Privacy Policy

This Terms & Conditions and Privacy Notice (“Policy”) describe how MyDocLab Sdn. Bhd., its respective subsidiaries, affiliates, associated companies, and jointly controlled entities (collectively “MyDocLab”, “we”, “us” or “our”) collect, use, process and disclose your Personal Data through the use of MyDocLab’s mobile application and websites (respectively “Apps” and “Websites”), as well as products, features, and other services globally, operated by MyDocLab (collectively, “Services”).

This Policy applies to our customers, agents, vendors, suppliers, partners, contractors and service providers (collectively “you”, “your” or “yours”).

MyDocLab is a data user, so are our Clients

  1. In respect of any User and the processing of all their Personal Data (including but not limited to Linking Data and Portal Data), MyDocLab acts as a data user. For further information on how MyDocLab collects, uses and discloses Users’ Personal Data, refer Item 4 (Privacy Notice)
  2. Due to the way MyDocLab for Business works, MyDocLab does not process any Personal Data for and on behalf of the Client. Accordingly, MyDocLab is not the data processor of the Client, but an independent data user in respect of all Personal Data that it processes in the course of providing MyDocLab for Business feature. Likewise, the Client is an independent data user of the Personal Data (e.g. the Linking Data and Portal Data) that it discloses to and/or receives from MyDocLab.
  3. As independent data users, MyDocLab and the Client individually determine the purposes and means of processing Personal Data, subject to the provisions set out in the Terms & Conditions and Privacy Notice. MyDocLab and the Client are also individually responsible to ensure the protection of Personal Data under their charge.

Privacy Notice

MyDocLab respects and is committed to protecting clients’ personal data and information shared with MyDocLab in strict accordance with the requirements of the Personal Data Protection Act, Malaysia, 2010 (PDPA). The below notice will explain how MyDocLab collects and handles client’s personal information.

By interacting with us, submitting information to us or signing up for services offered by MyDocLab, the client hereby agrees and gives consent to MyDocLab as well as its representatives and/or agents collecting, using, disclosing, and sharing amongst themselves your Personal Data, and disclosing such Personal Data to MyDocLab authorized service providers and relevant third parties in the manners set forth in this Privacy Notice.

Please note that MyDocLab may amend this Privacy Notice at any time without prior notice and will notify the client of any such amendment via our website.

Sensitive Personal Data

Some of the Personal Data that we collect are sensitive in nature. This includes Personal Data pertaining to your race, national ID information, religious beliefs, background information (including financial and criminal records, where legally permissible), health data, disability, marital status, and biometric data, as applicable. We collect this information only with your consent and/or in strict compliance with applicable laws.

When you provide Personal Data of other individuals to us

In some situations, you may provide Personal Data of other individuals (such as your spouse, family members, or friends) to us. For example, you may add them as your emergency contact. If you provide us with their Personal Data, you represent and warrant that you have obtained their consent for their Personal Data to be collected, used, and disclosed as set out in this Policy.

Types of Personal Data MyDocLab Collects

The types of Personal Data that MyDocLab collects directly from client or from third parties may include (but not limited to):

  1. client’s personal data (name, age, gender, identity card number, passport number, date of birth, origin, nationality, citizenship).
  2. contact details (address, email, phone numbers)
  3. travel information (travel history, flight information, airlines used to travel)
  4. family information (marital status, name of spouse, children and/or immediate family
  5. medical or personal health information (medical and healthcare history, health and mental condition and diagnosis)
  6. demographic information (age group, medical history, genetic characteristics)
  7. payment information (credit/debit card number, name of cardholder, card issuing country, card expiry date, and banking details)
  8. photographs, CCTV recordings, and other images
  9. other information related to processing activities services used by the client (Refer to 4.1.2)

Below you will find an overview of the data processing activities by MyDocLab, irrespective of whether or not the data is subject to the GDPR and irrespective of whether MyDocLab is qualified under Applicable Law as a data controller or processor. In the table below, data that is not to be considered as personal data under the GDPR is indicated in red. This data constitutes the bulk of the data processed by MyDocLab, being the PCR-data and derived results, as well as anonymized and aggregate non-personal data.

Even though GDPR does not apply to this type of data, MyDocLab wants to emphasize that it handles all data – be it personal data under the scope of the GDPR or not – with all due care.

 

 Types of (Personal) Data processed by MyDocLab  Ways, purposes, means of the data processing activities. Duration of the data processing Categories of Data subjects
    1. PCR-data and derived results

(Patient de-identified test data including but not limited to raw data, genetic data, results, subject-information used assay plugins …)

  1. Laboratory information (including but not limited to laboratories, devices)
  1. Store, process, visualize.
  2. To improve and/or expand the products and services offered by MyDocLab
  3. Project management
  4. Support services

All PCR data and derived results are stored within the selected region.

Stored for 10 years, or the complete product lifecycle period of the product as a medical device (required by ISO 13485)
  1. Patient (de-identified)
  2. End User
Anonymized and aggregate non-personal data (i.e. information that has been stripped of subject-information and aggregated with information of others or anonymized so that the subject cannot reasonably beidentified as an individual) May be shared with third-parties e.g. through anonymized demo data, epidemiology analyses or summary reports. Stored for up to 100 years Patient (de-identified)
User identification information (i.e. personal (e-)identification data such as e-mail address, name, title, geography, IP address, cookies, session information
    1. Store, process, visualize.
    2. To improve and/or expand the products and services offered by MyDocLab.
    3. Support services (including personalised follow-up regarding old and new features)

User information is stored within the Admin module in the West-European region.

Stored until 5 years after license expiry User
CRM information (i.e. financial identification data: name, geography, identification number, etc.)
  1. Used for accounting and compliance purposes.
  2. Used for customer due diligence, embargo, and sanctions screening
  3. To provide summary reports to diagnostic companies where applicable
Customer and accounting information is stored for 10 years End User

PCR-data and derived results

(Patient de-identified test data including but not limited to raw data, genetic data, results, subject-information, used assay plugins …)

Store, process, visualize. To improve and/or expand the products and services offered by MyDocLab. Project management. Support services

Stored for 10 years, or the complete product lifecycle period of the product as a medical device (required by ISO 13485)

 

Laboratory information

(including but not limited to laboratories, devices)

All PCR data and derived results are stored within the selected region.

Stored for 10 years, or the complete product lifecycle period of the product as a medical device (required by ISO 13485)

Anonymized and aggregate non-personal data

(i.e. information that has been stripped of subject-information and aggregated with information of others or anonymized so that the subject cannot reasonably be identified as an individual)

May be shared with third-parties e.g. through anonymized demo data, epidemiology analyses, or summary reports.

Stored for up to 100 years.

User identification information

(i.e. personal (e-)identification data such as e-mail address, name, title, geography, IP address, cookies, session information._
Store, process, visualize. To improve and/or expand the products and services offered by MyDocLab.
Support services (including personalized follow-up regarding old and new features). User information is stored within the Admin module in the West-European region.

Stored until 5 years after license expiry.

CRM information

(i.e. financial identification data: name, geography, identification number, etc.)

Used for accounting and compliance purposes. Used for customer due diligence, embargo, and sanctions screening. To provide summary reports to diagnostic companies where applicable.

Customer and accounting information is stored for 10 years.

In addition, MyDocLab may from time to time request certain other personal information, that may be relevant to MyDocLab services implementation.

All information requested is obligatory to be provided by the client unless stated otherwise. MyDocLab would not be able to process the client’s request or provide relevant facilities and/or services and/or transactions should the client fail to furnish MyDocLab with the necessary information

How MyDocLab Collects Client’s Personal Data?

Any Personal Data is obtained by MyDocLab via;

  1. Online booking through MyDocLab mobile application.
  2. A person acting on behalf of the individual whose data are provided.
  3. Other sources and related links in connection with providing of client’s needs and services.

How MyDocLab Uses Client’s Personal Data?

Purposes for which data may be used and/or processed are as follows:

  1. To process requested medical services and facilities.
  2. To process any payments relevant to the client.
  3. For insurance purposes.
  4. For internal investigations, audits, or security purposes.
  5. To comply with MyDocLab’s legal and regulatory obligations in the conduct of its business.
  6. For MyDocLab’s internal record management.
  7. For prevention, hindrance, reporting of any crime including but not limited to fraud, bribery, and money laundering.
  8. Purposes relating thereto.

Why MyDocLab Collects Client’s Personal Data?

Providing services and features

  1. Provide you with Services across our various business verticals
  2. Engage you to provide Services
  3. Create, administer and update your account
  4. Conduct due diligence checks
  5. Verify your identity
  6. Verify your age (where necessary)
  7. Process payments
  8. Make your experience more seamless, such as automatically filling in your registration information (such as your name or phone number) from one Service to another Service or when you participate in our surveys
  9. Perform internal operations necessary to provide our Services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analyzing usage and activity trends
  10. Protect the security or integrity of the Services and any facilities or equipment used to make the Services available
  11. Enable our partners to manage and allocate fleet resources
  12. Fulfill the services to you as a data processor, where you have provided consent to the data controller (i.e. the organization you had purchased goods or services from, and for whom MyDocLab is providing services on behalf of) for such services to be rendered

Safety and Security

  1. Verifying your identity when you log in
  2. Using the device, location, profile, usage, and other Personal Data to prevent, detect and combat fraud or unsafe activities
  3. Monitoring compliance with our terms and conditions, policies, and our partner’s and staff Code of Conduct
  4. Detecting, preventing, and prosecuting crime

Customer Support

  1. Investigate and address concerns
  2. Monitor and improve our customer support responses
  3. Respond to questions, comments, and feedback
  4. Inform you about steps taken to resolve customer support issues.

Research and development and security

  1. Testing, research, analysis, and product development.
  2. Understand and analyze clients’ needs and preferences.
  3. Protect clients’ Personal Data, improve and enhance the safety and security of our Services.
  4. Develop new features, products, and services, and facilitate insurance and finance solutions.

Legal Purposes

  1. To investigate and resolve claims or disputes, or as allowed or required by applicable law.
  2. When we are required, advised, recommended, expected, or requested to do so by our legal advisors or any local or foreign legal, regulatory, governmental, or other authority. For example, we may use your Personal Data to comply with court orders or other legal, governmental, or regulatory requirements; enforce our Terms of Service or other agreements, and protect our rights or property in the event of a claim or dispute.
  3. Utilize data in connection with mergers, acquisitions, joint ventures, sale of company assets, consolidation, restructuring, financing, business asset transactions, or acquisition of all or part of our business by another company.

Marketing and promotions

  1. We may use your Personal Data to market MyDocLab, sponsors’ and advertisers’ products, services, events, or promotions. For example, we may: send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and notify, invite and manage your participation in our events or activities.
  2. We may communicate such marketing to you by post, telephone call, short message service, online messaging service, push notification by hand, and by email.

Disclosure of Client’s Personal Data

Data held by MyDocLab relating to the client will be kept confidential but MyDocLab may provide or disclose such information to the following parties (whether within or outside of Malaysia)

  1. Governmental agencies, governmental authorities, and other regulatory bodies.
  2. Subsidiaries, associated companies, jointly controlled entities, and affiliates.
  3. Relevant third parties as required under law for the purposes stated in 4.3 above.
  4. Independent consultants and specialists within MyDocLab
  5. Professional advisers such as external auditors, legal advisors, and/or financial advisers, or any third party required by law, regulation, subpoena, court order, or other legal processes.
  6. Third-party payers including insurance companies.

Complaints

If a client has any queries or complaints relating to this Privacy Notice or otherwise relating to misuse or suspected misuse of the client’s data, complaints may be submitted through email at support@mydoclab.com

Retention of Client’s Personal Data

MyDocLab retains your Personal Data for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or allowed by law. Once your Personal Data is no longer necessary for the Services or Purposes, or we no longer have a legal or business purpose for retaining your Personal Data, we take steps to erase, destroy, anonymize or prevent access or use of such Personal Data for any purpose other than compliance with this Policy, or for purposes of safety, security, fraud prevention, and detection, in accordance with the requirements of applicable laws.

Cookies And Advertising On Third Party Platforms

  1. MyDocLab, and third parties with whom we partner, may use cookies, web beacons, tags, scripts, local shared objects such as HTML5 and Flash (sometimes called “flash cookies”), advertising identifiers (including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID) and similar technology (“Cookies”) in connection with your use of the Websites and Apps. Cookies may have unique identifiers and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit Personal Data about you and your use of the Service, such as your browser type, search preferences, IP address, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. Cookies may be persistent or stored only during an individual session.
  2. MyDocLab may allow third parties to use Cookies on the Websites and Apps to collect the same type of Personal Data for the same purposes MyDocLab does for itself. Third parties may be able to associate the Personal Data they collect with other Personal Data they have about clients from other sources. We do not necessarily have access to or control over the Cookies they use.
  3. Additionally, we may share non-personally identifiable Personal Data with third parties, such as location data, advertising identifiers, or a cryptographic hash of a common account identifier (such as an email address), to facilitate the display of targeted advertising on third-party platforms.
  4. If clients do not wish for your Personal Data to be collected via Cookies on the Websites, you may deactivate cookies by adjusting your internet browser settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your internet browser. You may also limit our sharing of some of this Personal Data through your App (Settings > Privacy > Ads) and mobile device settings.

Protection Of Personal Data

  1. We will take reasonable legal, organizational, and technical measures to ensure that your Personal Data is protected. This includes measures to prevent Personal Data from getting lost or used or accessed in an unauthorized way. We limit access to your Personal Data to our employees on a need-to-know basis. Those processing your Personal Data will only do so in an authorized manner and are required to treat your information with confidentiality.
  2. Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through any online means, therefore, any transmission remains at your own risk.

Clients’ Rights With Respect To Their Personal Data

In accordance with applicable laws and regulations, you may be entitled to:

  1. Ask us about the processing of your Personal Data, including being provided with a copy of your Personal Data
  2. Request the correction and/or (in some cases) deletion of your Personal Data
  3. In some cases, request the restriction of the processing of your Personal Data, or object to that processing
  4. Withdraw your consent to the processing of your Personal Data (where we are processing your Personal Data based on your consent)
  5. Request receipt or transmission to another organization, in a machine-readable form, of the Personal Data, that you have provided to us where we are using your Personal Data based on consent or performance of a contract
  6. Complain to the relevant data privacy authority if your data privacy rights are violated, or if you have suffered as a result of unlawful processing of your Personal Data.

Where you are given the option to share your Personal Data with us, you can always choose not to do so. If we have requested your consent to process and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

However, choosing not to share your Personal Data with us or withdraw your consent to our use of it could mean that we are unable to perform the actions necessary to achieve the purposes of processing described in Section 4.3 (Why MyDocLab Collects Client’s Personal Data?) or that you are unable to make use of the Services.

After you have chosen to withdraw your consent, we may be able to continue to process your Personal Data to the extent required or otherwise permitted by applicable laws and regulations.

If you wish to make a request to exercise your rights, you can contact us through our contact details set out in the Contact Us section.

We will screen and verify all requests beforehand. In order to verify your authority to make the request, we may require you to provide supporting information or documentation to corroborate the request. Once verified, we will give effect to your request within the timelines prescribed by applicable laws.

Amendments And Updates

MyDocLab shall have the right to modify, update or amend the terms of this Policy at any time by placing the updated Policy on the Websites. By continuing to use the Apps, Websites or Services, purchase products from MyDocLab, or continuing to communicate or engage with MyDocLab following the modifications, updates, or amendments to this Policy, you signify your acceptance of such modifications, updates, or amendments.

The client continues usage of MyDocLab, services, facilities, and or account(s) is deemed consent for MyDocLab to collect, process, and store the data in accordance with the above.