating to our services;
(b) when you provide information for our medical and/or financial assessment in connection with your application for our services;
​
(c) when you enter into any agreement with us or provide other documentation or information in respect of your interactions with us, or when you use our services;
(d) when you interact with our staff, including those at the Dementia Care Centre (“DCC”), or when you interact or contact us via telephone (which may be recorded), letters, fax, face-to-face meetings, text messages, social media platforms and emails;
(e) when you interact with us via our websites or use services on our websites;
(f) when you request that we contact you or request that you be included in an email or other mailing list;
(g) when you sign up for any DCC activities, initiatives or training events, or when you respond to any request for additional Personal Data;
(h) when your images are captured by us via CCTV cameras while you are at our premises, or via photographs or videos taken by us or our representatives when you attend our events or activities;
(i) when you submit Personal Data to us for any other reasons.
2.2 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the
services you have requested, or delays in providing you with services you have requested, or responding to your queries or processing your application.
2.3 We will not knowingly collect or solicit Personal Data from individuals under the age of eighteen (18) without first obtaining verifiable consent from the individual’s parent, guardian or person who has parental responsibility over the individual. If you are under the age of 18, you should not provide your Personal Data to us.
3. Purposes for the Collection, Use and Disclosure of Your Personal Data
3.1 Generally, we collect, use and disclose Personal Data for the following purposes:
(a) reviewing medical, financial and other relevant information to evaluate applications for our services;
(b) evaluating and monitoring the medical condition and status of people living with dementia who are using our services at DCC;
(c) responding to, processing and handling queries, feedback, complaints and requests;
(d) verifying your identity and the identity of potential users or users of our services and their family members or caregivers;
(e) managing and planning the administration and operations of DCC and complying with internal policies and procedures;
(f) requesting feedback or participation in surveys and/or research, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to
design our services, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services;
(g) designing training programmes for dementia awareness, dementia care and related
areas;
(h) matching or updating any Personal Data we hold which relates to users or potential users of our services, their family members or caregivers;
(i) preventing, detecting and investigating crime and analysing and managing commercial
risks;
(j) managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(k) monitoring or recording phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification
purposes;
(l) in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice,
and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(m) conducting any form of investigations including but not related to those relating to disputes, payment, fraud, offences, prosecutions, etc;
(n) meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which are binding on us and our holding company Genting Berhad and its subsidiaries (collectively, “Group”) (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
(o) marketing promotions of our facilities, services, activities and events; and/or
(p) purposes which are reasonably related to the aforesaid.
3.2 In addition, we collect, use and disclose your Personal Data for the following purposes depending on the nature of our relationship:
(a) If you are a prospective, current or former user of our services at DCC:
​
(i) providing customer service and support (including but not limited to customer relationship management, processing registration and settlement of payment, providing follow-up calls, and providing administrative support);
(ii) administering and processing your requests including creating and maintaining profiles of users of our services in our system database for administrative purposes;
(iii) personalising your experience at DCC’s touchpoints and conducting market research, understanding and analysing customer behaviour, location, preferences and demographics in order to improve our services;
(iv) liaising with third party specialist doctors (if required), and contacting clinics, hospitals and/or medical Institutions in the event of a medical emergency(including providing them with access to medical records);
(v) administering debt recovery and debt management; and/or
(vi) purposes which are reasonably related to the aforesaid.
​
(b) If you are a nominated caregiver or next-of-kin of users of our services at DCC:
​
(i) informing or discussing with you the user’s medical condition/progress and
cognitive functions and behavior;
​
(ii) contacting you to inform you of activities and events at DCC;
​
(iii) contacting you for matters relating to the users of our services at DCC; and/or
​
(iv) purposes which are reasonably related to the aforesaid.
3.3 Furthermore, where permitted under the Act, we may also collect, use and disclose your Personal Data for the following “Additional Purposes”:
(a) taking or filming photographs and videos for corporate publicity or marketing purposes, and featuring your photographs and/or testimonials in our articles, research programmes
and publicity materials;
(b) providing ancillary services and benefits to users of our services, their family members or caregivers, including promoting activities and events at DCC;
(c) organising roadshows, training events, campaigns (including health talks, health checks
or dementia awareness or dementia care programmes and campaigns) and other related events or activities;
(d) matching Personal Data with other data collected for other purposes and from other
sources (including third parties) in connection with research, regulatory submissions, publication and/or the provision or offering of services;
(e) sending you details of services, clinic updates, health-related information, either to users or potential users of our services generally, or which we have identified may be of interest to you;
(f) conducting market research, aggregating and analysing user profiles, location, preferences, demographics and data to determine health-related patterns and trends, and for research, publication, regulatory filings;
(g) understanding and analysing behavior of people living with dementia and their care givers for research, publication, regulatory filings, designing training programmes and
for us to offer you other products and services relevant to you; and/or
(h) purposes which are reasonably related to the aforesaid.
