Terms and Condition

Data Management Policy

1. Introduction

As part of Biogenes' provision of services through the mobile or web-based applications owned and offered for download by Biogenes, including APTFAB, APTSENS, APTCAD, and any other mobile applications that we may develop and offer in the future (collectively, the “Apps” and individually, an “App”), we will need to gather and use certain information of individuals. These can include users, suppliers, business contacts, employees and other people we have a relationship with or may need to contact. Biogenes takes its responsibility under all relevant laws including the Personal Data Protection Act 2010 ("PDPA”) seriously. Biogenes also recognises the importance of the personal data that you have entrusted us with. It is also our responsibility to properly manage, protect and process all data.

Please carefully review this data management policy (“Data Management Policy”) to understand our policies and practices regarding the collection, use and treatment of your information. By using, accessing, or registering with an App, the use of our websites, mobile application, and services (collectively, the “Service(s)”), you consent to our collection, use, processing, and disclosure of information in accordance with this Data Management Policy. You also acknowledge and agree that we are not responsible for how third-parties, vendors, and service providers collect or use your information.

2. This Data Management Policy

Objectives

In providing proper and secure management of personal data, Biogenes aims to ensure that:

  • all management of personal data is in compliance with statutory requirements, as well as third-party and other contractual data obligations;
  • all personal data is used for the purposes for which they are collected as set out in our Privacy Policy, which you may find at: Privacy Policy; and
  • all personal data are collected, stored and disposed of in ways appropriate to the risk and impact of unintended disclosure.

Roles and responsibility

  • Data Owners: Data Owners are members of our administrative and/or operation team who are generally responsible for managing processes that relate to data. The roles and responsibilities also extend to the following:

    1. to be responsible for the data quality, confidentiality, integrity and availability of data;
    2. to promote and enhance the value of data for App-wide purposes and facilitate data sharing and integration;
    3. to determine the access levels of the data owned;
    4. to determine and authorise the access rights and privileges of the data owned;
    5. to manage the operational matters of data;
    6. to be responsible in ensuring that the Apps developed shall use data according to the Privacy Policy;
    7. to be responsible for the data analysis of data; and
    8. to resolve queries on data.

  • Data and Database Administrators: administrators are members of our IT team who are assigned to manage data as well as data stored in the Apps and databases. The roles and responsibilities also extend to the following:

    1. to manage and maintain the databases towards data security, confidentiality, integrity and availability;
    2. to develop and implement standard Data Management policies, procedures and guidelines;
    3. to develop and implement data retention and archiving policies, procedures and guidelines; and
    4. to manage the Apps and any reporting systems that relate to the storage and management of all data.

Generally, all members of Biogenes are responsible for ensuring that access and utilisation of data is done in a manner that minimises risk to all parties involved. Biogenes understands that data management is a shared responsibility and they must abide by data management procedures and practices. Such general responsibilities include:

  • using data only for authorised and intended purposes as per the Privacy Policy;
  • understanding the data and guarding against misinformed or incorrect interpretations (any queries and clarification should be forwarded to the individual designated to management of the data in question);
  • respecting the privacy of the data and the individuals that they represent (i.e. to not disclose personal information, or accessing or manipulating such data for personal gain or interest); and
  • ensuring that they do not knowingly or unknowingly falsify data nor inappropriately delete or reproduce data.

Notice and Choice

The Data Owner must inform users by written notice (“PDP Notice”) in both Malay and English, of among other things, the purpose of processing his/her personal data and the third parties to whom their personal data may be disclosed.

The PDP notice shall be given as soon as practicable by the Data Owner

  • when the user is asked by the Data Owner to provide his/her personal data
  • when the user provides his/her personal data when using our Services, including when the user downloads, registers with, or logs into our Apps;
  • in any other case, before the Data Owner:

    1. uses the personal data of the user for a purpose other than the purpose for which the personal data was collected; or
    2. discloses the personal data to a third party.

Disclosure

All members of Biogenes must not disclose any personal data without the consent of the users save for exceptions and the third parties as set out in the Privacy Policy (a list of third parties shall be compiled by the Data Owner).

Security

As part of the Data Owner’s responsibility in managing data, the Data Owner must:

  • protect personal data from loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction;
  • ensure security of personal data where personal data is processed by a third party; and
  • develop and maintain a security policy which complies with the security standard as set out in the Personal Data Protection Standards 2015 (“PDPS”), which sets out the minimum requirements in relation to data security, data retention and data integrity.

Retention and Data Integrity

In addition to the above, the Data Owner should:

  • not keep any personal data any longer than necessary for the fulfilment of their purpose(s), and dispose the unnecessary personal data accordingly;
  • take reasonable steps to ensure the accuracy and completeness of personal data; and
  • maintain a record of compliance as well as retain and process personal data in accordance with the retention standards set out in the PDPS.

Access

Users may request for the access and correction of their personal data (“Request”) by paying certain fees to Biogenes as set out below, and the Data Owner must ensure that the user has access to and is able to correct the personal data. Furthermore, the Data Owner must comply with the Request within 21 days, failing which, the Data Owner is required to comply within the next 14 days.

The following requests and their respective fees are set out below:

  • Request for personal data with a copy – RM10
  • Request for personal data without a copy – RM2
  • Request for sensitive personal data with a copy – RM30
  • Request for sensitive personal data without a copy – RM5

3. Non-compliance and Implementation

If there is any reason to suspect that laws or this policy have been violated, or that continued access to data poses a threat of said data, data infrastructure, Biogenes’ members, or reputation of members of the public, rest assured that Biogenes will withdraw or restrict access to all data and data infrastructure to mitigate any further compromise or damage.

Following due process, Biogenes may take action against anyone whose activities are in violation of the law or these policies. These actions taken may include, but are not limited to:

  • revocation of access to Biogenes’ data, IT services, IT infrastructure or parts of it;
  • penalties in accordance with the PDPA which range from fines between RM100,000 to RM500,000 or imprisonment ranging from 6 months to 3 years or both; and
  • initiation of disciplinary or legal action against Biogenes’ own personnel and/or members of the public who are found to be in violation.

The head of IT holds the responsibility for the implementation of this policy and shall take necessary actions in the event of violation of this policy.


4. Changes to this Data Management Policy

We reserve the right to make changes to this Data Management Policy at any time and all changes will be posted here. If we believe that the changes are material, we will notify you of the changes by posting a notice on our Services or by email. You are responsible for reviewing the changes which we make to this Data Management Policy. Your continued use of our Services constitutes your acceptance of the updated Data Management Policy.


5. Contact us

If you have any questions, complaints, concerns or comments on our Data Management Policy, we welcome you to contact us at +6012 2939548 (Mr. Adrian Joseph, Chief Operating Officer of Biogenes) or by sending an email to adrian@biogenestech.com. Your indication at the subject header would assist us in attending to your email speedily by passing it on to the relevant staff in our organisation. For example, you could insert the subject header as "Accessing Personal Data".


6. Conflict

In the event of any conflict between this English language Data Management Policy and its corresponding Bahasa Malaysia Data Management Policy, the terms in this English language Data Management Policy will prevail.