Privacy Policy
We at Scicom (MSC) Berhad and our servants and agents, which includes any of the Scicom group of companies, ("we", "us", "our" or "Scicom" as the context requires) are committed to protecting and respecting your privacy. Scicom is the owner of the mobile application known as the COVID19-MY Mobile App ("the Application" or "the App").
This privacy policy governs your use of the Application. This policy applies to all data processed in Malaysia, the transmission of information through this site will send data within the legal jurisdiction of Malaysia and the Personal Data Protection Act 2010 is deemed to apply to the processing and use of this data.
What information does the Application obtain and how is it used?
The Application obtains the information you provide when you download and register the Application. Registration with us is optional. However, please keep in mind that you will not be able to use the features offered by the Application unless you register with us. The Application will also collect information about your location for as long as you enable location services within your mobile device.
We process two kinds of information about you, personal data including some sensitive personal data and location data based on GPS tracking data obtained via your mobile device.
We process this data in order that:
• We can gain data to aid a better understanding of COVID-19 symptoms
• We can track the spread of COVID-19 and advise you of when you may have been exposed
• We can provide you with push notifications about health and hygiene practices based on your recent location
• We may provide data to the Malaysian government or related parties to help advance scientific research into the links between patient's health and their response to infection by COVID-19
Sensitive personal data
This is information about you, your health and your symptoms.
Our legal basis for processing the is that you consented to our doing so. Because of the tight regulatory requirements placed on us, we need your express consent to process data about your health, which means that you will be unable to use the Application if you do not provide us with your consent (or withdraw your consent).
We may share this data with people doing health research, for example, people working in:
• Hospitals
• Government
• Universities
• Health charities
• Other research institutions
We will not retain your sensitive personal data for any longer than six (6) months. However, if this data has been shared with a government agency or healthcare facility or research body we cannot confirm how long they may retain your data for. If you wish us to stop processing your sensitive personal data, you may withdraw your consent at any time by emailing us at [email protected]. When you withdraw your consent, we will delete all sensitive personal data we hold about you.
Other personal data
We also process your name and mobile device number information for the following purposes:
• Asking you for feedback on the app or conducting other forms of survey.
• Keeping in touch with you about the app and its performance.
• Sending you information about new versions of the app or similar apps we may have in the future.
We will not send any messages not meant individually for you (for example marketing messages). We will not sell your contact information to third-parties or for commercial purposes.
Our legal basis for processing this information is our legitimate interest in developing, marketing and running the app.
We keep your personal information for six (6) months after the last communication with us, or the last use of the app, then we delete it.
Location Tracking Data
When you register to use the Application, the Application will verify (a) your Full Name; (b) an active mobile device number (which will be validated by a One Time Password (OTP).
Device information: When you install the COVID19-MY mobile app to your mobile device, we collect device ID/name and model. We use this information for device identification.
Location information: When you run the COVID19-MY mobile app in your device, we will collect location data through GPS, Wifi, or cellular triangulation on a regular basis for as long as the device is switched on and location services are enabled. We will not share your current location with other users or partners. We may share your historical records of movement with a government agency or other third party if it will assist in the management of COVID-19 or prevent a risk to health of others or yourself. We will also use this data to determine your current location in order to inform you of your proximity to confirmed cases, and to send you contextual hygiene-based notifications. We maintain this data for no longer than six (6) months. Out-of-date data will be removed from our database.
Log files: Our server automatically gathers some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of web page visits.
The data collected does not include personally identifiable information and is used for server performance analysis and troubleshooting purpose.
Do third parties see and/or have access to information obtained by the Application?
We will share your information with third parties only in the ways that are described in this privacy statement.
As stated above your information may be shared with with people doing health research, for example, people working in:
• Hospitals
• Government
• Universities
• Health charities
• Other research institutions
In addition we may use third parties to process or store the data.
Third party processors
We use third parties to process some of your personal data on our behalf. When we allow them access to your data, we do not permit them to use it for their own purposes. We have in place with each processor, a contract that requires them only to process the data on our instructions and to take proper care in using it. They are not permitted to keep the data after our relationship with them has ended.
These processors include:
• Amazon Web Services
• Google Cloud Platform
• Google Analytics
Legal requests for information
Scicom will cooperate, where it is required to do so, with enquiries from authorities which demonstrate a legal requirement for access to information about you. These include but are not limited to: The Malaysian Ministry of Health, Malaysian and International Police Forces, the Malaysian Department of Immigration and any other bona fide investigators on behalf of other agencies pursuing a lawful enquiry.
How do we protect your information?
We protect your data in your device. The COVID19-MY mobile app collects location data from your tracked device. We encrypt your name and mobile number data when transmitting from your device to our server using AES128 encryption. We then delete this data from your device once data transmission completes.
We protect your data online. Data access is protected by an account authentication process. Only an account holder who knows the account credential can access to your own data in your account. Other users cannot access your data unless you have opted in location sharing.
We protect your data offline. Your account and location data are stored in our secured database. Only employees who needs the information to perform a specific job are granted access. The server in which we store our database is hosted in a secure environment.
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavour provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
Scicom or their authorized representatives, partners or subsidiaries will take all reasonable precautions to protect the security of your data however we cannot be liable to you for any loss or damage suffered by you as a result of an unauthorised third party having accessed your data.
We may, on occasion, be required to undertake a check on the identity of Application Users in order to prevent fraud or misuse of the Application or Scicom services.
Your Consent
By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing," means using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in Malaysia.
Opt-out rights
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. You may withdraw your consent at any time by emailing us at [email protected] stating that you withdraw your consent.
Your right to ask to see the information we hold about you
You may also request for us to provide you with details of personal information that we hold about you. If you want to make a request for this information you should write to the Data Protection Officer (COVID19-MY), Scicom, 25th Floor, Menara TA One, 22 Jalan P. Ramlee, Kuala Lumpur Malaysia 50250 or email us at [email protected]. If you request us to do so we will consider making changes to the information that we hold about you. We will change certain limited information that we hold about you where you tell us that it is incorrect.
Contact us
You may contact us by any of the methods set out on our contact us page of the COVID19-MY website or the "Contact Us" section of the app. If you have any questions about our use of your personal data, please write to the Data Protection Officer (COVID19-MY) Scicom, 25th Floor, Menara TA One, 22 Jalan P. Ramlee, Kuala Lumpur Malaysia 50250 or email us at [email protected].
Changes
This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via a notification in the Application. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.