PRIVACY NOTICE

1. OVERVIEW

  1. SECUREMETRIC TECHNOLOGY SDN. BHD. (COMPANY REGISTRATION NO. 200701001616) recognises the importance of safeguarding the privacy of personal data. We are committed to use our best endeavours to ensure that all information we receive remains confidential and is used solely for the purpose outlined in this personal data protection notice which was formulated in accordance and compliance with the Personal Data Protection Act 2010 (“Privacy Notice“).
  2. Please note that by browsing, using, accessing or registering with our CertCycle website and/or mobile application (“Site”) and/or subscribing to and use our digital certificate inventory solution services, you are bound by this Privacy Notice and you consent for us to collect, use, store and disclose your personal data in accordance with this Privacy Notice.
  3. Please read this Privacy Notice carefully and in its entirety to better understand the following:
    • types of personal data and the manner in which we collect from you;
    • purpose in which we collect and process your personal data;
    • your right to access to, update, rectify and limit the processing of your personal data;
    • parties to whom we may disclose your personal data;
    • measures taken by us to safeguard the privacy of your personal data; and
    • retention of your personal data by us.
  4. If you do not agree to our collection and/or processing of your personal data in the manner outlined in this Privacy Notice, please leave our Site immediately and do not subscribe for our digital certificate inventory solution services or submit any personal data to us through any means.

2. TYPES OF PERSONAL DATA AND MANNER OF COLLECTION

  1. Personal data means any information that relates directly or indirectly to an individual who is the subject of the personal data, who is identified or identifiable from that information or from that and other information in the possession of a user of that personal data, including any sensitive personal data (e.g. personal data consisting of information as to the physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence) and expression of opinion about that individual.
  2. We may collect and process your personal data when you browse, use or access to our Site or when you register an account on our Site or when you subscribe and/or use our digital certificate inventory solution services or when you communicate with us via e-mail or any other modes of communication or through the use of cookies (if any) on certain pages of our Site or when you provide your personal data to us directly or from any other sources such as public databases, social media platforms and other third parties.
  3. For example, we may collect:
    Personal details:Name, photographs, age, gender, national registration identity card number, passport number or other identification document number, date of birth, race, ethnic origin, nationality, qualifications, employment, work experience, business activities, physical and mental health etcLog in details:User identification name, password or other security code.Financial details:Charge card, credit card, debit card or bank account details.Contact details:Correspondence address, electronic mail address and phone numbers.Device details:Internet protocol address, operating system version, browser type and version, and settings of the device used to access our Site and/or use our digital certificate inventory solution system.Location details:Geographical location derived from internet protocol address.Log details:Time and duration of your use of our Site and/or our digital certificate inventory solution system.Other details:Applications used, pages viewed and website navigation paths, any feedback, opinions, reviews, uploaded documents or information and any other information that relates directly or indirectly to you.

3. PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA

  1. We may collect and process your personal data for one or more of the following purposes:
    • process and complete your account registration on our Site;
    • process and complete your subscription of our digital certificate inventory solution services;
    • process payment transaction over our Site and send you your records of the transaction;
    • verify your identity;
    • detect suspicious transactions;
    • provide our digital certificate inventory solution services or any related services to you;
    • send information to our related and associated companies, and any affiliated parties who need to know your personal data to enable us to render our digital certificate inventory solution services to you efficiently;
    • enable the certification authority licensed under the Digital Signature Act 1997 to issue a valid certificate in respect of a digital signature, which contains the subscriber’s public key;
    • keep you updated with new features and functions of our Site and/or our digital certificate inventory solution services;
    • diagnose and resolve any problems associated with our digital certificate inventory solution system;
    • attend to your requests, feedback, enquiries or complaints in relation to our Site and/or our digital certificate inventory solution services;
    • communicate with you for any of the purposes listed in this Privacy Notice;
    • give you the best user experience;
    • improve our customer service; and/or
    • conduct or facilitate internal audits and investigations.
  2. Please note that the aforesaid list is not exhaustive and only includes some of the most common purposes we may collect and process your personal data. We may also collect and process your personal data for any other purposes that are required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.

4. ACCESS TO, UPDATE, RECTIFICATION AND LIMITATION OF PROCESSING OF PERSONAL DATA

  1. You have the following personal data protection rights which you can exercise at any time by contacting us via the contact details provided on our Site or e-mail us at support@securemetric.com, between 08:00 and 17:00 (Malaysia time), Mondays through Fridays excluding public holidays in Malaysia:
    • right to access to your personal data;
    • right to update and rectify your personal data; and
    • right to limit the processing of your personal data held by us such as preventing us from processing your personal data that will likely to cause damage or distress or for purposes of direct marketing but please take note of the impacts (hereinafter provided) as a result of this limitation;
  2. We strive to ensure that the personal data we maintain about you is accurate, complete, up-to-date and not misleading. Therefore, the personal data which you provide us shall, as far as it is reasonably practicable, be accurate, complete, up-to-date and not misleading. If at any point in time you believe that any of your personal data held by us is not accurate, complete, up-to-date and is misleading, please notify us with the correct, complete and accurate data via the contact details provided on our Site or e-mail us at support@securemetric.com
  3. Please note that we may, on reasonable grounds, deny your request to access to, update and/or rectify your personal data. Reasonable grounds include but not limited to the following:
    • we suspect the occurrence of identity theft whereby we are unable to identify and verify that you are the individual who is the subject of the personal data
    • it would impact the privacy rights of other persons;
    • the request is too frivolous or without merit;
    • you are unable to accede to our request for further information and supporting documents before we may proceed to comply with your requests;
    • we are not satisfied that the personal data to which the personal data correction request relates is inaccurate, incomplete, not up-to-date or misleading;
    • we are not satisfied that the correction which is the subject of the personal data correction request is accurate, complete, up-to-date or not misleading; and
    • acceding to the request would constitute a violation of any court order or any other applicable law.
  4. We will use all reasonable efforts to comply with your request in a timely manner, not later than twenty-one (21) days from the date of receipt of the request. Upon complying with your request, we will notify you of the same. However, if we are unable to accede to your request, we will notify you of the reasons within the same timeframe or if we are unable to accede to your request within such timeframe, we will notify you of the reasons and comply with your request not later than fourteen (14) days after the expiration of the first-mentioned timeframe.

