Privacy Policy
Personal Data Protection Notice
Last Updated: 4th April, 2022
PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CLICKING OR CHECKING “SIGN UP”, “I AGREE TO UNIVERSITI
MALAYA PRIVACY POLICY”, “I AGREE AND CONSENT TO THE COLLECTION, USE, DISCLOSURE, STORAGE, TRANSFER
AND/OR PROCESSING OF MY PERSONAL DATA FOR THE PURPOSE STATED IN, AND UNDER THE TERMS OF, INSTITUTE OF
COMPLEMENTARY & TRADITIONAL MEDICINE PRIVACY POLICY” OR SIMILAR STATEMENTS AVAILABLE AT THE INSTITUTE OF
COMPLEMENTARY & TRADITIONAL MEDICINE ONLINE USER REGISTRATION PAGE OR IN THE COURSE OF PROVIDING YOU
WITH THE SERVICES. YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THE TERMS OF THIS PRIVACY POLICY
AND THAT YOU HAVE AGREED AND CONSENTED TO THE COLLECTION, USE, DISCLOSURE, STORAGE, TRANSFER AND/OR
PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED AND UNDER THE TERMS HEREIN.
1. Introduction to this Privacy Policy
1.1. INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE (ICTM) takes your privacy seriously.
1.2. In the course of providing you with the Online Services, we will be collecting, using, disclosing,
storing and/or processing data, including your personal data.
1.3. This Privacy Policy exists to keep you in the know about how we collect, use, disclose, store
and/or process the data we collect and receive during the course of providing the online Services. We
will only collect, use, disclose, store and/or process your personal data in accordance with this
Privacy Policy.
1.4. It is important that you read this Privacy Policy together with any other applicable notices we may
provide on specific occasions when we are collecting, using, disclosing and/or processing personal data
about you so that you are fully aware of how and why we are using your personal data.
1.5. We may update this Privacy Policy from time to time. Any changes we make to this Privacy Policy in
the future will be reflected on this page and material changes will be notified to you. Where
permissible under local laws, your continued use of the Services, or express consent thereto, shall
constitute your acknowledgment and acceptance of the changes we make to this Privacy Policy. You agree
that it is your responsibility to check back frequently to see any updates or changes to this Privacy
Policy.
1.6. This Privacy Policy applies in conjunction with other notices, contractual clauses and consent
clauses that apply in relation to the collection, storage, use, disclosure and/or processing of your
personal data by us and is not intended to override them unless we state expressly otherwise.
1.7. All of these terms apply to INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE’s services users.
2. The Personal Data We Collect From You
2.1. Personal data means any information about an individual, whether recorded in a material form or not
and whether true or not, who can be identified from that data (whether directly or indirectly), or from
that data and other data to which we have or are likely to have access.
2.2. During the course of your use and the provision of the Services, we may collect personal data about
you, as follows:
(a) Identity data, such as your name, gender, and date of birth;
(b) Contact data, such as billing address, delivery address, email address and phone numbers;
(c) Account data, such as bank account details, bank statements, credit card details and payment details
(such account data may also be collected directly by our affiliates and/or third party payment service
providers);
(d) Transaction data, such as details about orders and payments, and other details of products and
Services related to you;
(e) Technical data, such as Internet protocol (IP) address, your login data, browser type and version,
time zone setting and location, browser plug-in types and versions, operating system and platform,
international mobile equipment identity, device identifier, IMEI, MAC address, cookies (where
applicable) and other information and technology on the devices you use to access the Service;
(f) Profile data, such as your username and password, orders related to you, your interests,
preferences, feedback and survey responses;
(g) Usage data, such as information on how you use the Services, view any content in the Services,
including the time spent while using the Services, items and data searched for on the Platform, access
times and dates, as well as websites you were visiting before you came to the Platform and other similar
statistics;
(h) Location data, such as when you capture and share your location with us in the form of photographs
or videos and upload such content to the Platform;
(i) Marketing and communications data, such as your preferences in receiving marketing from us and our
third parties, your communication preferences and your chat, email or call history on the Platform or
with third-party customer service providers;
(j) Additional information we may request you to submit for due diligence checks as required for
identity verification (such as copies of government-issued identification, e.g. passport, ID cards,
etc.) or if we believe you are violating our Privacy Policy or our Terms of Use.
