Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
How we use collected information
Nazirin Skin Clinic may collect and use Users personal information for the following purposes:
- – To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- – To process payments
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- – To run a promotion, contest, survey or other Site feature
To send Users information they agreed to receive about topics we think will be of interest to them.
- – To send periodic emails
We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Our Site is in compliance with the PDPA 2010 in order to create as secure of an environment as possible for Users.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Nazirin Skin Clinic
59-1, The Boulevard,
Mid Valley City,
Lingkaran Syed Putra,
59200 Kuala Lumpur
+603 2202 2622
NAZIRIN SKIN CLINIC – FREQUENTLY ASKED QUESTIONS (FAQs) FOR PERSONAL DATA PROTECTION ACT 2010 (PDPA)
1. What is the Personal Data Protection Act (“PDPA” or the “Act”) 2010?
The Personal Data Protection Act is an act enacted by the Malaysian government in 2010 to protect an individual’s personal data in commercial transactions.
2. When was PDPA enforced?
The PDPA came into force on 15th November 2013. Hence all new customers who enter into a contract with Nazirin Skin Clinic (NSC), will have to comply immediately.
3. What is personal data?
The PDPA defines personal data as any information in respect of commercial transactions that relates directly or indirectly to an individual, who is identified or identifiable from that information or other information in possession of the individual. This includes name, address, IC number, passport number, email address and other contact details.
4. What is sensitive personal data?
The PDPA defines sensitive personal data as personal data consisting of information as to the physical or mental health or condition of the individual, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence or any other personal data as determined by the Minister by order published in the Gazette.
5. What are “commercial transactions”?
Commercial transactions mean any transactions of a commercial nature, regardless of whether it is contractual. This includes the collection of personal data of potential customers.
6. What is “processing” of personal data?
Processing personal data is the act of collecting, recording, holding or storing personal data and carrying out any operation or set of operations on the personal data.
7. What are your rights as a customer under the PDPA?
The PDPA gives you certain rights in relation to your personal data.
– To access your personal data and to correct this information to make sure that the personal data is accurate, complete, not misleading and up-to-date.
– To withdraw your consent for disclosure of your personal data for marketing purposes or any other purposes than for the fulfilment of the service you have subscribed for.
8. What can NSC do with your consent?
You will give consent to NSC for marketing purposes, for NSC services and products only. NSC will send marketing materials including promos to you via various channels (e.g. email, letters and phone calls etc.).
9. What happens if you do not give consent?
If you do not give consent to NSC for marketing purposes, NSC will stop sending you marketing material for your products and services. However, NSC may still use your personal data for purposes of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes.
10. How often can I change my consent?
After changing the consent information, you are only able to change the consent after 14 days.
11. Why can I only change consent after 14 days again?
The consent information has to be processed throughout the whole NSC organisation and be reflected in the respective IT systems which are used by us.
12. After withdrawing consent do you still receive marketing information?
NSC has 14 days to process the consent information throughout the whole NSC organisation. Within these 14 days, it might be possible for you to receive marketing material. However, NSC tries to stop sending marketing material immediately, and at the latest, after 14 days.
13. Can you request access to your personal data?
Yes, NSC will provide access to your personal data which the clinic holds.
14. Can NSC deny your request to access personal data?
NSC can only deny your request to access personal data when there is insufficient information to confirm your identity.
15. Can any other person request access to your personal data?
A person other than you may request access to your personal data in the following situations: If you are below the age of 18, a parent, guardian or a person who is responsible for you may request access to your personal data. A person appointed by the court to manage our customer’s affairs may request our customer’s personal data. A person our customer has authorised in writing may request access to our customer’s personal data.
16. How does NSC safeguard your personal data?
We take steps to protect our customers’ personal data by maintaining physical and logical security measures in order to ensure that all information and IT systems are adequately protected from a variety of threats.
17. What security measures ensure that in the event of disclosing your personal data it is kept secure by other parties?
If we disclose your personal data to third parties such as vendors, we will ensure that they have policies and procedures in place to comply with the PDPA as well as to secure all our customers’ personal data.
18. How long does NSC retain your personal data?
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements.
19. Does NSC send customer’s personal data overseas? If yes, why is it necessary to send overseas?
In some cases, NSC may transfer customers’ personal data to places outside of Malaysia when it is required to provide customers with the services that they have requested for and for the performance of any contractual obligations NSC has with its customers.
20. Does the PDPA cover personal data transferred to those foreign entities?
Yes, if the personal data is first processed in Malaysia before transferring to a foreign entity, it will be covered under the PDPA. However, the PDPA will not cover personal data that is processed outside of Malaysia.