Revision R00, effective as of 1 June 2021.
The SQYN Solution (Company Registration No. 202003333877 (AS0420109-W)) owns, manages and operates Skin Today (https://skintoday.co).
1. POLICY ACCEPTANCE
2. CATEGORIES OF PERSONAL DATA
2.1 We will only collect information about you if we have a lawful reason to do so. We collect personal data which is information that relates to an identified or identifiable individual. It does not include data that has been anonymised. We may collect, use, store and transfer different kinds of personal data about you when we provide services or interact with you. This may include the following categories of data:
(a) Identity Data – title, first name, last name or similar identifiers. If you interact with us through social media, this may include your social media username;
(b) Contact Data – billing address, email address and contact numbers;
(c) Technical Data – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website;
(d) Profile Data – your username and password, purchases or orders made by you, your interests, preferences, images and videos uploaded, feedback and other responses;
(e) Geographical Data – information setting out your primary address to control the use of location services in most mobile devices and desktop settings;
(f) Usage Data – information about how you use our website and services;
(g) Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. METHODS OF DATA COLLECTION
3.1 We may collect personal information about you through the following:
3.1.1 Registration Information
Our Site contains sections where you can submit information to us (like our registration service), and we also have features (such as cookies and performance tracking technology) that automatically collect information from the visitors to our Site. During the registration process, you must provide us with a password, your name, address and a valid email address, etc. It is your responsibility to keep your password strictly confidential.
3.1.2 Contact Us
Personal details provided when contacting us through the website are processed so that we can respond to your communications with details of our services and answer any queries. Data is held on the grounds of being legitimate to our business interests.
3.1.4 Telephone calls
Calls to us may be recorded and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business interests or in order to fulfil our contractual obligations if you are a client of ours.
3.1.5 Other direct interactions
We will collect your data when you fill in forms, correspond with us by post or online chat. This includes personal data you provide when you: sign up to receive our services; make enquiries or request information be sent to you; use our services; ask for information to be sent to you; engage with us on social media; submit feedback; or contact us directly.
We will hold any information you have provided on an application form, cover letter, or copy of your CV or resume, for recruitment purposes only. We will not disclose that information to any third party without your consent. If your application is unsuccessful, we may hold the information for up to 12 months, after which time it will be deleted.
We may ask for a review of our services and products, your reviews and Site username or name may be published on our website or social media, however, you may choose to provide reviews anonymously and your contact information are not published or available for any other user or third-party to see.
3.1.8 Orders and Subscriptions
Personal details provided during registration, booking and ordering for products and/or services on our website are processed so that we can fulfil our obligations, operate our business and respond to your communications. Data is held in preparation for entering into an agreement, as a legitimate business interest and with your consent.
3.1.9 Social media
We use social media to engage with users and link to pages we manage. We do not keep any specific data that identifies you as an individual user but hold details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.
3.1.10 Visits to our website
When you visit our website, we do not attempt to identify you as an individual user, and we will not collect personal data about you unless you specifically provide this to us.
3.1.11 Special categories of personal data
We do not generally collect any special categories of personal data about you (this includes details about your race or ethnicity, philosophical or religious beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3.2 In addition to the above, we may use the following technologies (elaborated below and as further detailed in Paragraph 9) to automatically collect information about your activities on the App or Site, as the case may be (each a “Mobile Technology”):
(b) Flash Cookies
(c) Web beacons, clear pixels or pixel tags
(d) Analytical tags
(e) Web server logs
(f) Geo-location technologies
3.3 You have no obligation to provide any of the Personal Data requested by us. However, depending on circumstances, it may be the case that if you do not provide the requested Personal Data, we may not be able to provide you with certain products and services, or transact with you, that depend on the collection, use or disclosure of your Personal Data.
4. CHILDREN’S PRIVACY
4.1 We do not and do not intend to, transact through the Site directly with anyone we know to be under the age of 18. If you are under the age of 18, you should use the Site only with the involvement of a parent or guardian and should not submit any Personal Data to us. By providing any Personal Data to us, you declare that you are over the age of 18.
5. PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
5.1. The SQYN Solution will/may collect, use, disclose and/or processes your Personal Data for one or more of the following purposes (collectively referred to as “Purposes”):
(a) administering, facilitating, processing and/or dealing in any matters relating to your use or access of the Site. Without limitation, if you:
(i) gain access to or sign in to the Site, using your login credentials of a Social Networking Site, or
(ii) use any features of a Social Networking Site such as its plug-ins, widgets, and browser push notifications, made available to you on our Site,
it may result in information or your Personal Data being collected or shared between us and the third party. For example, if you use Facebook’s “Like” feature, Facebook may register the fact that you “liked” a product and may post that information on Facebook. (“Social Networking Site” refers to an online or digital platform owned or operated by a third party, that is used by people to build social networks or social relations, or to interact, with other people, such as but not limited to Facebook, Instagram, Twitter). By your proceeding pursuant to (i) or (ii) above, you consent to such collection, use or disclosure of your Personal Data;
(b) monitoring, processing and/or tracking your use of the Site so that we can continue to provide products and services that our customers want to use, and to make sure we continue to be competitive;
(c) assessing and processing your request or order for the purchase of and/or subscription to our products and/or services;
(d) registering you as a customer of The SQYN Solution and/or to deal with, process and/or administer the account that you may open with us, including to facilitate your transactions or activities on the Site, or your transactions or activities with us;
(e) administering, facilitating, processing and/or dealing with your relationship with us, any transactions or activities carried out by you on the Site. This includes processing your application, process payment transactions; implementing transactions and the supply of products and/or services to you that you have requested. Without limitation, should you make a purchase to be delivered to a third party recipient (purchase on behalf or as a gift), you consent to us disclosing Personal Data that identifies you, to the said third party recipient (such as but not limited to your name). Further, you acknowledge and agree that delivery of your purchase could involve disclosure of certain Personal Data about you to bring about delivery of the same such as your name and contact details, which may be disclosed on the parcel or a delivery related document, as the case may be, which could be seen by third parties who view such parcel or said document;
(f) carrying out your instructions or responding to any enquiry given by you or on your behalf including responding to your customer service enquiries and complaints; or responding to or dealing with your interactions with us;
(g) contacting you or communicating with you via phone/voice call, text message, email or postal mail for the purposes of administering and/or managing your use of the Site, and/or account with us, your relationship with us or any transactions made by you with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain Personal Data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
(h) providing services to you as our account holder, as our customer or when requested by you; dealing with or administering your participation in any gamification, contests or social events organised by us;
(i) sharing or disclosing (at our discretion) your suggestions, reviews, comments, feedback or content (including audio, video etc.) (collectively “Feedback”) that you provide through the Site, Social Networking Sites, or to us via other means of communications, with other users of the Site or with the public, for publicity and/or promotion purposes with a view to marketing or showcasing the business of The SQYN Solution, and/or to acquiring customers, and/or for the purpose of providing the public with your Feedback which may be useful for the public’s purchasing decision or for the public’s information or otherwise. This includes us disclosing your name together with your Feedback. Without limitation, in the above regard, your Feedback and name may/will be published or shared by us on public media platforms such as the newspaper, the Internet, in our (including our affiliates’) annual reports (if any) etc., and/or incorporated as part of The SQYN Solution’s marketing collaterals/materials or corporate video to be disclosed to the public, and you hereby consent to the same. Do not provide us with Feedback if you do not wish for such Feedback to be disclosed to the public. If you wish to give us your Feedback without it being disclosed to the public, please separately email our Customer Department at email@example.com and head the subject of your email with the word “Confidential”;
(j) where you have provided your consent to us, obtained through the Site, sharing your personal preferences through the Skin Today Beauty Quiz or disclosing your Skin Today Beauty Quiz Personal Data to other users of the Site or with/to the public, through the Site or any other media (whether print, online or otherwise) or communication platform as we so choose, at our discretion, such as but not limited to as part of The SQYN Solution’s marketing collaterals/materials or corporate video. “Skin Today Beauty Quiz Personal Data” may include but is not limited to name, skin type/ concerns, eye colour, hair colour and type and other information which you provide;
(k) carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations (whether of Malaysia or a foreign country) applicable to us or our affiliates/associated companies, the requirements or guidelines of governmental authorities (whether Malaysia or a foreign country) which we determine are applicable to us or our affiliates/associated companies, and/or our risk management procedures that may be required by law (whether of Malaysia or a foreign country) or that may have been put in place by us or our affiliates/associated companies;
(l) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with and/or investigating complaints;
