Personal Data Protection Policy
Key Genetics Sdn. Bhd. (“Key Genetics”) cares about and is committed to the protection of your personal data in accordance with Malaysia’s Personal Data Protection Act 2010 (“PDPA”) and other applicable law. In this Personal Data Protection Policy (“Policy”), “we,” “us” and “our” refers to Key Genetics.
This Policy clarifies how Key Genetics processes your personal data from the point we collect, use, share and dispose of your personal data, the security measures that we establish to ensure your personal data is well protected and how you can exercise your rights in respect of your personal data.
We may amend this Policy from time to time to ensure that our standards and practices remain relevant, are up to date and comply with applicable laws and guidelines. We will provide you with notice of amendments to this Policy, as appropriate, and update the “Last Updated” date of this Policy. The latest version of the Policy supersedes and replaces the earlier versions. We will publish the amended or revised Policy on our website or by email and/or circulate copies of the amended /revised Policy as necessary in your transactions, agreements, or interactions with us. We encourage you to check our Policy from time to time.
1. Personal Data Personal data means data about an individual who can be identified from that data which may include but is not limited to the individual’s name, identification number, address, email address, telephone number, date of birth.
1.1 Types of personal data we process We process your personal data which would include your name, NRIC number or passport number, mailing address, email address, phone number, financial and banking account details and any other information relating to any individuals which you have provided us in any forms you may have submitted to us including our online contact /inquiry form. The personal data we collect also includes sensitive personal data which is your medical history and information (patient medical history, diagnostics, allergies) as well as the medical history and information of family members, relatives or third parties that you provide to us.
1.2 How we collect personal data Generally, depending on the situation, we collect personal data in the following ways:
(a) When you submit any form, including but not limited to our online contact /inquiry form;
(b) When you interact with our customer service officers, our genetic counsellors and other representatives via telephone calls (which may be recorded) and emails;
(c) When you use our services provided through online and other technology platforms, such as websites, and apps, online technologies, or tools;
(d) When you request that we contact you, be included in our email mailing list; or when you respond to our request for additional personal data; (e) When you are contacted by, and respond to, our customer service officers, genetic counsellors, representatives, and other service providers; (f) When we receive your personal data from referral parties such as private and public healthcare institutions, other healthcare professionals with whom you have interacted and other third parties;
(g) When you make payment or provide details to facilitate payment for our services;
(h) Indirectly from third parties which would include family members, next-of-kin, caregivers, guardians when such third parties send us completed forms such as our online inquiry /contact form and any registration or application forms;
(i) When we seek information from third parties about you in connection with your relationship with us, including from next-of -kin and caregivers;
(j) If you are a healthcare provider, when you register for, attend, and participate in our training workshops on genetic counselling; and
(k) When you browse our website using cookies.
If you provide us with any personal data relating to a third party (e.g., information of your next-of-kin, spouse, children, parents), by submitting such information to us, we rely on you and will assume that you are representing to us that you have obtained the consent from the third party to provide us with their personal data for the respective purpose for which we are collecting this personal data. We also rely on you and will assume that you have ensured that all personal data submitted to us is complete, accurate, true, and correct.
2. Purposes of collecting and processing (including disclosing) your personal data For patients or potential patients, parents, guardians, caregivers or next-of-kin of patients /potential patients, healthcare providers or service providers or business partners or vendors, we may collect and process (including disclose) your personal data for the following purposes:
(a) to provide and deliver our tele-genetic counselling services;
(b) to collaborate with other healthcare providers in delivering our genetic counselling services;
(c) to communicate with you in relation to our services;
(d) contacting family members /parents/ next-of-kin, caregivers, guardians for the purposes of providing health updates and seeking consent from them in incapacity situations;
(e) to administer and give effect to your commercial transaction (contract for services, independent contractor agreement, collaboration agreement, etc.);
(f) to facilitate your participation in our events and training workshops;
(g) to process any payments relevant to you;
(h) for insurance purposes;
(i) for internal investigations, audit, or security purposes;
(j) to conduct internal statistical analysis and analysis of patient case studies;
(k) to support research, improvement, and innovation of our services;
(l) to store and carry out data analytics processes;
(m) to comply with Key Genetics’ legal and regulatory obligations in the conduct of its business;
(n) to handle potential legal claims, manage litigation, resolve legal proceedings;
(o) if you have given your consent to receiving marketing or promotional information, then from time to time, we may send you information from time to time on our services and events; (p) for Key Genetics’ internal records management; and
(q) all other purposes reasonably related to the aforesaid.