How we receive your personal data
2.3. During the course of your use of the Platform, we may receive personal data from you in the
situations, as follows:
(a) When you browse our website (both mobile and web versions);
(b) When you create an account with us;
(c) When you make a transaction regarding the services/products available on the Platform;
(d) When you activate or use any payment-related functions available via the services/products on the
Platform or provided by our third party service providers;
(e) When you use any of the features and functions available via the services/products on the Platform;
(f) When you log in to your account on the Platform or otherwise interact with us via an external
service or application, such as Facebook or Google;
2.4. We may collect personal data from you, third parties (including but not limited to agents, vendors,
contractors, partners and any others who provide services to us, who collect your personal information
and/or perform functions on our behalf, or with whom we collaborate, including but not limited to
payment service providers, government sources of data, financial providers, credit bureaus, delivery,
marketing and other service partners), our affiliates, or such data may be collected automatically when
you use the Platform or the Services, as set out in this section. See also section 10 below on the
collection of computer data.
2.5. Where we collect personal data from third parties and/or our affiliates, we will only collect your
personal data, where permitted by law, for or in connection with the purposes for which those third
parties or our affiliates are engaged, for the purposes of our collaboration with the third parties or
affiliates, or for the requirement to carry out verification or due diligence checks. During the course
of your use of the Platform and our provision of the Services, you agree that you have provided your
consent (whether to us, the third party or our affiliates) to the transfer of your personal data from
third parties and/or our affiliates to INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE for the
purposes set out in this Privacy Policy or any other terms.
2.6. You must only submit personal data which is accurate and not misleading and you must keep it up to
date and inform us of any changes to the personal data you have provided to us. We shall have the right
to request for documentation and carry out the necessary checks to verify the personal data provided by
you as part of our user verification processes or as required under law.
2.7. We will only be able to collect certain categories of personal data if you voluntarily provide the
personal data to us or as otherwise provided for under this Privacy Policy. If you choose not to provide
your personal data to us or subsequently withdraw your consent to our use of your personal data, we may
not be able to provide you with certain features or functionality on the Services or access to the
Platform.
2.8. If you provide personal data of any third party to us, you represent and warrant that you have
obtained the necessary consent, license and permissions from that third party to share and transfer
his/her personal data to us, and for us to collect, store, use and disclose that data in accordance with
this Privacy Policy.
2.9. If you sign up to be a user on our Platform using your social media account or link your INSTITUTE
OF COMPLEMENTARY & TRADITIONAL MEDICINE account to your social media account or use certain other
INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE social media features, we may access personal data
about you which you have voluntarily provided to your social media provider in accordance with the
provider's policies and we will manage your personal data in accordance with this Privacy Policy.
3. Use and Disclosure of Your Personal Data
Purpose of Use
3.1. The personal data we collect from you or via third parties may be used for certain purposes, as
follows:
(a) Processing your order for products:-
• To process orders you submit through the Platform;
• To deliver the products you have purchased through the Platform. We may pass your personal information
on to a third party (e.g. our logistics partner) or relevant regulatory authority (e.g. customs) in
order to make delivery of the product to you;
• To update you on the delivery of the products;
• To provide customer support for your orders; and
• To verify and carry out payment transactions (including any credit card payments, bank transfers,
offline payments, remittances, or e-wallet transactions) in relation to payments related to you and/or
Services used by you. In order to verify and carry out such payment transactions, payment information,
which may include personal data, will be transferred to third parties such as our payment service
providers.
(b) Providing Services
• To facilitate your use of the Services or access to the Platform;
• To administer your account (if any) with us;
• To display your name, username or profile on the Platform;
• To respond to your queries, feedback, claims or disputes.;
• To verify and carry out payment transactions (including any credit card payments, bank transfers,
offline payments, remittances, or e-wallet transactions) in relation to payments related to you and/or
Services used by you.
• In order to verify and carry out such payment transactions, payment information, which may include
personal data, will be transferred to third parties such as our payment service providers.
