Privacy Policy

This privacy policy relates to all services and communication by the University of Malaya Medical Alumni Association (referred to in this privacy policy declaration as: UMMAA). The UMMAA is a Malaysia based non-profit organization, with its legal address at Faculty of Medicine, Universiti Malaya, 50603, Kuala Lumpur. The UMMAA website is currently hosted by Shinjiru Technology Sdn Bhd and domain by Pusat Teknologi Maklumat, Universiti Malaya and is located at No.19-2, Wisma Laxton, Jalan Desa, Off, Jalan Klang Lama, Taman Desa, 58100 Kuala Lumpur and Pusat Teknologi Maklumat, Universiti Malaya, Jalan Universiti, 50603 Kuala Lumpur respectively. As a significant number of UMMAA-members are based in Malaysia, and the UMMAA will provide services to University of Malaya Medical Alumni, UMMAA will comply the Personal Data Protection Act (PDPA), which will be in effect from 1st October, 2018. For the full context of the PDPA, we kindly refer you to the official Personal Data Protection Department (an agency under the Ministry of Communications and Multimedia Commission) website, https://www.pdp.gov.my/jpdpv2/.

The UMMAA can only be held responsible for the privacy policy regarding services and communication directly provided by the UMMAA . Other websites that may refer or are connected to the UMMAA website will have their own privacy policy. Wherever necessary, we will refer to the appropriate privacy policy.

What information do we collect?

We only collect and store the personal data that you permitted us to collect and store. We will only collect and store personal data that are absolutely required for the purpose these data should serve. The amount and the nature of these data depend on the services you allow us to use these data for; please see the table below.

Purpose Required data External party involved
Membership subscription
  • Name
  • Identity Card Number
  • Contact Number
  • E-mail Address
  • Mailing Address
  • Current Position
  • Graduation Year or First Year of Service
Google Inc.
Membership payment by credit card
  • Name
  • Credit card details
MasterCard
Visa
Membership payment by bank/wire transfer
  • Name
  • Bank account details
  • Invoice reference
CIMB Bank
Maybank
Event registration
  • Name
  • E-mail address
  • Membership Number
No
Event payment by credit card
  • Name
  • Credit card details
MasterCard
Visa
Event payment by bank/wire transfer
  • Name
  • Bank account details
  • Invoice reference
CIMB Bank
Maybank
Newsletter registration
  • Name
  • E-mail address
Google Inc.
Providing specific, tailored information regarding your field of expertise, or region of research focus and activity
  • Name
  • E-mail address
  • Research region
  • Research topics
No
Networking purposes
  • Name
  • E-mail address
  • Research region
  • Research topics
  • Affiliation
  • Country
  • Position
No
Use of data by external parties

The UMMAA has selected well-known partners to support the services and activities of the UMMAA. The UMMAA has ascertained that these partners will be compliant with the PDPA.

Current partners are:

GOOGLE INC.

The UMMAA uses the Google Inc. form system for collecting subscriptions to and distributing the UMMAA Newsletter. The management of the mailing list lies however with the UMMAA Secretariat. By signing-up for the UMMAA Newsletter, you will also accept the terms and conditions as well as the privacy policy set by Google Inc (see https://www.google.com/drive/terms-of-service/ and https://policies.google.com/privacy)

MASTERCARD and visa

MasterCard or Visa payment system is used for the payment of membership dues via credit card. Name and credit card details are only used by MasterCard or Visa to complete the payment and are not stored by the UMMAA. When performing payment via MasterCard or Visa, you accept the policies set by MasterCard or Visa (see https://www.mastercard.com/en-ke/about-mastercard/what-we-do/privacy.html or https://usa.visa.com/legal/global-privacy-notice.html).

CIMB and maybank

When you pay your membership via bank or wire transfer, data provided to complete the payment will be managed via CIMB or Maybank, where the UMMAA bank account is located. As CIMB or Maybank has ASEAN-based customers, CIMB or Maybank has no explicit PDPA-policy but is compliant with all privacy conditions set by the Malaysia banking system (Bank Negara Malaysia). Any information will be used and stored in accordance with the conditions set by CIMB or Maybank (see CIMB or Maybank privacy policy).

Shinjiru Technology Sdn. Bhd.