(m) complying with or as required by any applicable law, court order, order of a regulatory body, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Malaysia or elsewhere), with which we or our affiliates/associated companies are expected to comply;
(n) complying with or as required by any request or direction of any governmental authority (whether of Malaysia or a foreign country) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to Customs Department and Ministry of Health) (whether of Malaysia or a foreign country). For the avoidance of doubt, this means that we may/will disclose your Personal Data to such parties upon their request or direction;
(o) conducting research (including customer research), surveys, market surveys, analysis and/or development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities, or to improve our understanding of your interests, concerns and preferences, in order to enhance any continued interaction between yourself and us connected or in relation to the Site, or improve any of our products or services. Without limitation we may/will in this regard send you surveys or request a face to face interview survey, by way of email or postal mail;
(p) storing, hosting, backing up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside Malaysia;
(q) facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of The SQYN Solution or that of its affiliates/related corporations;
(r) for marketing purpose and in this regard, we would be providing you with marketing, advertising and promotional information, materials and/or documents relating to products, contests, services and/or events (including those of third party organisations whom The SQYN Solution may collaborate with) that The SQYN Solution (including its affiliates/related corporations) or such third party organisations may be selling, marketing, offering, organising, involved in or promoting, whether such products, services and/or events exist now or are created in the future:
(i) by way of postal mail, electronic transmission to your email address(es), push notifications, other forms of in-app notifications or harnessing other technologies (such as geo-location technology) for our Site or App on your mobile device(s) or other technologies on your computers, and/or through other modes of communication, in compliance with the PDPA. You may opt out of this or withdraw from this at any time by sending an email to firstname.lastname@example.org. For the avoidance of doubt, unlike
(s) dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves The SQYN Solution as a participant or involves only a related corporation or affiliated company of THE SQYN Solution as a participant or involves The SQYN Solution and/or any one or more of The SQYN Solution’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(t) to implement and maintain our information technology systems, including to store and process Personal Data in computer databases and servers located within and outside Malaysia;
(u) anonymisation of your Personal Data. In this regard, you acknowledge that Personal Data that has been anonymised is no longer Personal Data and the requirements of the PDPA would no longer apply to such anonymized data;
(v) reporting purposes, record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of The SQYN Solution or of its affiliates/related corporations. For the avoidance of doubt, you acknowledge and consent to The SQYN Solution sharing anonymised information such as but not limited to in the following circumstances. For the further avoidance of doubt, the PDPA does not apply to anonymised data that does not identify an individual and the PDPA does not provide you with a right to object to an organisation handling or processing anonymised data:
(a) Aggregate information. We may share anonymised aggregate information about our customers with advertisers and marketing partners;
(b) Behavioural-based advertising. A third party may use technology to collect anonymised information about your use of Site so that they can provide advertising about products and services tailored to your interest. That advertising may appear either when you are using the Site, or using the Internet or your mobile device to visit other websites.
6. SHARING AND DISCLOSURE OF PERSONAL INFORMATION
The SQYN Solution may/will need to disclose your Personal Data to third parties, whether located within or outside Malaysia, for one or more of the above Purposes, as such third parties, would be processing your Personal Data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we are permitted to disclose your Personal Data to such third parties (whether located within or outside Malaysia) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your Personal Data for one or more of the above Purposes. Without limitation or of paragraph 5, such third parties include:
(a) our business partners;
(b) any of our agents, contractors or third party service providers that process or will be processing your Personal Data on our behalf or otherwise, including but not limited to those which provide administrative or other services to us such as mailing houses, call centres, telecommunication companies, logistics companies, information technology companies and data centres;
(c) any other person to whom such disclosure is required by law or regulatory requirement or pursuant to a court order;
(d) third parties to whom disclosure by The SQYN Solution is for one or more of the Purposes and such third parties would in turn be collecting and processing your Personal Data for one or more of the Purposes;
6.4 We may carry out direct marketing by email, phone, text or post, where we have a lawful basis to do so. We will ask for your consent to receiving marketing communications (including newsletters) when you register on the website and you have the option not to give consent and to withdraw consent given at any time. You may withdraw your consent for us to contact you by email to email@example.com. If you ask us to not send you marketing emails, we will continue to hold enough information about you to maintain a record of your preference not to receive emails. Non-personally identifiable information may be provided to third parties for marketing, advertising or other uses.
