2. How do We Collect Personal Data?
2.1 ROSE collects a range of personal and health information about individuals (“you”, “your”). ROSE may collect this information from you, or from another person dealing with you, such as your healthcare service provider, healthcare professional, or employer, or from third-party technology platforms.
2.3 ROSE provides health screening programs and initiatives under Program ROSE to many women, including you. ROSE may at those times collect, use and store your relevant personal and health information (if you were a participant) so that we may provide you with Services and perform the health screenings and related activities. To illustrate: at the time of the health screening, ROSE processes information relating to your cervical health to ensure that we provide you with the optimum service. Once all the HPV DNA tests are performed by ROSE for you, those test results together with the health information which you have provided forms part of your Personal Data which you have with ROSE. We process your health information to provide you with the Services as well as to assist you with your healthcare follow up. You may refuse to consent or not allow us to process this sensitive personal data but if you do so, it may be difficult for us to provide you with Services and you may not be provided access to any healthcare follow up, which is regrettable and not ROSE’s intention.
3. Types of Personal Data Collected
3.1 It is necessary for you to provide us with your Personal Data which are marked or specified as compulsory when you require us to provide you with a Service. If you fail to provide us with such compulsory Personal Data, we will not be able to provide or continue to provide the Services to you.
3.2 If you use our Services and Site, the types of Personal Data we collect may include, but is not limited to:
a) your name, gender, age, telephone number, home address, email address, credit card information, bank account number;
b) the results of all HPV DNA tests performed by ROSE if you are undergoing those tests;
c) medical and health related information, including clinical information which may be provided by you or a healthcare service provider or a healthcare professional ordering an HPV DNA test. This may include a description of current or previous symptoms, health status, family history, health conditions, treatments and other test results; and
d) other information relating to screening and immunisation which is specific to our projects and services at the time we offer the services.
3.3 The type of information that ROSE collects and the way in which it may use and disclose that information varies according to the Services, activities and programmes ROSE provides or undertakes in relation to you, as an individual. Some of the purposes for which your Personal Data may be used are set out in sections below, including the use of Personal Data for direct marketing.
4. Purpose and Use of Personal Data
4.1 You agree that all the Personal Data provided by you to us may be collected and processed by us for the following purposes and for other purposes as may be agreed between you and us or required by law from time to time (collectively, “Purposes”):
a) to perform and provide our Services (including ancillary Services) to you particularly, to perform and to assist in reporting an HPV DNA test that has been ordered, and making recommendations for the management of test results (follow up) to healthcare service providers, healthcare professionals and employers;
b) to perform our other activities and programmes;
c) to process any payment instructions, direct debit facilities and/or credit facilities requested by you or to liaise with a third-party payer;
d) for research, to improve our knowledge, particularly of how to better prevent cancer of the cervix in women. However, no research publication will ever identify an individual without prior written consent from that person. Where small numbers of patient data are used for research purposes, data suppression is routinely applied to prevent inadvertent identification of an individual;
e) for purposes of enforcing a judgement/ court order, assisting or preventing or detecting crime, and/or to meet our other contractual and regulatory obligations;
f) to communicate and to manage our relationship with you, your healthcare service providers, healthcare professionals, clients, employers, employees, employment applicants, service providers, advisors as well as regulators;
g) to provide you with communications with regard to health information, details of healthcare services and its benefits, to support projects and initiatives, and fulfil contractual obligations;
h) to conduct activities related to quality assurance and improvement processes, accreditation and audits and managing legal and other claims;
i) to help investigations into complaints, to respond to complaints and suspected suspicious transactions as well as wrongful disclosure of Personal Data;
j) the normal management, operation and maintenance of the performance of the services including marketing and research (like aggregated behavioural analysis) for service improvements and designing new, or improving existing, services provided by us, and/or our subsidiaries to you; and
k) all other permissible purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent.
