Effective Date: 12 July 2019

Thank you for being part of cHEART  community.  We wrote this Privacy Policy to help you understand how DATA8 Sdn Bhd (“us”, “we”, “DATA8”) uses and protects the information we collect from you when you visit (the “cHEART website”) and use our mobile application (the cHEART application”).  Collectively, cHEART website and application will be referred to as “Services”.

As a company based in Malaysia, DATA8 is bound to comply with Personal Data Protection Act (“PDPA”) 2010 and all relevant regulations, standards, code of practice and guidelines as may be prescribed from time to time. 

It is important that you read this Privacy Policy together with our Terms of Use.  If you do not understand our Privacy Policy or our Terms of Use, please contact us at or by reading the information below.  If you do not agree to our Privacy Policy or Terms of Use, you may not use the Services provided. 



Personal data, or personal information means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous or de-identified data).

We may collect, use, store and transfer different kinds of personal data about you which we have set out below. 

Identity Data includes first name, last name, username or similar identifier, date of birth, gender and locality area.  We collect date of birth and gender to profile users in order to help us improve the Services offered.  We collect locality to track unique trends or behaviour that might be generated from a specific location and it could also be useful in the event of outbreak.

Contact Data includes telephone number and email address to allow us to send updates, marketing promotions and other materials related to the Services. 

Technical Data includes internet protocol (IP) address, your log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology devices you use to access our Services. We use this information to help us form an opinion on how best to improve our Services by looking at the Technical Data.   

Usage Data includes information about how you use our Services to help us improve your user experience. 

Health Device Data includes any information that is synced-up from a fitness application or a wearable that tracks or monitors your wellness and health data.

We also collect, use and share Aggregate Data such as statistical of demographic data for any purpose.  Aggregate Data may derive from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.  For example, Aggregate Data may include a statement that says “70% of our users have uploaded medical information in the last 3 months”.

Our Services are not intended for children and we do not knowingly collect data relating to children.  However, parents or legal guardians of the children may wish to upload the children’s data on cHEART for purposes fitting to the parents or legal guardians. 



Our methods of data collection include:

Direct interactions

You voluntarily provide us your identity and contact by filling-in forms or by corresponding with us via email or through our website.  This includes personal data you provide when you:

  • subscribe to our Services
  • create an account on our application or
  • give us feedback
  • upload your medical records and sync-up Health Device Data to cHEART application


Automated technologies

As you interact with our website and application, we may automatically collect Technical Data about your device, browsing behaviour and patterns.  We collect this data by using cookies and other similar technologies. 


Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources like social networks, message boards, analytics provider etc. The information that we receive depends on your privacy settings on such sources. 



We rely on a private blokchain network to store your encrypted data.  This means that no one can access your data without you granting them.



We will use your data in the following circumstances where we need to:

  • register, administer your account and profile, and provide you the information and services that you requested
  • communicate with you to share updates and marketing materials which may be relevant to you. You may unsubscribe from receiving our marketing materials by emailing to or using the unsubscribe link provided in the email marketing.  We may also send you administrative messages on updates, notices, alerts and changes to our Privacy Policy or our Terms of Use.
  • improve our Services. For example, we may use demographics and pattern usage to create new features and content to enhance your experience when using our Services. 
  • comply with a legal and regulatory obligation. We will do this to the extent required by such laws or regulations.

We may de-identify or aggregate your data with other users of the Services.  This de-identified or Aggregate Information may be used by us for any lawful purpose, including for data mining and analytics.



We may share your data with Healthcare Providers and with pharmaceuticals or research institutions for research purposes.   

We use partners and service providers to help us provide the services that you use. We will share your personal information with third parties when:

  1. it is required by law
  2. requested by you
  3. access to your personal information is granted by you


In the event that we need to comply with law or legal processes, we will share your information, the amount of which is sufficient for said purpose.

When we share your personal information, we will take steps to ensure that the recipient will protect your privacy, keep your personal information secure and process it in accordance with the law.



We will only retain your data for as long as necessary to provide you with the Services and to fulfil any legal requirements.

In some circumstances, we may anonymise your data (so that it can no longer be associated with you) for research or statistical purposes in which case, we may use this information indefinitely without further notice to you.



The security of your personal data is important to us.  We use reasonable measures aimed to protect against any unauthorised use, disclosure, alteration or destruction of the Personal Data we collect and maintain.  You should keep in mind however, that no data transmitted digitally over the internet is fully secure and any data disclosed online can be potentially collected and used by other than the intended recipient.  So, while we strive to protect your data, we cannot guarantee or warrant the security of any information you transmit to and from our Services. 



You have rights under data protection laws in relation to your Personal Data to exercise any of the following:

–     request access to your personal data

–     request correction to your personal data

–     request erasure of your personal data

–     object to processing of your personal data

–     request restriction of processing your personal data

–     request transfer of your personal data

–     right to withdraw consent



DATA8 is based in Malaysia and the information we collect is governed by Malaysian law.  By providing us with your Personal Data and using our Services, you acknowledge that your Personal Data will be transferred to and processed in Malaysia




Our website and application may include links to third-party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and applications and, we are not responsible for their privacy statements.  We encourage you to read the privacy policy of every website and application you visit. 




As we improve our Services over time, we may need to update this Privacy Policy to reflect new ways we may collect and use your data.  When we update this Privacy Policy, we will post a new Effective Date at the top.  We will endeavour to notify you of the changes prior to the changes taking effect, such as by posting directly a notice on the Services, by sending email notification or by any other reasonable method.




Questions or feedbacks about this Privacy Policy can be directed to