6.6 Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
The SQYN Solution uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
6.7 In order to process your account and take payment for services or goods purchased from The SQYN Solution we will take your Debit/Credit card details. Payments are processed in compliance with the PCI (Payment Card Industry) and all card holder’s data is safeguarded when handled by the SQYN Solution staff. We also accept payments through ipay88 and Shopify, and you are advised to refer to their Privacy Policies for further details on how they handle personal data.
7. DATA RETENTION
8. DATA SECURITY
8.1 We will put in place appropriate technical, security and organisational measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
8.2We will endeavour to take all reasonable steps to ensure processing of personal data is carried out safely and kept confidential and secure, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at the users’ own risk.
8.3 We will also put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that
(i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and
(ii) retention is no longer necessary for any other legal or business purposes.
9. COOKIES AND MOBILE TECHNOLOGY
9.2 Flash Cookies
"Flash Cookies" (also called Local Shared Objects or "LSOs") are data files similar to cookies, except that they can store more complex data. Flash Cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services.
9.3 Web Beacons
Web beacons are small graphic images on a web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.
9.4 Analytics Tags
We use analytical tags to analyse what our clients like to do and the effectiveness of our features and advertising. They can also help us customize your browsing and shopping experience. We may use information collected through analytical tags or tracked links in combination with your Personal Data. We may also combine Personal Data you provide to us with other Personal Data (such as purchase history and demographic information).
9.5 Web Server Logs
Web server logs are records of activity created by the mobile device or computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The Web server log also may record information about your browser, such as your IP address and the cookies set on your browser by the server.
9.6 Geo-Location Technologies
Geo-location technology refers to technologies that permit us to determine your location. We may ask you to provide location information (such as your postal code), or to enable your mobile device to send us precise location information. For example, the first time you download the App you will/may be asked to choose between allowing or not allowing the App to access your location and/or to send you mobile notifications. If you choose “Do Not Allow,” you will have opted-out of having the App accessing your location to send you location-specific offer notifications. If you choose “OK” the App will communicate with your mobile device and collect certain data as provided in this Policy in order to send you targeted offers based on your location. You can always opt-out of sharing location data with the App by changing your device settings.
10. RIGHTS OF DATA SUBJECTS
10.1 The SQYN Solution recognises a data subject's rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
10.1.1 Subject access requests (SAR)
Data subjects (i.e. individuals) have the right to access personal data held by us by submitting a subject access request by email to firstname.lastname@example.org. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. In limited circumstances, a fee may apply.
10.1.2 Right to rectification
Data subjects have the right to request that personal data is amended or changed if it is inaccurate or incorrect. We will act on any such request without delay.
10.1.3 Right to erasure
Data subjects have the right to ask us to delete personal data from our systems without giving any reason and at any time. We will act on any such request without delay.
10.1.4 Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
(a) Personal data is not accurate;
(b) The processing of data is unlawful;
(c) Data is required to exercise legal rights or defend legal claims;
(d) Data is unlawful, although there may be lawful grounds for processing, which override this right.
10.1.5 Right to data portability
Data subjects have the right to obtain and request the transfer of their data to different service providers.
10.1.6 Right to object
Data subjects have the right to object to the processing of personal data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data if permitted to do so on a valid legal basis.
10.1.7 Right not to be subject to decisions based on automated processing
Automated decision-making is where a decision is made about you by a computer system without any human involvement. Profiling is the automated processing of personal information to assess certain things about you. We do not use any automated decision-making systems and we do not profile individuals.
10.1.8 Using your rights
If you wish to invoke any of these rights, you should contact the person responsible for data protection by email to email@example.com
10.2 There is usually no fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in limited circumstances.
11. REPORTING COMPLAINTS
11.1 If you want to raise a concern about the use of your personal data, you can contact us by email to firstname.lastname@example.org
11.2 If you wish to raise rights as a Malaysian citizen under data protection law, you can formally raise a concern or complaint to the supervisory authority applicable in your country of residence.
COUNTRIES OR REGIONS IN WHICH OVERSEAS RECIPIENTS ARE LIKELY TO BE LOCATED THROUGH E-COMMERCE
Australia, Bangladesh, Brunei, Cambodia, China, India, Indonesia, Malaysia, New Zealand, Philippines, Singapore, South Korea, Thailand, Vietnam