p2p-backend-dev.ezrx.com

MOMMY+ PREGNANCY TRACKER PRIVACY POLICY

Last updated: 31 March 2023

This Mommy+ Pregnancy Tracker application (“Mommy+”) is made available to you for download and use by Zuellig Pharma Ltd or its licensee. This Privacy Policy sets out how Zuellig Pharma Ltd and its affiliates (“we”, “us” or “our”) handle the personal data that you share with us through Mommy+ in accordance with the data protection laws that apply to us.

This Privacy Policy outlines our general practices in relation to the collection, use, disclosure (hereinafter referred to as “processing”) and protection of the personal data you provide through Mommy+, or when you communicate with us and/or our authorised agents through various media and communication channels in relation to Mommy+. This Privacy Policy also explains your rights and the choices available to you regarding the use of, your access to, and how to update and correct your personal data.

In this Privacy Policy, “personal data” generally refers to any information that can be used, directly or indirectly (e.g. in combination with other types of data that we may have access to), to identify an individual (i.e. the “data subject”). Local data protection laws may have differing definitions of this, and to the extent that our definition used here conflicts with the law, the stricter definition will apply.

I. Processing of Personal Data

In the course of your dealings with us, we may process personal data about you or any other person for the purposes stated in this Privacy Policy. This may occur when you voluntarily provide such personal data to us, or, where necessary, we receive such personal data from third parties or from the public domain.

In your interaction with us or by your usage of Mommy+, we may process the following categories of personal data, including, but not limited to:

· personal contact information, which includes your name, mailing address, email address, social network details, or phone number;

· sensitive personal data such as information relating to your health or your foetus/child’s health;

· account login information, which includes your account login ID/email address, screen name, password in unrecoverable form, and/or security question and answer;

· information relating to your citizenship, nationality, identification card or passport details;

· demographic information and interest, which includes your date of birth, age, gender, geographic location, favourite products and services, shopping information, and household or lifestyle information;

· transaction and financial information, which includes bank account and payment card details, payments to and from you, and other details of products and services you have purchased or acquired from us;

· technical data, which includes internet protocol (IP) address, operating system type, web browser type and version, your device information, and information collected through the use of cookies;

· usage data, which includes information about how you use Mommy+, language preferences;

· marketing and communications data, which includes your preferences for receiving marketing materials from us and our third parties and your communication preferences;

· photographs, audio and/or visual recordings that you choose to upload onto Mommy+;

· geolocation data;

· your conversations with us (be it via chat or in person phone calls), when you interact with us via our communication channels; and

· other information permitted by applicable laws or as notified to you at the point of transacting with us.

Unless prohibited by applicable laws, we will usually notify you before collecting your personal data.

As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your personal data or if there have been changes to your personal data.

If you provide us personal data about other individuals for any particular purpose, you represent and warrant to us that they have appointed you to act on their behalf and have agreed that you can:

· give consent on their behalf to the processing of their personal data;

· receive on their behalf any data protection notices; and

· warrant that you have obtained their consent for us to store their personal data, or have the right to allow us to process their personal data.

II. Source of Personal Data

The personal data processed by us are obtained from various legitimate and transparent sources, including, but not limited to the following:

· through your access or use of Mommy+;

· when you create an account with us;

· when you browse, order, purchase or subscribe to our products and/or services;

· when you interact with the links that in Mommy+;

· when you apply to participate and/or participate in our programmes;

· any emails or correspondence that we receive from you;

· when you communicate to us and/or our authorised agents through various media and communication channels, and any direct and indirect interactions with us;

· when completing any applications or forms for transactional or other purposes;

· when you participate in any event, prize draws, or competitions organised by us or indirectly through a third party;

· when completing any surveys that we send to you for research purpose;

· data from publicly available sources that we collect in accordance with applicable laws, i.e. data that is published by you, social media profiles, directories, signages;

· data that we obtain legally from authorised third parties, including, but not limited to, credit reporting agencies, regulatory and enforcement agencies, healthcare providers, and other government or government-linked entities;

· our related and/or associated companies, contractors, third-party service providers, and business partners;

· marketing services providers or partners; and

· mailing lists.