(c) Legal and operational purposes
• To ascertain your identity in connection with fraud detection purposes;
• To compare information, and verify with third parties in order to ensure that the information is
accurate;
• To process any complaints, feedback, enforcement action and take-down requests in relation to any
content you have uploaded to the Platform;
• To produce statistics and research for internal and statutory reporting and/or record-keeping
requirements;
• To store, host, back up your personal data;
• To prevent or investigate any actual or suspected violations of our Terms of Use, Privacy Policy,
fraud, unlawful activity, omission or misconduct, whether relating to your use of our Services or any
other matter arising from your relationship with us;
• To perform due diligence checks;
• To comply with legal and regulatory requirements (including, where applicable, the display of your
name, contact details and company details), including any law enforcement requests, in connection with
any legal proceedings, or otherwise deemed necessary by us;
(d) Analytics, research, business and development
• To understand your user experience with the Services and the Platform;
• To improve the layout or content of the pages of the Platform and customise them for users;
• To identify visitors on the Platform;
• To conduct surveys, including carrying out research on our users’ demographics and behaviour;
• To improve our current technology (e.g. voice recognition tech, etc) via machine learning or other
means;
• To derive further attributes relating to you based on personal data provided by you (whether to us or
third parties), in order to provide you with more targeted and/or relevant information;
• To conduct data analysis, testing and research, monitoring and analysing usage and activity trends;
• To further develop our products and services; and
• To know our buyers/customers better.
(e) Other
• Any other purpose to which your consent has been obtained; and
• To conduct automated decision-making processes in accordance with any of the above purposes.
Who we disclose your personal data to
3.2. We may share (or permit the sharing of) your personal data with and/or transfer your personal data
to third parties and/or our affiliates for the above-mentioned purposes. These third parties and
affiliates, which may be located inside or outside your jurisdiction, include but are not limited to:
(i) Service providers (such as agents, vendors, contractors and partners) in areas such as payment
services, logistics and shipping, marketing, data analytics, market or consumer research, survey, social
media, customer service, installation services, information technology and website hosting;
(ii) Their service providers and related companies; and
(iii) Other users of the Platform or Services.
3.3. In disclosing your personal data to them, we endeavour to ensure that the third parties and our
affiliates keep your personal data secure from unauthorised access, collection, use, disclosure,
processing or similar risks and retain your personal data only for as long as your personal data is
needed to achieve the above-mentioned purposes.
3.4. We may also share personal data in connection with any proposed purchase, merger or acquisition of
any part of our business, provided that we satisfy the requirements of applicable data protection law
when disclosing your personal data.
International data transfer
3.5. We may transfer or permit the transfer of your personal data outside of your jurisdiction for any
of the purposes set out in this Privacy Policy. However, we will not transfer or permit any of your
personal data to be transferred outside of such jurisdiction unless the transfer is in compliance with
applicable laws.
Third party services
3.6. We may share your personal data with our third party service providers or affiliates (e.g. payment
service providers) in order for them to offer services to you other than those related to your use of
the Platform or our Services. Your acceptance and use of the third party service provider or our
affiliate’s services shall be subject to terms and conditions as may be agreed between you and the third
party service provider or our affiliate. Upon your acceptance of the third party service provider’s or
our affiliate’s service offering, the collection, use, disclosure, storage, transfer and processing of
your data (including your personal data and any data disclosed by us to such third party service
provider or affiliate) shall be subject to the applicable privacy policy of the third party service
provider or our affiliate, which shall be the data controller of such data. You agree that any queries
or complaints relating to your acceptance or use of the third party service provider or our affiliate’s
services shall be directed to the party named in the applicable privacy policy.
4. Withdrawal of Consent to Continued Use, Disclosure, Storing
and/or Processing of Personal Data
4.1. You may communicate the withdrawal of your consent to the continued use, disclosure, storing and/or
processing of your personal data by contacting us using the contact details below, subject to the
conditions and/or limitations imposed by applicable laws or regulations.
4.2. Please note that if you communicate your withdrawal of your consent to our use, disclosure, storing
or processing of your personal data for the purposes and in the manner as stated above or exercise your
other rights as available under applicable local laws, we may not be in a position to continue to
provide the Services to you or perform any contract we have with you, and we will not be liable in the
event that we do not continue to provide the Services to, or perform our contract with you. Our legal
rights and remedies are expressly reserved in such an event.
5. Updating Your Personal Data
5.1. It is important that the personal data you provide to us is accurate and complete for you to
continue using the Platform and for us to provide the Services. You are responsible for informing us of
changes to your personal data, or in the event, you believe that the personal data we have about you is
inaccurate, incomplete, misleading, or out of date.
5.2. We encourage you to update and modify your information to make it more accurate and effective. You
can access your information through our Platform, and complete by yourself or request us to modify,
supplement or delete it according to the management of corresponding information.
5.3. When accessing, updating, correcting, and deleting the above information, we may ask you to do
identity verification to keep your information secure.
5.4. We take steps to share the updates to your personal data with third parties and our affiliates with
whom we have shared your personal data if your personal data is still necessary for the above-stated
purposes.
