Supplemental Privacy Policy
For United Kingdom & European Union
Version: 1.0
Last Updated: [03/Jul/2023]
1. Identity and contact details of the Data Controller
1.1 The data controller is Genting TauRx Diagnostic Centre Sdn Bhd (“GTD”) and/or its subsidiary GT Diagnostics (UK) Limited (collectively or individually, as applicable, “us”, “we” or “our”). GTD’s registered address is 14th Floor Wisma Genting, Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia, and GT Diagnostics (UK) Limited’s place of business is at 395 King Street, Aberdeen, AB24 5RP, United Kingdom.
1.2 If your Personal Data is covered by the EU General Data Protection Regulation 2016/679 (“EU GDPR”), we have appointed Saltire Data Protection Services Limited to act as the representative of GTD and of GT Diagnostics (UK) Limited in the European Union as required under Article 27 EU GDPR. You can always contact us directly if you are located in the EU and wish to raise any issues or queries you may have relating to the processing of your personal data. However, if you wish to contact Saltire Data Protection Services Limited you can do so by clicking this form or this link: https://app.saltiredataprotection.eu/enquiry/rs/gtdandgtuk.
1.3 If your Personal Data is covered by the EU General Data Protection Regulation 2016/679 as retained in UK law (“UK GDPR”) the UK representative for GTD is GT Diagnostics (UK) Limited with contact details at gtddataprotection@gtdiag.com. Individuals within the UK can contact us directly (see below) or contact our UK representative.
1.4 How to Contact Us: You may contact us by email at gtddataprotection@gtdiag.com
1.5 Data Protection Officer (DPO): we have appointed a DPO. You can contact the DPO by mail at the addresses above (at paragraph 1.1) or by email at gtddataprotection@gtdiag.com
2. Personal data we collect about you
2.1 In several places in the document we refer to our “Offering”. This is defined in our main Privacy Policy here: https://gtdiag.com/privacy-policy/
2.2 We will collect and use the following personal data:
• name and contact information, including home address, email address and telephone number;
• the country where you live;
• personal health information;
• responses that you provide to questions or tests in any Offering;
• the year of your birth;
• log-in details (including user name);
• information to check and verify your identity, e.g. your date of birth, passport or identification number;
• your gender;
• your shipping and billing information, transaction and payment details and payment card information;
• if we collect contact details because you are an employee of a firm or company with which we conduct business, details of your employer, your work contact details and your work designation;
• if we collect contact details because you are a healthcare professional, your work contact details and your work designation;
• information about how you use any Offering or our websites, IT, communication and other systems; and/or
• your responses to any surveys, competitions and promotions.
3. How we collect Personal Data
3.1 Generally, we collect Personal Data in the following ways:
(a) when you or your healthcare provider request, purchase or use our Offering, we will collect some of your Personal Data. Please note however that any payment information (such as credit card number, billing address, expiration date and other billing information) will also be collected and processed directly by our third party payment service providers and as such, will be subject to the privacy policy and terms of use applicable to such service providers;
(b) when you or your healthcare provider interact with us, request, purchase or use our Offering, we will collect some of your Personal Data required to register the Offering under your name. Prior to activating the Offering, you may need to answer some personal health related questions to facilitate a better user experience of our Offering and we will collect your personal health data provided by you or your healthcare provider;
(c) when you or your healthcare provider submit any form, including but not limited to application forms, assessment forms or other forms relating to our Offering, we may require you to provide us with your contact information so that we can communicate with you and respond to your enquiries, comments or requests for information;
(d) when you enter into any agreement with us or provide other documentation or information for our assessment or in respect of your interactions with us;
(e) when you interact with our staff, or when you interact or contact us via telephone (which may be recorded), letters, fax, face-to-face meetings, text messages, social media platforms and emails;
(f) when you request that we contact you or be included in an email or other mailing list;
(g) when you respond to any request for additional Personal Data; and/or
(h) when you submit Personal Data to us for any other reasons.