III. Lawful Basis and Purpose of Processing Personal Data

We must have a lawful basis to process personal data. We typically rely on at least one of these lawful bases to do so:

· where we have the data subject’s consent for the disclosed purposes;

· where the processing is necessary and related to the fulfilment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;

· where the processing is necessary for compliance with a legal obligation to which we are subject;

· where the processing is necessary to protect vitally important interests of the data subject, including life and health;

· where the processing is necessary in order to respond to a national emergency, or to comply with the requirements of public order and safety; or

· where the processing is necessary for the purposes of the legitimate interests pursued by us, a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under local laws.

We generally rely on consent to process personal data. In addition, the table below summarises some of the common purposes for which we may process personal data and our legal basis for doing so:

Purpose

Legal basis

· To create and administer your account (where applicable)

· To enable you to access or use Mommy+

· To provide you with our products and services, including to process your order and requests

· To provide, manage and administer programmes that are offered on Mommy+

· To provide you with discounts, bonuses, rebates and the like for your orders and purchases

· To provide support for our products and services

· To contact and communicate with you, including to respond to your requests, enquiries, and to provide you with status updates on your order

· To communicate information, notices, and updates

· To fulfil any other request(s) that you may have submitted to us

Where necessary to perform our contract with you

Where required to comply with a legal obligation

Where it is in our legitimate interests to ensure that services requested of us are effectively and appropriately delivered

· To deal with any product safety issue or product complaint, and to contact and communicate with you in relation to the same

· To undertake remediation activities

· To resolve disputes or to investigate any complaints you made or made against you

Where required to comply with a legal obligation

Where it is in our legitimate interests to ensure that complaints are investigated and appropriately resolved

· To do adverse event and safety reporting in respect of any product or service

· To improve patient care and safety in relation to the use of medicines and all medical and paramedical interventions

· To improve public health and safety in relation to the use of medicines

· To detect problems related to the use of medicines and communicate the findings in a timely manner

· To encourage safe, rational and more effective use of medicines

· To promote understanding, education and clinical training in pharmacovigilance and effective communication to the public

Where required to comply with a legal obligation

Where it is in our legitimate interests to:

(a) ensure that pharmacovigilance is done; and/or

(b) promote public health and safety

· To process invoices and payment

· For internal functions such as reporting, and audit and risk management

· To maintain our operations or client relationship management systems

· To maintain and upkeep customer or company records and development in the ordinary course of business

· For our internal record keeping

· For the preparation and execution of all necessary documents, agreements and/or contracts

· For general operation and maintenance of Mommy+

Where required to comply with a legal obligation

Where it is in our legitimate interests to:

(a) ensure the smooth operation of our business; and/or

(b) keep accurate records of our business

· To develop and improve our product and service offerings by analysing and assessing the information we have access to, such as by conducting data analytics and market research

· To develop, show, measure, and track advertising (including, but not limited to, content, survey, and promotions of Mommy+ or products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties) and to collect information about you and on how you interact with it while you use Mommy+

Where it is in our legitimate interests to:

(a) develop new product or service offerings to meet the needs of our customers; and/or

(b) improve user experience when using our products and service offerings, including Mommy+

· To implement and/or facilitate risk and fraud controls and payment processing

· To prevent, detect, or investigate any potential breaches, illegal activities or prohibited content on Mommy+

· To enforce and exercise rights stated in this Privacy Policy or any contract

· To comply with any legal or regulatory requirements relating to all the commercial transactions, our conduct of the business or activities or our provision of products and/or services, and to make disclosure under the requirements of any law, regulations, directives, court orders, by law, guidelines, circulars or codes applicable to us or any member of our group of companies from time to time

· To cooperate with regulators and law enforcement bodies

Where required to comply with a legal obligation

Where it is in our legitimate interests to:

(a) prevent and investigate legal disputes, potential breaches, illegal activities or prohibited content;

(b) enforce contractual rights; and/or

· To facilitate the conduct of due diligence exercises or the actual transfer of assets in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of our business, assets or stock or similar transaction

Where required to comply with a legal obligation

Where it is in our legitimate interests to undertake any corporate restructuring for the growth or optimisation of our businesses

· To send you information or invitations to events, seminars, conferences, initiatives and promotions and talks which may be of interest to you

· To organise and manage events, including your participation in such events

· To promote and communicate news and information about Mommy+, products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties, and such communications may be initiated from us or through third parties

· To deliver online behavioural advertising (i.e., to show you online advertisements for products and/or services which may be of interest to you based on your previous behaviour, and to show you advertisements and content on social media platforms)

Where it is in our legitimate interests, and subject to obtaining your consent when required under applicable laws, to provide you with marketing information that may be of interest to you