3. Disclosure of personal data
3.1 Third Parties Your personal data may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual or business relationships, our business partners, service providers or vendors for the purposes stated in Clause 2 Purposes of collecting and further processing (including disclosing) your personal data above (or directly related to those purposes). For example, if you are a patient or potential patient, we may disclose your personal data to healthcare providers which would include private and public healthcare institutions to deliver our genetic counselling services effectively.
3.2 The Ministry of Health (“MOH”), any statutory or non-statutory authorities or bodies having authority or jurisdiction established by MOH, relevant government departments and agencies, regulatory authorities, accreditation bodies, law enforcement agencies We may have to disclose personal data for legal and regulatory compliance to MOH, the relevant governmental authorities, agencies and departments, regulatory authorities, accreditation bodies and law enforcement agencies for legal and regulatory compliance purposes, investigation proceedings, to prevent a crime or protect national security and protect our rights or property.
3.3 Our professional advisors We also share your personal data with our professional advisors which such as but not limited to our auditors, accountants, consultants, lawyers, company secretary, tax advisors, insurers.
3.4 Any person who may be a purchaser, transferee or assignee of our company or business or assets In the event of a potential, proposed or actual sale of business or assets, disposal, acquisition, merger, or re-organisation (“Transaction”), your personal data may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit Key Genetics to release your personal data to the other party and its advisers/representatives.
3.5 Transfer of your personal data outside Malaysia It may be necessary for us to transfer your personal data outside Malaysia if any of the third parties as mentioned in this Clause 3 (Disclosure of personal data) are located or have processing facilities outside of Malaysia for the purposes as set out in Clause 2 (Purposes of collecting and processing (including disclosing) your personal data). In doing so, we shall take necessary steps to safeguard your personal data and we will comply with this Policy, the PDPA and other applicable data protection and privacy laws.
4. Security
We maintain administrative, technical, and physical safeguards to protect the personal data in our possession or control against unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. Although we strive to make all efforts to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the unlikely event of a data breach, you will be notified as soon as possible, in accordance with applicable law.
5. Retention
We will keep your personal data only for as long as is needed to fulfil our purposes, to execute our services, contractual obligations, to comply with any legal and regulatory obligations in accordance with the maximum statutory retention periods prescribed or in the event we must resolve any legal proceedings.
6. Cookies
When you interact with us on our website, we automatically receive and record information on our server logs from your browser. We may employ cookies for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies are small text files placed in the 'Cookies' folder on your computer's hard disk and allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read, or modify any other data on a computer. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
7. Links to third-party sites
Our website may contain links to other websites operated by third parties. These sites may have their own privacy policy in place, which we recommend you review if you visit any linked websites. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. Once you have left our website, you should check the applicable privacy policy of the third-party website to determine how they will handle any information they collect from you.
8. Withdrawal of consent, access, and correction of your personal data
You have choices regarding our collection, use, processing, and disclosure of your personal data. You have the right to object to our processing of your personal data for the purposes of direct marketing. Direct marketing means the communication by whatever means of any advertising or marketing material for our services which is directed to particular individuals. You shall always have the right to withdraw your previously given consent to our collection, use, processing, and disclosure of your personal data at any time by contacting us. However, your withdrawal of consent may result in us not being able to continue providing you with our services. You have the right to request to access or to correct your personal data held by us (subject always to certain exemptions provided under applicable law). We will make every endeavour to ensure your personal data is accurate and up to date, therefore we ask that if there are changes to your information you should notify us directly. If you have any requests, inquiries, and complaints in respect of your personal data, you may contact us per the contact details in Clause 9 below.
9. How to contact us
You may contact us by filling up our online contact form at https://www.keygenetics.com.my/contact, calling us at +60 11-1624 0738 or emailing us at appointments@keygenetics.com.my.