4. Why we collect your Personal Data and how we use it
4.1 We process your Personal Data for many reasons, including:
| Reason | Purpose | Legal Basis (EU GDPR and UK GDPR)
| |
| (a) | To interpret the results generated by your usage of our Offering | To fulfill our legal and contractual obligation to you as a purchaser of our Offering. | GDPR Articles 6(1)(b), 6(1)(c) and 9.2(j) |
| (b) | For research and development purposes | We will use your Personal Data comprising the results obtained from you or your healthcare provider’s usage of our Offering (e.g. HiPAL) to analyze the accuracy, effectiveness and shortcomings of our Offering, make improvements so that we can serve you and others better. We will also use your Personal Data to conduct market research and/or analysis for statistical, profiling or other purposes for us to design our Offering, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our Offering. | GDPR Articles 6(1)(f) and 9.2(j) |
| (c) | Business improvement and efficiency | We will monitor your interactions with us for quality assurance, employee training, performance evaluation and identity verification purposes. | GDPR Articles 6(1)(f) and 9.2(j) |
| (d) | To respond to your requests or inquiries | We may use the information that you provide to us to take the steps necessary to respond to your request, for example, you may submit an information request, inquire about a particular Offering, or subscribe to a mailing list. Depending on your request, we may collect your contact information (such as your name, mailing address, telephone number, job title), your interests and preferences (such as any of our Offering which interests you), and any other information you provide to us. We collect and process your Personal Data for these purposes based on our legitimate interest to respond to your request. If you submit special category Personal Data (which may include, for example, health data) as part of your inquiry, we will also base such processing on your explicit consent. If reporting is required, we may process your data to comply with our legal obligations. | GDPR Articles 6(1)(a), 6(1)(c), 6(1)(f), 9(2)(a) and 9(2)(j). |
| (e) | To personalize your experience | We may collect certain information about you, your preferences, and how you have interacted with us in the past in order to understand your interest in our Offering so that we can best serve you. This may include information about your contact and Offering preferences, languages, marketing preferences, and demographic data. In cases where we collect this information automatically, we collect and process this information for our legitimate business interests. In other cases, for example through using cookies, we will collect and process this information pursuant to your consent. Please see our cookies policy here: https://www.gtdiag.com/cookie-policy/ | GDPR Articles 6(1)(a) and 6(1)(f). |
| (f) | To perform website analytics and measure website performance | Where permitted by law, we may combine Personal Data you provide with other information you’ve provided to us through our websites. Where permitted by law, we may also combine Personal Data collected through our websites and online resources with our offline records and information provided to us by third parties. In cases where we collect this information automatically, we collect and process this information for our legitimate business interests. In other cases, for example through using cookies, we will collect and process this information pursuant to your consent. Please see our cookies policy here: https://www.gtdiag.com/cookie-policy/ | GDPR Articles 6(1)(a) and 6(1)(f). |
| (g) | To maintain the website, including for security purposes | We use this information to secure our websites, network systems, and other assets. This may include information concerning your IP Address, geographic location, resources you have accessed, and similar information. We collect this information automatically, for our legitimate business interests to run, maintain, and secure our websites. | GDPR Article 6(1)(f) |
| (h) | To enforce our legal rights and to comply with the law | We may be required to disclose your Personal Data in connection with any claims, actions, proceedings and investigations where you are a party. At times, we may be required to disclose your Personal Data in the course of meeting or complying with any applicable rules, laws, regulations, codes of practice which are binding on us. | GDPR Articles 6(1)(c) and 6(1)(f) |
5. Use of Personal Data for marketing
5.1 We do not sell or transfer your Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent.
5.2 We may use third party advertising companies to place advertisements on other websites. These companies may use data about your visits to this and other websites in order to measure advertising effectiveness and to provide advertisements about our Offering that may be of interest to you.
5.3 You have the right to opt out of receiving marketing communications at any time by:
(a) contacting us at gtddataprotection@gtdiag.com; and or
(b) using the ‘unsubscribe’ link in emails.
6. Who we disclose your Personal Data to
6.1 We may share your Personal Data with our affiliates around the world.
6.2 All affiliates will use your Personal Data for the same purposes as we do.
6.3 We may also share your Personal Data with third parties, such as your healthcare provider or other third party doctors, clinics, hospitals and/or medical institutions who request us to provide you our Offering, or to our representatives, agents and/or our service providers, or other third parties for the following purposes:
(a) to facilitate business purposes such as merger, consolidation, transfer of control or our corporate reorganization, or pursuant to a financial arrangement undertaken by us;
(b) to respond to appropriate requests of legitimate government authorities or where required by applicable laws, court orders, government regulations or rules;
(c) where needed for corporate audits or to investigate or respond to a complaint or security threat;
(d) to enforce our terms and conditions; and/or
(e) to protect our rights, privacy, safety or property, and/or that of you or others.