IV. Consequences of Refusal or Failure to Provide Personal Data

Unless stated otherwise, the personal data provided to us are wholly voluntary in nature and you are not under any obligation or duress to do so. However, in some circumstances if you do not provide us with your personal data described in this Privacy Policy, we shall not be held liable for any of the consequences arising therefrom. These include:

· the inability for us to provide you with the products and/or services you requested, either to the same standard, or at all;

· the inability to enrol you to the relevant programme(s);

· the inability for us to provide you with the information about the products and/or services that you may want, including information about discounts or special promotions, or our new products and/or services;

· the inability for us to tailor the content of Mommy+ to your preferences and your experience of using Mommy+ may not be as enjoyable or useful;

· the inability to complete the relevant transactions with you; and

· the inability to comply with any applicable law, regulation, direction, court order, by law, guideline and/or code applicable to us.

V. Disclosure of Personal Data

In order for us to fulfil the purposes listed above, we may disclose your personal data to the following parties, including, but not limited to:

· the various entities within our group of companies (including those incorporated in the future), licensees, or business partners, including (where applicable) authorised personnel from the sponsor for the patient programme that you are enrolled to;

· our employees, agents, representatives, partnerships, joint venture entities, contractors, third-party service providers, subcontractors, or other parties as may be deemed necessary by us to facilitate your dealings with us;

· our suppliers, manufacturers, and business alliance partners of our products and/or services;

· relevant holders of the marketing authorisation of our products and/or services;

· parties whom we have obligations to report safety issues or product complaints;

· our professional advisers, including but not limited to our lawyers, accountants, auditors, and other financial or professional advisors appointed in connection with our business;

· any person, government authority, statutory authority, industry regulator or other relevant third party whom we are compelled or required to do so pursuant to any law, or if we have good faith belief that such disclosure is necessary to protect and/or defend our rights and interests or in connection with an investigation of fraud, infringement, piracy, tax avoidance and evasion or other unlawful activity;

· potential acquirers and other stakeholders in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of our business, assets or stock or similar transaction; and

· any other party requested or authorised by you for the above purpose or any other purpose for which your personal data was to be disclosed at the time of its collection or any other purposes directly related to any of the above purposes.

Third parties are legally tasked with processing the personal data in line with the principles specified by us. Third parties are also held legally responsible for securing the personal data at an appropriate level of security in relation to applicable data protection laws and widely accepted industry standards.

VI. Protection of Personal Data

We ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to protect the confidentiality and security of your personal data collected through the various methods described in this Privacy Policy to prevent any unauthorised access, unauthorised or unlawful alteration, disclosure or processing of such information and data, and the accidental loss or destruction of or damage to such information and data.

Some of the security measures we put in place include, but are not limited to:

· storing your personal data in systems that are protected by secured networks;

· putting in place role-based access controls to limit access to such personal data only to employees who have a need to know this information for the purpose of performing their official duties, and authorised third parties who are contractually bound to take reasonable measures to keep your personal data secure;

· regularly monitoring our systems for possible vulnerabilities and attacks, and regularly reviewing our information collection, storage and processing practices to update our physical, technical and organisational security measures; and

· verifying the identity of a requester before they can access or modify the personal data that they have legitimate access or modification rights to.

Compliance with these provisions will be required by all authorised third parties who may access the personal data as described above.

VII. Your Rights

Depending on the data protection laws in the country where you reside, in respect of the personal data which you have submitted to us, you may have the right at any time to:

· request for access to your personal data in our records;

· request to make correction of your personal data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information provided;

· request to cease processing your personal data for the purposes of marketing;

· object to the processing of your personal data, request to restrict or limit processing of your personal data, or request portability of your personal data;

· withdraw your consent for us to continue processing your personal data; and

· lodge an inquiry or complaint to the relevant data protection authority about our collection and use of your personal data.

Should you wish to exercise any of the abovementioned rights and such right is recognised within your country, please write in to us using the contact information found at Part XIV (Contact Us) below. In respect of requests for access to or to make correction of your personal data in our records, such requests must be supported with submission of the relevant documents as may be required by us. Depending on the nature and sensitivity of the request, we may require you to submit these documents in person so as to verify your identity from time to time to the address found at Part XIV (Contact Us) below. We will only make appropriate corrections based on the verifiable/verification and updated information provided by you. Your request may also be subject to payment of a fee in accordance with applicable legal requirements.