Shinjiru Technology Sdn. Bhd. (Shinjiru) is a Web Hosting Malaysia Provider that hosts the UMMAA website on its servers and UMMAA contents are managed by Muhammad Akhbar. Although Shinjiru has server access for IT maintenance purposes, it is not provided with access to any personal data you provide. Also, Shinjiru has no login details that give direct access to any stored data. Shinjiru is PDPA-compliant (see https://www.shinjiru.com.my/pdpa-policy/)

University of Malaya (Pusat teknologi maklumat)

Pusat Teknologi Maklumat, Universiti Malaya (PTM) hosts the UMMAA domain and as such provides the infrastructure to enable the UMMAA Secretariat to perform its duties. In consequence, PTM’s IT-support staff will have access to the hardware used by the UMMAA domain. The IT-support staff will however not be provided with access to any personal data of UMMAA-members and/or -contacts. PTM is PDPA-compliant (see https://ptm.um.edu.my/um-ict-policy-rules-amp-guidelines).

Third party access

We will not provide your data to any other third party without your explicit written prior consent.

Right of disclosure/right of change

As the data we store are your own personal date, you, of course, have the right to ask which data we have stored and to request desired and/or required changes to the stored data. In order to execute this right, please send an e-mail to the UMMAA Secretariat (alumni.fom[at]um.edu.my) via the e-mail address you are registered with the UMMAA. We will follow up on your request as soon as possible, but at the latest within 30 days after receiving your request.

Right to be forgotten

In case you want your data removed from our databases, you can use two options:

  • If you only want your e-mail address removed from our newsletter mailing database, you can use the Unsubscribe-link in the footer of any UMMAA-Newsletter.
  • If you also want any additional data you provided us with removed from our databases, please send an e-mail to the UMMAA Secretariat (alumni.fom[at]um.edu.my) via the e-mail address you are registered with the UMMAA. We will follow up on your request as soon as possible, but in any case within 30 days after receiving your request.

Please note that removing your data from the membership database will also end your membership; however, this will not imply any right of restitution of membership fees nor the cancellation of membership fees due at that moment.

How long will we keep your data?

We will keep your data no longer than necessary or as required by legal obligation. This means the following:

  • Data provided by you to the UMMAA for sending you the newsletter, sending you specific, tailored information, or for networking purposes will be removed from our databases within 30 days after we have received your request.
  • Data required to manage your membership of the UMMAA will be stored until ultimately 2 years after your membership expires.
Data security
  • Computers and internet connections used for handling your data are and will be secured as well as is feasibly possible against hacking, malware, and use by unauthorized persons. The UMMAA Secretariat will use all security measures provided by the host institution, i.e. Shinjiru and PTM.
  • Access to personal data is only allowed to UMMAA-functionaries on a need-to-know basis and access will be limited to only the data required to perform the action and/or to deliver the requested service, provided this use has been permitted by you.
  • All persons authorized to access any personal data will be bound by a confidentiality agreement not to disclose this information to persons not having authorization to access these data.
  • Daily server back-ups of all data are made in order to be able to restore any damage caused by material or technical incidents.
Non-personal data

Our website automatically stores technical data when you use the website. These data are non-personal and anonymous and not retrievable to individuals.

Cookies policy

Our websites use functional and analytic cookies. These cookies are used to improve the performance of the website and to analyze how the website is being utilized by its visitors. These cookies are anonymous. Cookies are also used anonymously in our newsletters to analyze the results of mailing campaigns. For more information about cookies follow this link. Please also note the references to social media cookies below.

Social media

The UMMAA website uses buttons to share pages or information via social media like Facebook, Twitter, LinkedIn, et cetera. When you use one of these buttons, a cookie will be placed by the social media network on your computer; when using the social media buttons, the privacy policy of the related social media network will apply, the UMMAA has no control nor responsibility over the use of your personal data by any of these social networks.

Please also note that the UMMAA cannot bear responsibility for any use by third parties of any information made public via the UMMAA website. Please note that the major part of the UMMAA website is published via Creative Commons license CC BY-NC-SA 4.0. However, in case of any alleged infringements or improper use, we suggest you contact the UMMAA Secretariat via alumni.fom[at]um.edu.my, so we can contact the parties involved.

In case of emergencies

As this privacy policy demonstrates, the UMMAA will do its utmost best to safeguard your privacy. However, in cases where security has been breached, we will inform you as soon as possible and will take any measure required to minimize the effects of such a breach. Security breaches will also be notified to the appropriate authorities. The UMMAA cannot be held liable for any data theft or security breaches other than in cases of willful misconduct or gross negligence.

Remarks, suggestions, complaints

In case of any suggestions, remarks, or complaints regarding the handling of your personal data, we kindly ask you to contact the UMMAA Secretariat via alumni.fom[at]um.edu.my. We will then try to resolve the issue as soon as possible.

Changes to this policy

This privacy policy may be subject to changes. All changes intend to improve the protection of your privacy and to handle your data in a secure and transparent way. This policy has last been updated on 25th April, 2020.