4. Disclosure of Personal Data
4.1 We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Malaysia:
(a) amongst the Group members (including their staff);
(b) staff and students of University of Malaya who are collaborating with us in the operations of DCC or who are undertaking research on dementia or dementia care;
(c). third party doctors, clinics, hospitals and/or medical institutions;
(d) companies providing services relating to insurance for the Group;
(e) agents, contractors, sub-contractors or third party service providers who provide services to the Group, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, market research, security, or other services to the Group;
(f) personnel of TauRx Pharmaceuticals Limited and its subsidiaries who are involved in research in Alzheimer’s Disease;
(g) credit card companies, financial institutions and their respective service providers;
(h) our professional advisers such as consultants, auditors and lawyers;
(i) relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
(j) any other party to whom you authorise us to disclose your Personal Data to.
5. Security of Personal Data
5.1 We will use reasonable commercial efforts to protect Personal Data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
5.2 We use various methods to safeguard Personal Data, including physical measures, technical tools and organisational controls.
5.3 Online security is also a priority. We incorporate security measures such as encryption and authentication tools to protect your Personal Information from unauthorized use. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.
5.4 While we cannot ensure that loss, misuse or alteration of data will not occur, we will make reasonable commercial efforts to prevent such unfortunate occurrences.
6. Retention of Personal Data
6.1 We retain Personal Data provided or made available to us as may be required for business or legal purposes, and such purposes do vary according to the circumstances.
6.2 Whilst we will securely dispose of or anonymise Personal Data which we can reasonably determine is no longer needed and we do not generally hold on to Personal Data “just in case”, it is in the interests of the users of our services to ensure that our caregivers have a complete set of medical records to avoid risks to the health and safety of the user.
6.3 As such, with respect to the medical records of users of our services, unless specific contrary instructions from such persons are received, we may (but are not obliged to) retain such medical records for as long as we may be potentially consulted by such person’s family members or doctors even where such consultation may not occur until after a substantial period of time.
​
7. Cookies
7.1 When you interact with us on our website, we or our authorized service providers may use cookies for collecting and storing information to help provide you with a better, faster and safer web experience.
7.2 The information collected by us or our authorized service providers may recognize a return visitor as a unique visitor and may collect information such as: how a visitor arrives at our sites, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address and a visitor’s click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
7.3 Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser.
7.4 The use of cookies, by us on our website is necessary for the functioning of our services, help us improve our performance, or serve to provide you with extra functionalities. They may also be used to deliver content that is more relevant to you and your interests, or to target advertising to you on or off our site.
7.5 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, if you decline cookies, you may not be able to take advantage of certain site features or services tools.
8. Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data
8.1 We have procedures in place in order to receive and respond to enquiries about our policies and practices relating to our handling of Personal Data. Any complaint or enquiry should be made in writing and addressed as shown below. If there are any questions or concerns regarding this Data Privacy Policy or the data collection practices outlined herein, please contact us as follows:
(a) by Email: pdpaoffice@gentingdcc.com
​
(b) by Mail: Manager, Dementia Care Centre, Lot 34810 and Lot 43096, Persiaran
Arfah, Segambut, 51200 Kuala Lumpur
You can request to correct or update your Personal Data held by us by emailing us at the above address. We will endeavour to provide you with suitable means of accessing your personal data (e.g. by emailing or mailing it to you). You may also request us to correct or update your Personal Data by contacting us at the above address. We reserve the right to verify all requests for the authencity of the request.
8.2 You are reminded not to send via unencrypted means (such as email) sensitive information such as passwords, credit card information etc.
8.3 Please note that if your Personal Data has been provided to us by a third party (e.g. a general practitioner), you should contact that organisation or individual to make such
queries, complaints, and access and correction requests.
8.4 If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements you have with us. Our legal rights and remedies in such event are expressly reserved.
8.5 Governing Law - This Data Privacy Policy shall be governed in all respects by the laws of Malaysia.
8.6 If there is a conflict between the English version and the national language version of
this Data Privacy Policy, the English version shall prevail, to the extent of the discrepancy.