With regard to the withdrawal of consent, you may withdraw, in full or in part, your consent given to us.

You may request for deletion of your personal data by us, and we will use commercially reasonable efforts to honour your request. However, please note that we may be required to keep such information and not delete it for such period of time required by law or in order to fulfil our legal obligations. When we delete any information, it will be deleted from the active database but may remain in our archives. We may also retain your information for fraud prevention and detection or similar purposes.

Your exercise of any of the rights or withdrawal of consent referred to above is, in each case, subject to any applicable legal restrictions, contractual conditions, and a reasonable time period. This may also be subject to whether it would affect the operation of our business and our ability to meet our legal obligations.

We may also, in accordance with the data protection laws applicable to us, refuse to comply with your request. If we refuse to comply with such request, we will inform you of our refusal and reason for our refusal.

VIII. Retention of Personal Data

The personal data you submit to us will only be retained for as long as is required for the purpose for which it was collected or as permitted by applicable laws.

Even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints. When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.

IX. International Transfers of Personal Data

Mommy+ generally processes your data in Cambodia and Singapore. However, to provide our services and to ensure the smooth running of Mommy+, we may transfer your personal data to our affiliates and authorised employees, agents and third parties in the jurisdictions where we operate or where we deem it appropriate or desirable (unless applicable laws provide otherwise) for the purposes stated in this Privacy Policy. In particular, we may transfer your personal data to our overseas affiliate(s) where our information technology storage facilities and servers may be located. There may be a possibility that the data protection levels in other jurisdictions do not completely meet the requirements of the data protection laws in the country where you reside, but all such transfers are performed in accordance with the requirements of applicable laws.

X. Links to Other Websites or Applications

Mommy+ may contain links to and from the websites and applications of our partner networks, advertisers and/or other third parties. If you click on a link to any of these websites or applications, you will leave Mommy+ and be redirected to the website or application you selected. As we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal data by such third parties, and we cannot guarantee that they will adhere to the same data privacy practices as us. We encourage you to review the privacy policy of these websites or applications before providing any personal data.

We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. We encourage you to visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

XI. Marketing and Promotions

We may use your personal data to market products, services, events, seminars, conferences, initiatives, and promotions and talks of ours (i.e., those of our subsidiaries, related and/or associated companies), business partners, sponsors and/or advertisers. We may communicate such marketing to you by way of post, phone call, email, short message service (SMS), social media and/or any other appropriate communication channels, depending on what you have agreed to with us. If you wish to unsubscribe to the processing of your personal data for marketing and promotions, you may click on the “Unsubscribe” link in the relevant email or message you receive from us. Alternatively, you may contact us directly at the email address found at Part XIV (Contact Us) below. Please note that once we have received your request to unsubscribe, it may take up to fourteen (14) working days for us to process your request and to be reflected in our systems. Therefore, you may still receive marketing communications during this period of time. Please also note that, even if you opt-out from receiving marketing communications, you may still receive administrative communications from us, such as order or other transaction confirmations, and other important non-marketing related announcements.

XII. Language

In the event of any inconsistency between the English version and the local language version of this Privacy Policy, the English version shall prevail.

XIII. Amendments to Privacy Policy

We reserve the right to modify, update and/or amend this Privacy Policy at any time. We will take reasonable steps to ensure amendments to this Privacy Policy are communicated by posting all amendments prominently on Mommy+ and other places we deem appropriate for a reasonable period of time. Amendments to this Privacy Policy will be effective immediately once published on any of Mommy+ unless otherwise noted. We invite you to check this Privacy Policy periodically to be informed of any relevant amendments to it, especially before providing any information to us. Your continued access or usage of Mommy+ and/or providing your personal data to us, following any amendments to this Privacy Policy, indicates your consent to the practices described in the revised Privacy Policy. If you do not agree, you should immediately discontinue your use of Mommy+, cease providing to us any of your personal data and notify us in writing in the manner described in Parts VII (Your Rights) and XIV (Contact Us).

XIV. Contact Us

If you have any feedback or questions about this Privacy Policy and the way we handle your personal data, or you wish to exercise any of your rights above, you may contact us through the “Contact Us” feature of Mommy+ or write to us at the following:

Zuellig Pharma Ltd.

Street Lum, Phum Boeng Salang, Sangkat Ruessei Keo Khan Ruessei Keo,

Phnom Penh, Cambodia

Email: info@mommypluskh.com