PERSONAL DATA PROTECTION NOTICE

The Personal Data Protection Act 2010 (hereinafter referred to as the “Act”), which regulates the processing of personal data in commercial transactions, applies to Gene Express Sdn. Bhd., its parent company, affiliated, related and/or associated companies (hereinafter referred to as “GE”, “our”, “us” or “we”). For the purpose of this notice, the terms “personal data” and “processing” shall have the meaning prescribed in the Act.

  1. This notice serves to inform you that from the information and saliva sample you have provided us in the Saliva Test & Analysis, purchase, registration and consent forms whether through conventional (e.g. face-to-face/ over the phone interview), electronic means or visit/use www.geneexpress.com (“Websites”), your personal data is being processed by us or on GE’s behalf. This notice applies to all products and services offered by GE.
  2. The personal data processed by us or on GE’s behalf may include: –
    • personal details (name, age, gender, identity card number, date of birth, race, nationality);
    • contact details (address, email address, contact number);
    • physical and/or health condition or problems (medical and health history, blood type, DNA, health and mental condition);
    • demographic information (age group, medical history, genetic characteristics, biologically identified personal information);
    • payment details (bank name, credit/ debit card number, billing address); and/or
    • any other personal data provided by you.
  3. We are processing the personal data, including any additional information you may subsequently provide, for the following purposes, which include but are not limited to the following:-
    • to contact you;
    • to process your requested products and/or services;
    • to administer and give effect to your commercial transaction;
    • to process any payments relevant to you;
    • to research, benchmarking and statistical analysis;
    • to generate DNA test result;
    • to communicate with you in relation to your DNA test result;
    • to recommend you suitable dietary supplements for your consideration;
    • to conduct our internal activities, panel testing;
    • to deliver of notices, products and/or services;
    • any subsequent commercial transaction in relation to any promotion, products and/or services; and/or
    • other purposes, directly or indirectly relating to any of the above and GE’s activities.

    (hereinafter collectively referred to as the “Purposes”, or individually the “Purpose”).

  4. The personal data may be used and/or disclosed by the following:
    • any related and/or associated companies of GE, including those incorporated in the future;
    • business partners and affiliates that provide related products or services in connection with our business;
    • specialists and consultants of GE; and/or
    • service providers for any of the Purposes or any other purpose for which the personal data was to be disclosed at the time of its collection related to any of the Purposes.
  5. Further, the personal data may be transferred to locations outside Malaysia. Personal Data may also be disclosed or transferred as a result of any restructuring, sale or acquisition of any company within GE. You are responsible for ensuring that the information you provide us is true, accurate and up-to-date. You may access and request for correction of the personal data, to limit the processing of the personal data, or to contact us with any enquiries in respect of the personal data as follows, please contact:

    PIC
    Personal Data Protection Officer
    Telephone No.
    Fax No.
    E-mail address


    We may refuse to comply with your request for access or correction to your personal data under the Act and if we refuse to comply with such request, we will inform you of our refusal with reason.

  6. GE, as Website owner has the discretion to update this notice at any time. We encourage you to frequently check this page for any changes to stay informed. You acknowledge and agree that this is your responsibility to review this notice periodically.

  7. We do not sell, trade or rent your personal data to any third parties. We may share generic aggregated demographic information not linked to any personal identification information with our business partners and trusted affiliates for the purposes outlined above.

  8. When you give us personal data or information about another person, you confirm that they have appointed you to act for them, to consent to the processing of their personal data and to receive on their behalf this Personal Data Protection Notice.

  9. As a parent or legal guardian, please do not allow a minor (individual who is below the age of 18) under your care to submit Personal Data to us. In the event that such Personal Data is provided to us, you hereby consent to the processing of the minor’s Personal Data and personally accept and agree to be bound by this Personal Data Protection Notice and take responsibility for his or her actions

  10. In the event of any inconsistency between the English, Bahasa Malaysia and Chinese versions of this notice, the English version shall prevail.

Personal Data Collected, Held, and Processed

The following personal data is collected, held, and processed (for details of data retention, please refer to our Data Retention Policy):

Data Ref.
Type of Data
Purpose of Data
First Name
Contact information
Processing orders
Surname
Contact information
Processing orders
Telephone
Contact information
Processing orders
Email
Contact information
Processing orders
Postal Address
Contact information
Processing orders
Age
Profile
Creating customer health dashboard
Sex
Profile
Creating customer health dashboard

Data Security – Storage
We ensure that the following measures are taken with respect to the storage of personal data:

  1. All electronic copies of personal data are stored securely using passwords and passwords are encrypted with MD5 data encryption;
  2. All hardcopies of personal data, along with any electronic copies stored on physical, removable media are stored securely in a locked box, drawer, cabinet, or similar;
  3. All personal data stored electronically is backed up weekly with backups stored onsite. All backups are encrypted using MD5.
  4. No personal data is stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of Ng Kam Heng khng@geneexpress.com and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary; and
  5. No personal data is transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).
 
Data Security – Use of Personal Data

We ensure that the following measures are taken with respect to the use of personal data:

  1. No personal data is shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from cs@geneexpress.com.
  2. No personal data is transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of cs@geneexpress.com;
  3. Personal data is handled with care at all times and is not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time;
  4. If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user locks the computer and screen before leaving it; and
  5. Where personal data held by the Company is used for marketing purposes, it is the responsibility of PIC, cs@geneexpress.com to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.

Outlined below is the scope of our Google Fit integration that we use within the App to track and display your Lifestyle Tracking Data. All these datasets are used to enhance the user experience and provide you with insightful recommendations based on their unique makeup and lifestyle choices:

  • auth/fitness.sleep.read : this is used to read your sleep history. The sleep history of the past one week is shown through the app
  • auth/fitness.heart_rate.read : is used to read and display daily heart rate data to you through the app.
  • auth/fitness.nutrition.read : is used to read and display your daily water intake and calorie intake.
  • auth/fitness.nutrition.write : is used to update the water intake value to google fit through the lifestyle tracking section of the app.
  • auth/fitness.activity.read : is used to track the active time of the day and the separate time spent for any exercise performed.
  • auth/fitness.location.read: is used to read the daily walked distance from Google Fit.