This Policy clarifies how Key Genetics processes your personal data from the point we collect, use, share and dispose of your personal data, the security measures that we establish to ensure your personal data is well protected and how you can exercise your rights in respect of your personal data.
We may amend this Policy from time to time to ensure that our standards and practices remain relevant, are up to date and comply with applicable laws and guidelines. We will provide you with notice of amendments to this Policy, as appropriate, and update the “Last Updated” date of this Policy. The latest version of the Policy supersedes and replaces the earlier versions. We will publish the amended or revised Policy on our website or by email and/or circulate copies of the amended /revised Policy as necessary in your transactions, agreements, or interactions with us. We encourage you to check our Policy from time to time.
1. Personal Data Personal data means data about an individual who can be identified from that data which may include but is not limited to the individual’s name, identification number, address, email address, telephone number, date of birth.
1.1 Types of personal data we process We process your personal data which would include your name, NRIC number or passport number, mailing address, email address, phone number, financial and banking account details and any other information relating to any individuals which you have provided us in any forms you may have submitted to us including our online contact /inquiry form. The personal data we collect also includes sensitive personal data which is your medical history and information (patient medical history, diagnostics, allergies) as well as the medical history and information of family members, relatives or third parties that you provide to us.
1.2 How we collect personal data Generally, depending on the situation, we collect personal data in the following ways:
(a) When you submit any form, including but not limited to our online contact /inquiry form;
(b) When you interact with our customer service officers, our genetic counsellors and other representatives via telephone calls (which may be recorded) and emails;
(c) When you use our services provided through online and other technology platforms, such as websites, and apps, online technologies, or tools;
(d) When you request that we contact you, be included in our email mailing list; or when you respond to our request for additional personal data; (e) When you are contacted by, and respond to, our customer service officers, genetic counsellors, representatives, and other service providers; (f) When we receive your personal data from referral parties such as private and public healthcare institutions, other healthcare professionals with whom you have interacted and other third parties;
(g) When you make payment or provide details to facilitate payment for our services;
(h) Indirectly from third parties which would include family members, next-of-kin, caregivers, guardians when such third parties send us completed forms such as our online inquiry /contact form and any registration or application forms;
(i) When we seek information from third parties about you in connection with your relationship with us, including from next-of -kin and caregivers;
(j) If you are a healthcare provider, when you register for, attend, and participate in our training workshops on genetic counselling; and
(k) When you browse our website using cookies.
If you provide us with any personal data relating to a third party (e.g., information of your next-of-kin, spouse, children, parents), by submitting such information to us, we rely on you and will assume that you are representing to us that you have obtained the consent from the third party to provide us with their personal data for the respective purpose for which we are collecting this personal data. We also rely on you and will assume that you have ensured that all personal data submitted to us is complete, accurate, true, and correct.
2. Purposes of collecting and processing (including disclosing) your personal data For patients or potential patients, parents, guardians, caregivers or next-of-kin of patients /potential patients, healthcare providers or service providers or business partners or vendors, we may collect and process (including disclose) your personal data for the following purposes:
(a) to provide and deliver our tele-genetic counselling services;
(b) to collaborate with other healthcare providers in delivering our genetic counselling services;
(c) to communicate with you in relation to our services;
(d) contacting family members /parents/ next-of-kin, caregivers, guardians for the purposes of providing health updates and seeking consent from them in incapacity situations;
(e) to administer and give effect to your commercial transaction (contract for services, independent contractor agreement, collaboration agreement, etc.);
(f) to facilitate your participation in our events and training workshops;
(g) to process any payments relevant to you;
(h) for insurance purposes;
(i) for internal investigations, audit, or security purposes;
(j) to conduct internal statistical analysis and analysis of patient case studies;
(k) to support research, improvement, and innovation of our services;
(l) to store and carry out data analytics processes;
(m) to comply with Key Genetics’ legal and regulatory obligations in the conduct of its business;
(n) to handle potential legal claims, manage litigation, resolve legal proceedings;
(o) if you have given your consent to receiving marketing or promotional information, then from time to time, we may send you information from time to time on our services and events; (p) for Key Genetics’ internal records management; and
(q) all other purposes reasonably related to the aforesaid.