5. DISCLOSURE OF PERSONAL DATA

  1. We generally keep your personal data confidential but in limited circumstances and when it is necessary for us to fulfil our purposes of collecting and processing your personal data as outlined in this Privacy Notice, we may disclose your personal data on a need-to-know basis to the following third parties:
    • our holding company and subsidiaries (direct or indirect) and any of our affiliates;
    • our employees, officers, professional advisers and affiliated parties;
    • third party business partners and service providers engaged by us;
    • certification authority licensed under the Digital Signature Act 1997;
    • any governmental, public or regulatory authority when required by such authority;
    • our prospective or new related or associated companies in case of a merger, acquisition, reorganisation of our company or any corporate proposal undertaken by us; and/or
    • persons/companies/organisations whom you have consented to share your personal data.

6. SECURITY

  1. We employ commercially reasonable security measures to safeguard your personal data (whether held and processed by us or any third parties engaged by us) from loss, misuse, modification, unauthorised or accidental access, disclosure, alteration, or destruction but we do not represent or warrant:
    • the security of any information, data or files which you transmitted to us; and
    • that any information transmitted to us will not be hacked, leaked or intercepted while being conveyed over the internet as no security system is impenetrable.
    You do so at your own risk.
  2. A unique username and password may be essential for you to use certain functions or features of our Site and/or digital certificate inventory solution services. We strongly encourage you to keep your username and password confidential, change your password regularly for your own protection and log out of your account and close your browser every time you have finished your session. Please note that our personnel will never request your password in an unsolicited phone call, text message or e-mail

7. RETENTION OF PERSONAL DATA

  1. We will not keep your personal data longer than is necessary for the fulfilment of the purpose for which it was collected and processed and we take all reasonable measures to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was collected or processed. If deletion is not possible for any reason whatsoever, we will securely store your personal data and prevent it from any further processing until deletion is possible.
  2. You can delete all your personal data by going to My Account -> Delete Account.

8. IMPACTS FOR LIMITING THE PROCESSING OF YOUR PERSONAL DATA

  1. While you may limit the processing of your personal data held by us, please note that if sufficient personal data (solely in our opinion) is not provided to us:
    • you may not be able to access to or use certain features or functions on our Site;
    • you may not be able to use any or all of our digital certificate inventory solution services;
    • you may not be able to register for a digital certificate from any certification authority licensed under the Digital Signature Act 1997; and/or
    • your request to us for any of the purposes set out in this Privacy Notice may not be accepted or acted upon.

9. WITHDRAWAL OF CONSENT TO PROCESS PERSONAL DATA

  1. You may withdraw your consent for us to collect, use, store and disclose your personal data by contacting us via the contact details provided on our Site or e-mail us at support@securemetric.com, between 08:00 and 17:00 (Malaysia time), Mondays through Fridays excluding public holidays in Malaysia. Upon receiving such request, we will immediately cease processing your personal data.
  2. Please note that upon withdrawal of your consent for us to collect, use, store and disclose your personal data, you are not allowed to browse, use or access our Site or subscribe and/or use our digital certificate inventory solution services.

10. THIRD PARTY

  1. Please note that this Privacy Notice does not cover the practices of third parties, including but not limited to any third party websites, services and applications that you browse, use or access through our Site and/or our digital certificate inventory solution system. Accordingly, we will not accept any responsibility or liability for the content or privacy policies of those third parties and we encourage you to carefully review their respective privacy policies and terms of use before using their websites.

11. TRANSFER OF PERSONAL DATA

  1. Generally, we do not transfer your personal data to recipients located outside of Malaysia. However, if we do, we will take all reasonable steps to ensure your personal data will be processed in a manner in compliance with the Personal Data Protection Act 2010 and you consent to us to transfer your personal data outside of Malaysia.

12. AMENDMENTS OR UPDATES TO THIS PRIVACY NOTICE

  1. We may periodically amend or otherwise update this Privacy Notice at our discretion, without prior notification to you. Such amendments or updates shall have effect immediately upon uploading to our Site and your continued browsing of, using of or accessing to our Site or subscribing to and/or use of our digital certificate inventory solution service shall constitute your agreement and acceptance of such amendments or updates. We suggest that you visit our Site regularly to keep up to date with any amendments or updates to this Privacy Notice.

13. DISCREPANCIES

  1. We prepared this Privacy Notice in English and Malay versions in accordance with the Personal Data Protection Act 2010. In the event of any discrepancies between the English and Malay versions of this Privacy Notice, the English version shall prevail.

14. CONTACT US

  1. Should you have any queries or complaints relating to this Privacy Notice or otherwise relating to any misuse or suspected misuse of your personal data, you may contact us via the contact details provided on our Site or e-mail us at support@securemetric.com, between 08:00 and 17:00 (Malaysia time), Mondays through Fridays excluding public holidays in Malaysia.

Last updated 17 June 2022