6.4 We may also share your Personal Data with any other party to whom you authorize us to disclose your Personal Data.
7. International Transfers of Your Personal Data
7.1 Any Personal Data you provide to us through your use of our Offering may be transferred to or stored in a geographic region that imposes different privacy obligations than your country of origin. This means that your Personal Data may be sent to a country with less restrictive data protection laws than your own. Any such transfer will be conducted in compliance with applicable law.
7.2 For transfers of Personal Data covered by the EU GDPR or UK GDPR to a third country outside the United Kingdom (UK), European Union (EU), European Economic Area (EEA), we may transfer your Personal Data to a territory which has been given an adequacy decision pursuant to Article 45(3) of the EU GDPR or UK GDPR or where appropriate safeguards are in place pursuant to Article 46 of the EU GDPR or UK GDPR. In any other case, we will transfer your Personal Data to a third country or an international organization only on one of the following conditions:
(a) you have expressly agreed to the proposed transfer, after having been informed of the possible risks of such transfer due to the absence of an adequacy decision and appropriate safeguards;
(b) the international transfer of your Personal Data is necessary for the performance of a contract between you and us or necessary for the implementation of pre-contractual measures requested by you;
(c) the international transfer of your Personal Data is necessary for the conclusion or performance of a contract concluded in your interest and such contract was signed between us and another party;
(d) the international transfer of your Personal Data is necessary for reasons of public interest;
(e) the international transfer of your Personal Data is necessary for the establishment, exercise or defense of legal claims; or
(f) the international transfer of your Personal Data is necessary in order to protect your or another person’s vital interest, where one is incapable of giving consent.
8. How secure is your Personal Data
8.1 We have appropriate technical and organisational security measures in place to prevent personal data from being accidentally lost, or used or accessed unlawfully. While we are committed to ensuring appropriate technical and organisational measures are in place, all risks cannot reasonably be eliminated.
9. Information About Your Rights Regarding Your Personal Data
9.1 You have certain rights regarding our use and processing of your Personal Data.
9.2 If your Personal Data is covered by the EU GDPR (applicable if you are an individual within the European Economic Area) or the UK GDPR (applicable if you are an individual within the United Kingdom), you have the following rights with respect to your Personal Data:
(a) the right to request access to the Personal Data that we have about you;
(b) the right to rectify or correct any Personal Data that is inaccurate or incomplete;
(c) the right to request a copy of your Personal Data in electronic format so that you can transmit the data to third parties, or to request that we directly transfer your Personal Data to one or more third parties;
(d) the right to object to the processing of your Personal Data for marketing and other purposes;
(e) the right to erasure of your Personal Data when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Data to certain limited purposes where erasure is not possible.
9.3 To exercise any of these rights, please contact us at gtddataprotection@gtdiag.com.
9.4 Withdrawing consent: If data processing is based on consent, note that you have the right to withdraw your consent at any time, but the withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In the event of an erasure request, we may retain a copy of your Personal Data for our record-keeping purposes and avoid entering your Personal Data in our systems after your request.
You can withdraw your consent at any time by contacting us at gtddataprotection@gtdiag.com or by deleting your account with us.
9.5 In the event that you believe or have the impression that our data processing does not comply with the GDPR, you are entitled to lodge a complaint with the responsible supervisory authority.
Please contact us at gtddataprotection@gtdiag.com if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
(a) the Information Commissioner in the UK; and
(b) a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.
The UK’s Information Commissioner may be contacted using the details at Make a complaint | ICO (https://ico.org.uk/make-a-complaint/) or by telephone: 0303 123 1113.
For a list of EEA data protection supervisory authorities and their contact details see here (https://edpb.europa.eu/about-edpb/about-edpb/members_en).
Contact Us
- GT Diagnostics (UK) Limited
- 395 King Street
- AB24 5RP
- Aberdeen
- United Kingdom
- Genting TauRx Diagnostic Centre Sdn Bhd
- 14th Floor, Wisma Genting
- Jalan Sultan Ismail
- 50250 Kuala Lumpur
- Malaysia