3. Disclosure of personal data
3.1 Third Parties Your personal data may be disclosed to relevant third parties (in or outside of Malaysia) as required under law, pursuant to the relevant contractual or business relationships, our business partners, service providers or vendors for the purposes stated in Clause 2 Purposes of collecting and further processing (including disclosing) your personal data above (or directly related to those purposes). For example, if you are a patient or potential patient, we may disclose your personal data to healthcare providers which would include private and public healthcare institutions to deliver our genetic counselling services effectively.
3.2 The Ministry of Health (“MOH”), any statutory or non-statutory authorities or bodies having authority or jurisdiction established by MOH, relevant government departments and agencies, regulatory authorities, accreditation bodies, law enforcement agencies We may have to disclose personal data for legal and regulatory compliance to MOH, the relevant governmental authorities, agencies and departments, regulatory authorities, accreditation bodies and law enforcement agencies for legal and regulatory compliance purposes, investigation proceedings, to prevent a crime or protect national security and protect our rights or property.
3.3 Our professional advisors We also share your personal data with our professional advisors which such as but not limited to our auditors, accountants, consultants, lawyers, company secretary, tax advisors, insurers.
3.4 Any person who may be a purchaser, transferee or assignee of our company or business or assets In the event of a potential, proposed or actual sale of business or assets, disposal, acquisition, merger, or re-organisation (“Transaction”), your personal data may be required to be disclosed or transferred to a third party as a result of the Transaction. You hereby acknowledge that such disclosure and transfer may occur and permit Key Genetics to release your personal data to the other party and its advisers/representatives.
3.5 Transfer of your personal data outside Malaysia It may be necessary for us to transfer your personal data outside Malaysia if any of the third parties as mentioned in this Clause 3 (Disclosure of personal data) are located or have processing facilities outside of Malaysia for the purposes as set out in Clause 2 (Purposes of collecting and processing (including disclosing) your personal data). In doing so, we shall take necessary steps to safeguard your personal data and we will comply with this Policy, the PDPA and other applicable data protection and privacy laws.
4. Security
We maintain administrative, technical, and physical safeguards to protect the personal data in our possession or control against unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. Although we strive to make all efforts to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the unlikely event of a data breach, you will be notified as soon as possible, in accordance with applicable law.
5. Retention
We will keep your personal data only for as long as is needed to fulfil our purposes, to execute our services, contractual obligations, to comply with any legal and regulatory obligations in accordance with the maximum statutory retention periods prescribed or in the event we must resolve any legal proceedings.
6. Cookies
When you interact with us on our website, we automatically receive and record information on our server logs from your browser. We may employ cookies for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies are small text files placed in the 'Cookies' folder on your computer's hard disk and allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read, or modify any other data on a computer. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website.
7. Links to third-party sites
Our website may contain links to other websites operated by third parties. These sites may have their own privacy policy in place, which we recommend you review if you visit any linked websites. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. Once you have left our website, you should check the applicable privacy policy of the third-party website to determine how they will handle any information they collect from you.
8. Withdrawal of consent, access, and correction of your personal data
You have choices regarding our collection, use, processing, and disclosure of your personal data. You have the right to object to our processing of your personal data for the purposes of direct marketing. Direct marketing means the communication by whatever means of any advertising or marketing material for our services which is directed to particular individuals. You shall always have the right to withdraw your previously given consent to our collection, use, processing, and disclosure of your personal data at any time by contacting us. However, your withdrawal of consent may result in us not being able to continue providing you with our services. You have the right to request to access or to correct your personal data held by us (subject always to certain exemptions provided under applicable law). We will make every endeavour to ensure your personal data is accurate and up to date, therefore we ask that if there are changes to your information you should notify us directly. If you have any requests, inquiries, and complaints in respect of your personal data, you may contact us per the contact details in Clause 9 below.
9. How to contact us
You may contact us by filling up our online contact form at https://www.keygenetics.com.my/contact, calling us at +60 11-1624 0738 or emailing us at appointments@keygenetics.com.my.