6. Accessing and Correcting Your Personal Data
6.1. You may request information about your personal data which we have collected, or enquire about the
ways in which your personal data may have been used, disclosed, stored or processed by us via the
personal account information setting on our Platform or by contacting us using the contact details
below. You may also request correction of any error or omission in your personal data which we have
collected in the same way. In order to facilitate processing of your request, it may be necessary for us
to request further information relating to your request. Where permissible under law, we may refuse such
correction requests if deemed vexatious or unreasonable.
7. Security of Your Personal Data
7.1. To safeguard your personal data from unauthorised access, collection, use, disclosure, processing,
copying, modification, disposal, loss, misuse, modification or similar risks, we have introduced
appropriate administrative, physical and technical measures such as:
(a) Restricting access to personal data to individuals who require access;
(b) Maintaining technology products to prevent unauthorised computer access;
(c) Using 128-bit SSL (secure sockets layer) encryption technology when processing your financial
details; and/or
(d) implementing other security measures as required by applicable law.
7.2. You should be aware, however, that no method of transmission over the Internet or method of
electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the
security of your information and are constantly reviewing and enhancing our information security
measures.
8. Retention of Personal Data
8.1. We will only retain your personal data for as long as we are either required or permitted to by law
or as relevant for the purposes for which it was collected.
8.2. We will cease to retain your personal data, or remove the means by which the data can be associated
with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for
which the personal data was collected, and is no longer necessary for any legal or business purpose.
9. Minors
9.1. INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE does not sell products to minors (which is to be
determined based on the applicable law), nor does it intend to provide any of the Services or the use of
the Platform to minors. We do not knowingly collect any personal data relating to minors.
9.2. You hereby confirm and warrant that you are above the age of minority and you are capable of
understanding and accepting the terms of this Privacy Policy. If you are a minor, you may use our
Platform only with the involvement of a parent or legal guardian.
9.3. As a parent or legal guardian, please do not allow minors under your care to submit personal data
to INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE. In the event that such personal data of a minor is
disclosed to INSTITUTE OF COMPLEMENTARY & TRADITIONAL MEDICINE, you hereby consent to the processing of
the minor’s personal data and accept and agree to be bound by this Privacy Policy and take
responsibility for his or her actions.
9.4. We will not be responsible for any unauthorised use of the Services on the Platform by yourself,
users who act on your behalf or any unauthorised users. It is your responsibility to make your own
informed decisions about the use of the Services on the Platform and take necessary steps to prevent any
misuse of the Services on the Platform.
10. Collection of Computer Data
10.1. We or our authorised service providers may use cookies, web beacons, and other similar
technologies in connection with your use of the Services or access of the Platform.
10.2. When you visit the Platform through your computer, mobile device, or any other device with
Internet connectivity, our company servers will automatically record data that your browser sends
whenever you visit a website, such as the technical data and usage data outlined in Section 2 above.
10.3. This data is collected for analysis and evaluation in order to help us improve our website and the
services and products we provide, as well as to help us to personalise the content to match your
preferred interests more quickly. The data is also collected to make the Services and the Platform more
convenient and useful to you, and to provide more relevant advertising related to market products,
services and features to you.
10.4. Cookies are small text files (typically made up of letters and numbers) placed in the memory of
your browser or device when you visit a website or view a message. They allow us to recognise a
particular device or browser. Web beacons are small graphic images that may be included on our Services
and the Platform. They allow us to count users who have viewed these pages so that we can better
understand your preference and interests.
10.5. You may be able to manage and delete cookies through your browser or device settings. However,
certain cookies are required to enable core functionality (such as adding items to your shopping
basket), so please note that changing and deleting cookies may affect the functionality available on the
Platform or through our Services.
11. Third Party Sites
11.1. The Platform may contain links to other websites operated by other parties, such as our business
affiliates, merchants or payment gateways. We are not responsible for the privacy practices of websites
operated by these other parties. You are advised to check on the applicable privacy policies of those
websites to determine how they will handle any information they collect from you.
12. Questions, Feedback, Concerns, Suggestions or
Complaints
12.1. If you have any questions on personal data protection or data privacy, please refer to our list of
frequently asked questions on data protection / privacy.
12.2. If your queries are not covered in our FAQs, or if you have any queries or complaints about this
Privacy Policy or how we handle your personal data, please feel free to contact us
secretary@ictm.org.my.