4.2 We would also like to use your Personal Data for direct marketing/cross-selling to you (whether by post, email, phone, text messages, social media, telecommunication channels or the likes) in relation to:
a) our offerings and promotions;
b) services, products, discounts and promotions offered by our counterparties, healthcare service providers and/or healthcare professionals; and
c) other offerings and promotions from the third-party merchants that we cooperate with to provide benefits to our customers.
If you do not consent to us processing your Personal Data for direct marketing/cross-selling of other related services, please notify us at the contact details below.
5. Security and Retention
We take all commercially reasonable steps to secure the Personal Data provided to us and we will not retain your Personal Data longer than is necessary for the fulfilment of the purpose for which it is processed and in accordance with relevant laws and requirement to store or retain a copy for documentary evidence, laboratory records and analysis. Where possible, we destroy or permanently delete all Personal Data which is no longer required for the purpose for which it was processed.
6. When is Your Personal Data Disclosed?
6.1 ROSE may disclose your Personal Data for the purposes set out in the previous section. We may also disclose your Personal Data with the following entities or individuals, whether they are located overseas or in Malaysia:
a) to anyone that you have authorised or requested the disclosure to be made including your employer, your insurance broker or insurer, your healthcare service provider, or healthcare professional who ordered the HPV DNA test;
b) at your request or your healthcare service provider’s or healthcare professional’s request, to another healthcare professional;
c) at your healthcare service provider’s or healthcare professional’s request, to another laboratory when a further opinion is being sought on a pathology specimen or for an HPV DNA test that has been ordered but which is not performed at ROSE;
d) to your representative (e.g., a sibling, a spouse, a relative, any next of kin, an authorised representative or lawyer);
e) to our legal advisors and insurers;
f) to the extent required by law or pursuant to any court order. This may include information provided to a Coroner or a Court under a subpoena;
h) to any party nominated or appointed by us, either solely or jointly with other service providers, for purpose of establishing and maintaining our database and/or providing us with data centres and/or servers located within or outside Malaysia for our business purposes or otherwise.
You hereby acknowledge and consent that the disclosures and transfers, and permit us to disclose and transfer your Personal Data to such third party and its advisors/representatives and/or any other person reasonably requiring the same in order for us to operate and maintain our business or carry out the activities set out in the Purposes.
6.2 ROSE may also disclose your information in other circumstances and to other persons if you have given your express or implied consent, or if we are permitted or required to do so by law (including under the Act, the Private Health Care Facilities and Services Act 1998 and Prevention and Control of Infectious Diseases Act 1988).
7. Your Rights to Your Personal Data
7.1 You have the right to:
a) check whether we hold any of your Personal Data;
b) access your Personal Data held by us;
c) ask us to correct or update any Personal Data which is inaccurate;
d) ascertain our policies and practices (from time to time) in relation to Personal Data;
e) opt out from receiving direct marketing materials from us at any time; and
f) subject to this paragraph 7, limit our processing of your Personal Data.
Any requests in relation to the above shall be in writing or any enquiries and addressed to:
Data Protection Officer
1-7, Kompleks Inkubator dan Inovasi (UMX)
Universiti Malaya, Lingkungan Budi
50603 Kuala Lumpur, Malaysia.
7.2 In accordance with the Act, we have the right to charge you a reasonable fee for the processing of any of your Personal Data access request or a data correction request under this clause 7.
7.4 If you have any concerns or complaints about your privacy or the manner in which ROSE has handled your Personal Data, please contact our Data Protection Officer at the contact details above. We will endeavour to resolve your complaint promptly and will provide a written response to you.
8. Accuracy of your Personal Data
You are responsible for ensuring that the information you provide us is accurate, complete, not misleading and kept up to date.
9. Transfer of Personal Data to places outside Malaysia
We may transfer your Personal Data to places outside of Malaysia and you hereby give your consent to the transfer.
Dated: 10 February 2022
[end of page]