1. Personal Data Protection Notice

1.1. Xiamen University Malaysia (XMUM) takes your privacy seriously.

1.2. This Personal Data Protection Notice exists to keep you in the know about how we collect, use, disclose, store and/or process the data we collect and receive. We will only collect, use, disclose, store and/or process your personal data in accordance with this Personal Data Protection Notice.

1.3. It is important that you read this Personal Data Protection Notice together with any other applicable notices we may provide on specific occasions when we are collecting, using, disclosing and/or processing personal data about you so that you are fully aware of how and why we are using your personal data.

1.4. We may update this Personal Data Protection Notice from time to time. Any changes we make to this Personal Data Protection Notice in the future will be reflected on this page and material changes will be notified to you. Where permissible under local laws or express consent thereto, shall constitute your acknowledgment and acceptance of the changes we make to this Personal Data Protection Notice. You agree that it is your responsibility to check back frequently to see any updates or changes to this Personal Data Protection Notice.

1.5. This Personal Data Protection Notice applies in conjunction with other notices, contractual clauses and consent clauses that apply in relation to the collection, storage, use, disclosure and/or processing of your personal data by us and is not intended to override them unless we state expressly otherwise.

1.6. All of these terms apply to XMUM’s services users.

2. Personal Data

2.1. Personal data means any information about an individual, whether recorded in a material form or not and whether true or not, who can be identified from that data (whether directly or indirectly), or from that data and other data to which we have or are likely to have access.

2.2. During the course of your use of our services, we may collect personal data about you, as follows:

(i) Identity data, such as your name, gender, and date of birth;

(ii) Contact data, such as billing address, delivery address, email address and phone numbers;

(iii) Account data, such as bank account details, bank statements, credit card details and payment details (such account data may also be collected directly by our affiliates and/or third party payment service providers)

(iv) Transaction data, such as details about orders and payments, and other details of products and services related to you;

(v) Technical data, such as Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, international mobile equipment identity, device identifier, IMEI, MAC address, cookies (where applicable) and other information and technology on the devices you use to access our platform;

(vi) Information in audio and/or video format (including voice, video recording, closed-circuit television and security recording), images (including photographs) and location tracking / GPS information;

(vii) Profile data, such as your username and password, orders related to you, your interests, preferences, feedback and survey responses;

(viii) Usage data, such as information on how you use the Services, view any content in our platform, including the time spent while using our platform, items and data searched for on our platform, access times and dates, as well as websites you were visiting before you came to our platform and other similar statistics;

(ix) Location data, such as when you capture and share your location with us in the form of photographs or videos and upload such content to our platform;

(x) Marketing and communications data, such as your preferences in receiving marketing from us and our third parties, your communication preferences and your chat, email or call history on our platform or with third-party customer service providers; and

(xi) Additional information we may request you to submit for due diligence checks as required for identity verification (such as copies of government-issued identification, e.g. passport, ID cards, etc.) or if we believe you are violating our Personal Data Protection Notice or our Terms of Use.

3. How we receive your personal data

3.1. We may receive personal data from you in the situations, as follows:

(i) When you browse our website (both mobile and web versions);

(ii) When you create an account with us;

(iii) When you make a transaction regarding the services/products available on our platform;

(iv) When you activate or use any payment-related functions available via the services/products on our platform or provided by our third-party service providers;

(v) When you use any of the features and functions available via the services/products on our platform;

(vi) When you log in to your account or otherwise interact with us via an external service or application, such as Facebook or Google.

3.2. We may collect personal data from you, third parties (including but not limited to agents, vendors, contractors, partners and any others who provide services to us, who collect your personal information and/or perform functions on our behalf, or with whom we collaborate, including but not limited to payment service providers, government sources of data, financial providers, credit bureaus, delivery, marketing and other service partners), our affiliates, or such data may be collected automatically when you use our services, as set out in this section. See also section 10 below on the collection of computer data.

3.3. Where we collect personal data from third parties and/or our affiliates, we will only collect your personal data, where permitted by law, for or in connection with the purposes for which those third parties or our affiliates are engaged, for the purposes of our collaboration with the third parties or affiliates, or for the requirement to carry out verification or due diligence checks. During the course of your use of the Services, you agree that you have provided your consent (whether to us, the third party or our affiliates) to the transfer of your personal data from third parties and/or our affiliates to XMUM for the purposes set out in this Personal Data Protection Notice or any other terms.

3.4. You must only submit personal data which is accurate and not misleading and you must keep it up to date and inform us of any changes to the personal data you have provided to us. We shall have the right to request for documentation and carry out the necessary checks to verify the personal data provided by you as part of our user verification processes or as required under law.

3.5. We will only be able to collect certain categories of personal data if you voluntarily provide the personal data to us or as otherwise provided for under this Personal Data Protection Notice. If you choose not to provide your personal data to us or subsequently withdraw your consent to our use of your personal data, we may not be able to provide you with certain features or functionality on our services or access to our platform.

3.6. If you provide personal data of any third party to us, you represent and warrant that you have obtained the necessary consent, license and permissions from that third party to share and transfer his/her personal data to us, and for us to collect, store, use and disclose that data in accordance with this Personal Data Protection Notice.

3.7. If you sign up to be a user on our platform using your social media account or link your XMUM account to your social media account or use certain other XMUM social media features, we may access personal data about you which you have voluntarily provided to your social media provider in accordance with the provider's policies and we will manage your personal data in accordance with this Personal Data Protection Notice.

4. Use and Disclosure of Your Personal Data

Purpose of Use

4.1. The personal data we collect from you or via third parties may be used for certain purposes, as follows:

(i) For academic purposes:-

a. to process your application for admission and thereafter to ensure continuous provision of academic and educational services to you (including recording the details of studies) and determining your academic achievements;

b. to provide ancillary services such as visa application and insurance coverage throughout your tenure of studies with us;

c. to assist you in placements, internships or attachments with third parties (where such internships, placements or attachments are required in order to complete your course);

d. to administer and communicate with you in relation to our tuition fees and other relevant payments;

e. to manage your use of our facilities and management of our events such as libraries, residences, computing facilities, graduations, alumni;

f. to operate our campuses in a manner which is physically safe, secure and befitting of health and safety requirements;

g. to process your request for any products and services;

h. to conduct and support internal marketing analysis and analysis of student patterns, choices and engagement with XMUM’s related companies, subsidiaries, holding companies and affiliate companies;

i. to be collected and stored into a central repository that is accessible by XMUM related companies, subsidiaries, holding companies and affiliate companies.

(ii) Processing your commercial transactions with us:-

a. to process orders you submit through our services;

b. to deliver the products you have purchased through our services. We may pass your personal information on to a third party (e.g. our logistics partner) or relevant regulatory authority (e.g. customs) in order to make delivery of the product to you;

c. to update you on the delivery of the products;

d. to provide customer support for your orders;  

e. to verify and carry out payment transactions (including any credit card payments, bank transfers, offline payments, remittances, or e-wallet transactions) in relation to payments related to you and/or our platform used by you. In order to verify and carry out such payment transactions, payment information, which may include personal data, will be transferred to third parties such as our payment service providers;

f. to administer and give effect to the commercial transaction;

g. to process any payments related to the commercial transaction;

h. for internal investigations, audit or security purposes;

i. to comply with XMUM's legal and regulatory obligations in the conduct of its business;

j. to contact you regarding product, services, upcoming events, promotions, advertising, marketing and commercial materials which we feel may interest you;

k. to ensure that the content from our website is presented in the most effective manner for you and for your computer and/or device; and

l. for XMUM’s internal records management.

(iii) Providing platform

a. To facilitate your use of our services or access to our platform;

b. To administer your account (if any) with us;

c. To display your name, username or profile on our platform;

d. To respond to your queries, feedback, claims or disputes;

e. To verify and carry out payment transactions (including any credit card payments, bank transfers, offline payments, remittances, or e-wallet transactions) in relation to payments related to you and/or our platform used by you;

f. In order to verify and carry out such payment transactions, payment information, which may include personal data, will be transferred to third parties such as our payment service providers.

(iv) Legal and operational purposes

a. To ascertain your identity in connection with fraud detection purposes;

b. To compare information, and verify with third parties in order to ensure that the information is accurate;

c. To process any complaints, feedback, enforcement action and take-down requests in relation to any content you have uploaded to our platform;

d. To produce statistics and research for internal and statutory reporting and/or record-keeping requirements;

e. To store, host, back up your personal data;

f. To prevent or investigate any actual or suspected violations of our Terms of Use, Personal Data Protection Notice, fraud, unlawful activity, omission or misconduct, whether relating to your use of our platform or any other matter arising from your relationship with us;

g. To perform due diligence checks;

h. To comply with legal and regulatory requirements (including, where applicable, the display of your name, contact details and company details), including any law enforcement requests, in connection with any legal proceedings, or otherwise deemed necessary by us.

(v) