Lot 2, Jalan Pendaftar U1/54, Section U1, Temasya @ Glenmarie, 40150 Shah Alam, Selangor, Malaysia

PRIVACY POLICY

last updated August 2018

 

This Privacy Policy discloses the practices of ALI HEALTH SDN BHD’s Doctor2U and its predecessors, successors, licensors, beneficiaries, subsidiaries, agents, employees, representatives and/or affiliates (collectively, “Doctor2U” or “we”) concerning information we obtain by and through your use of the Doctor2U mobile application (the “Application”) and the services provided through the Application (the “Services”). Doctor2U is committed to respecting your privacy and recognizing your need for appropriate protection and management of the Personal Data which you share with us.

The purpose of this Privacy Policy is to explain the types of information Doctor2U obtains about users of our Application and/or Services, how the information is obtained, how it is used, how it is disclosed, how you can get access to this information, and the choices you have regarding our use of, and your ability to review and correct, the information described in this policy. As such, please review this policy carefully.

This Privacy Policy applies only to Doctor2U’s Application and Services and becomes effective as soon as you use the Application. Please understand that your attending independent doctor (“Doctor”) may have different privacy standards and/or policies regarding the use and disclosure of your medical information. Such use and disclosure of your medical information in respect of the services rendered by that Doctor to you will accordingly be subject to that particular Doctors’ own privacy standards and/or policies.

Words denoting one gender shall include the other gender. Words denoting a singular number shall include the plural and vice versa.

  1. Collection of Personal Data

1.1     Information That You Give Us.

Personal Data” means information that can identify you, including but not limited to your full name, identification card number, birth certificate number, passport number, nationality, address, telephone number, fax number, bank details, credit card details, race, gender, date of birth, marital status, resident status, financial background, personal interests, email address, your occupation, the industry in which you work in, any information about you which you have provided to us in registration forms, application forms, or any other forms (including inter alia for purposes of completing surveys) and/or any information about you that has been or may be collected, stored, used and processed by Doctor2U from time to time AND INCLUDES sensitive personal data (as defined under the Personal Data Protection Act 2010) such as health/ religious data and criminal data.

1.1.1  The provision of your Personal Data is voluntary. However, if you do not provide us with your Personal Data, we will not be able to process your Personal Data for the Purposes and Additional Purposes outlined below and may not be able to provide you with our Services. We hope that you will find it beneficial to provide information about yourself to us.

1.1.2  Doctor2U will collect your Personal Data when you register for the Application, create a profile on our Application, or subscribe to our Services (“Register”). Doctor2U may also collect your Personal Data when you make a request to be connected with an independent Doctor to provide house call services at your location (“Visit”) or complete our surveys.

1.1.3  The Personal Data that we collect varies depending upon how you use our Services. When you Register, you will need to provide us with health-related information that a Doctor will need to determine whether he/she is willing to provide medical services to you.

1.1.4  That Personal Data will be associated with your profile. Any medical information that you provide through the Application briefly describing your symptoms (or those of any minor for whom you request Services) will be sent to a Doctor, if available, to be used for treatment and the processing of your payment for the Visit, and other healthcare operations. Save as provided in this Privacy Policy, Doctor2U will not use any medical information for any other purpose without your written authorization, which may be communicated through an electronic or digital means.

1.1.5  We do not protect the privacy of and are not responsible for your disclosure of any information through interactive features like forums, message boards, chats, tagging, rating, if any, including, but not limited to information that you might post related to a minor.

1.1.6  Also, whenever you voluntarily disclose anyone’s personal information on publicly-viewable web pages, that information can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information that you voluntarily post, so we encourage you to exercise discretion and caution with respect to information you choose to disclose through these interactive features. When an individual chooses to post information that will be publicly disclosed, he or she is responsible for all legal consequences. We are not responsible under any data protection laws for-information that you voluntarily post on a site that can be accessed by others.

If you have concerns on your privacy rights, you should contact us at the contact details provided at Clause 10 below.

1.2     Other Information We Collect.

In addition to the Personal Data you provide to Doctor2U directly, we may collect your Personal Data from a variety of sources such as:

(i)      Filled application or registration forms or other similar forms;

(ii)      From publicly available sources such as directories;

(iii)     From our social media pages, if you follow, like or are a fan of such pages;

(iv)     By using our website.

1.3     Medical Information.

In connecting you with a Doctor to provide you with their medical services in connection with a Visit, the Application may collect Personal Data from you and transmit it electronically. We will use administrative, physical, and technical safeguards to protect the security and privacy of information held in the Application. Our infrastructure is kept in a secured data centre that protects from unauthorized access to the physical servers, backups and any element used to store and/or process personal data. Only authorized personnel can access the data centre. Our systems and databases are backed up regularly to help protect the data in case of an uncontrollable catastrophe. We run our IT computing system on the Microsoft Azure platform. Kindly be informed that some of these servers may be located outside of Malaysia. The data-center(s) that stores our servers has policies and procedures in place designed to safeguard the equipment that our data is stored on. We regularly upgrade our system software to include the latest security features. Our servers are protected by a firewall system, which is designed to keep unwanted traffic or access out of our computer network. We also employ an intrusion prevention service (IPS) provided by a secured data centre operated by a professional company. We also use security methods to determine the identity of each registered user, so that appropriate rights and restrictions can be enforced for that user. Reliable verification of user identity is called “authentication”. All communications between our Web server, your browser and our mobile apps is encrypted with SSL (Secure Sockets Layer) to guard against network eavesdroppers. Your password is internally encrypted in our system to prevent unauthorized access to the system. Validations are built throughout the application to capture the most reliable information. Only the last 4 digits of your credit card number is stored on our servers.

1.4     Cookies.

Our Application may use cookies and other technologies to collect information. Cookies are small bits of information that our websites place on the hard drive of your computer. We may use cookies to facilitate your login processes; allow you to personalize and store your settings; collect usage information; determine our total audience size and traffic; and help us improve our sites by measuring which areas are of greatest interest to users.

 

1.5     Tracking and/or Analytics Services.

We may use mobile application tracking and/or analytics services. These services may record unique mobile gestures such as tap, double-tap, zoom, pinch, scroll, swipe and tilt but do not collect personally identifiable information that you do not voluntarily enter in the Application. These services do not track your browsing habits across mobile applications that do not use the same services. We are using the information collected by these services to understand user behavior and optimize site performance.

 

1.6     Web Beacons.

We may also use web beacons (invisible images often referred to as pixel tags or clear GIFs) in order to recognize users and assess traffic patterns, and we may include web beacons and cookies in our email messages in order to count how many e-mail messages have been opened.

 

1.7     Non-Health/Medical Information.

We also collect Personal Data that is not health information or medical information (“Non-Health/Medical Information”) in the form of statistics and information regarding the Application user’s statistics and metrics obtained from third party devices (for example, steps, distance, calories burned, GPS coordinates, bat speed, hand speed, swing time, etc.), which may be combined with personal information you submit through the Application and/or Services so that you can fully enjoy the benefits of the Application’s tracking, monitoring, and diagnostic tools. We may also request the following optional information as part of your profile so that you can fully enjoy the features and functions of our Services: your weight, height, and gender.

 

1.8     Mobile Device Information.

Your use of the Application may also include collection of information from your mobile device. For example, the Application may request your permission to collect location data and/or may request access to multimedia (photos or videos) stored on your mobile device. Location data is not required for participation in activities through the Application, and you have the option of declining collection of geolocation data. If you do not wish for your location data to be shared with Doctor2U, please respond accordingly when prompted on your mobile device, or visit your mobile device settings. Multimedia will only be collected from your device if you affirmatively select it to upload to the application (i.e. you choose an image or video to store within the Application). Multimedia will not be shared with other Application users (with the exception of your profile photo, which will appear in your user profile)

2. Purposes of Processing: How We Use Your Information

2.1     Subject to this Doctor2U Privacy Policy, the Terms of Service, and applicable terms and conditions of third-party applications, all data transmitted through the Application is owned by Doctor2U. To the extent Doctor2U is precluded from owning data transmitted through the Application, you grant Doctor2U a perpetual, worldwide, royalty-free license to use such data (with the exception of medical information) to the extent necessary to enable use of the Application and Services.

2.2     Doctor2U may use and process your Personal Data for its business and activities which shall include, but not limited to, the following (“Purposes”):

2.2.1  Where you are a user of the Services provided by Doctor2U (“User”):

(i)      to perform Doctor2U’s obligations in respect of any contract entered into with you;

(ii)      to provide you with and to deliver to you any Service which you have requested;

(iii)     to process, manage or verify your application for subscription with Doctor2U and to provide you the benefits offered to subscribers;

(iv)     to validate your requests, purchases and bookings as well as process payments relating to any products or Services you have requested;

(v)      to process your participation in any events, activities, research studies, promotions, polls or surveys;

(vi)     to understand and analyze our sales as well as your needs and preferences; and

(vii)    to process exchanges or product returns.

2.2.2  Where you are an agent, vendor, supplier, partner, contractor or service provider:

(i)      for the purposes of engaging you to provide services or products;

(ii)      to facilitate or enable checks as may be required by Doctor2U in order to engage you;

(iii)     to process payments relating to any products or services you have provided;

(iv)     to contact you.

2.2.3  General (applicable to all the parties referred to in Clauses 2.1.1 and 2.1.2 above):

(i)      to respond to questions, comments and feedback from you;

(ii)      to communicate with you for any of the Purposes listed in this Privacy Policy;

(iii)     for internal administrative purposes, such as auditing, data analysis, database records;

(iv)     for purposes of detection, prevention and prosecution of crime;

(v)      for Doctor2U to comply with its obligations under the law;

(vi)     to enhance or develop features, products and services; and

(vii)    to personalize the content that you and others see on the Application.

2.3     Doctor2U may also use and process your data for other purposes which include, but is not limited to, the following (“Additional Purposes”):

(i)      to notify you about our products and services;

(ii)      to send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings from Doctor2U, its partners, sponsors or advertisers;

(iii)     to notify and invite you to events or activities organized by Doctor2U, its partners, sponsors or advertisers;

(iv)     to process your registration to participate in or attend an event or activity and to communicate with you regarding your attendance at the event or activity;

 (v)     to provide advertisers and other third parties with aggregate information about Application users and the Application usage patterns;

(vi)     to allow other selected companies to send you promotional materials about their products and services; and

(vii)    to share your Non-Health/Medical Information amongst its subsidiaries, associate companies, partners and jointly controlled entities (which shall include Lovy Pharmacy) who may communicate with you to market their products, services, events or promotions,

by way of post, telephone call, short message service (SMS), by hand, by e-mail, and/ or any other electronic or digital device. For the avoidance of doubt, Doctor2U will NEVER share your medical and health information for any marketing or promotional purposes without your prior written consent.

2.4       We use Non-Health/Medical Information for purposes such as measuring the number of users of various features of the Application, making the Application more useful to users and delivering targeted advertising and non-advertising content. We may also use Non-Health/Medical Information (for example, statistics regarding use and metrics) for research purposes, for marketing and promotional purposes, and to develop new learning tools and solutions and we may share such information with third parties, including researchers and/or advertisers, on an aggregate and anonymous basis. We use IP addresses to analyze trends, administer the Application, track a visitor’s movement, and gather demographic information for aggregate, non-personally identifiable use.

2.5     You acknowledge that unless you request in writing otherwise, Doctor2U, in its sole discretion, has the right but not the obligation to store any Personal Data perpetually, to the extent permitted by law. If you wish for any information about you to be removed from our database, please contact us through the contact information provided below in the “How to Contact Us” section of this Privacy Policy. We will not use your Health related information for any purpose other than to provide you with the Services and/or customer support services you request from us.

3. Revocation of Consent

3.1     You may revoke, in writing, any such authorization at any time, except to the extent Doctor2U has taken action in reliance thereon. If you wish to revoke the consent that Doctor2U has obtained from you for the Purposes stipulated herein, please notify us by contacting us at the e-mail address provided below in the “How to contact us” section of this Privacy Policy.

3.2     If you wish to unsubscribe to the processing of your Personal Data for the Additional Purposes by Doctor2U, please click on the link “Unsubscribe” which is embedded in the relevant e-mail in order not to receive any e-mail in the future.

4. Sharing Your Information.

4.1     Your Non-Health/Medical Information may be transferred, accessed or disclosed to third parties for the Purposes and Additional Purposes. Further, Doctor2U may engage other companies, service providers or individuals to perform functions on its behalf, and consequently may provide access to or disclose you Non-Health/Medical Information to such service providers or third parties. Except as otherwise described in this Privacy Policy, or if we inform you otherwise at the time of data collection and receive your consent where required, we will not sell, trade, or share your Personal Data with third parties.

We may share your Personal Data as follows:

 4.2     Doctors and Doctors

We will share your Personal Data with the Doctor who responds to your request. The Doctor may contact you via telephone prior to being dispatched to your location, to ensure that that they are equipped to handle your medical case. The Doctor’s treatment of your information is subject to the Doctor and Doctor’s own policies and procedures. Any medical information that we collect from you will be kept private and secure, as required by law.

 4.3     With Affiliates

We may share your Non-Health/Medical Information with affiliated companies and businesses. We will NOT share your medical or health information for any marketing purposes without your prior written consent.

4.4     With Service Providers

We may use other companies (such as information technology (IT) service providers) to perform services including, without limitation, facilitating some aspects of our Application such as processing credit card transactions, developing our software and infrastructure, sending emails, and fulfilling purchase requests. These other companies may be supplied with or have access to your Non-Health/Medical Information, solely for the purpose of providing these services to you on our behalf.

4.5     With Business Partners

When you make purchases or engage in promotions offered through our Application, we may share your Non-Health/Medical Information with the businesses with which we partner to offer you those products, services, and promotions. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner.

4.6     With other Service Providers

We occasionally will share, on an anonymous basis, information and data on Application users with third party providers who provide targeted services, such as advertising or data analysis on our behalf. This sharing of information does NOT include any Personal Data or medical information.

4.7     Special Circumstances

We also may disclose your Personal Data:

(i)      in response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency where required by applicable law.

(ii)      when disclosure is required or allowed by law in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Application’s terms and conditions or other agreements or policies.

(iii)     in connection with a corporate transaction, such as the sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of winding-up, as required or allowed by law.

SPECIAL NOTICE FOR USERS OF THE APPLICATION: IF YOU ELECT TO MAKE YOUR PROFILE (OR THAT OF A MINOR OR FAMILY MEMBER) VIEWABLE BY DOCTORS, ALL INFORMATION (EXCLUDING PERSONAL CONTACT INFORMATION) THAT YOU INCLUDE IN THAT PROFILE MAY BE VIEWED BY DOCTORS. YOU SHOULD NOT ENTER ANY INFORMATION IN THE PROFILE THAT YOU (OR ANOTHER PERSON) WISH TO REMAIN CONFIDENTIAL. DOCTORS WILL NOT BE ABLE TO CONTACT YOU EXCEPT THROUGH THE PERSONAL CONTACT INFORMATION YOU PROVIDE THROUGH THE APPLICATION. WE ARE NOT RESPONSIBLE FOR THE RETENTION, USE OR PRIVACY PRACTICES OF DOCTORS AFTER THEY HAVE RECEIVED YOUR INFORMATION.

 5. How to Access or Update Your Information.

5.1     Subject to any exceptions under the applicable laws, you may:

(i)      request for access to and/or request for the correction of your Personal Data;

(ii)      request to limit the processing of your Personal Data for the Additional Purposes; and/or

(iii)     make any inquiries regarding your Personal Data,

by contacting us at the e-mail address provided below in the “How to contact us” section of this Privacy Policy.

5.2     Subject to any applicable laws, Doctor2U reserves the right to impose a fee for access of your Personal Data in the amounts as permitted therein.

5.3     In respect of your right to access and/or correct your Personal Data, Doctor2U has the right to refuse your requests to access and/or make any correction to your Personal Data for the reasons permitted under the law, for example where the expenses of providing access to you is disproportionate to the risks to your or another person’s privacy.

5.4     If you do not wish for your Personal Data to be collected via cookies on our website, you may deactivate cookies by adjusting your internet browser settings to disable, block or deactivate cookies, by deleting your browsing history and clearing the cache from your internet browser.

6. How We Protect Your Information.

We use commercially reasonable administrative, technical, and physical measures to safeguard Personal Data and medical information in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over mobile applications is 100% secure, however. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information, including without limitation any breach of security or for any actions of a Doctor.

7.  Links to Third Party Sites.

Our Application may contain links to websites or applications operated and maintained by third-parties, over which we have no control. Privacy policies for these third-party sites and applications may be different from our Privacy Policy. You access these third-party sites and applications at your own risk. You should always read the privacy policy of a linked site or applications before disclosing any personal information on such site and/or through such applications. Doctor2U is not responsible for information you submit to third-parties.

8.  Acknowledgement and Consent

By communicating with Doctor2U, using the Application and our Services or by virtue of your engagement with Doctor2U, you acknowledge that you have read and understood this Privacy Policy and agree and consent to the use, processing and transfer of your Personal Data by Doctor2U as described in this Privacy Policy.

From time to time we may modify, update or amend the terms of this Privacy Policy by placing the updated Privacy Policy on our website. The effective date of such modifications, updates or amendments will be noted at the end of the Privacy Policy. You should therefore review it periodically so that you are up to date on our most current policies and practices. If we make material changes to our practices regarding the processing and/or use of your Personal Data, your Personal Data will continue to be governed by the version of the Privacy Policy to which such Personal Data was subject (prior to those changes), unless you have been provided notice of, and have not objected to, the changes. By continuing to communicate with Doctor2U, by continuing to use our Services or by your continued engagement with Doctor2U following the modifications, updates or amendments to this Privacy Policy, such actions shall signify your acceptance of such modifications, updates or amendments.

9. English version of Privacy Policy to prevail

In the event of any conflict between the English and Malay version of this Privacy Policy, the English version shall prevail.

10. How to Contact Us.

If you have any questions, comments or concerns about our Privacy Policy, please contact:

          Pradeepa Venugopal

          Phone number: 012-5251530

          Fax number: 03-55696829

          E-mail address: [email protected]

 11. Effective Date.

This Privacy Policy is effective as of 3 July 2017.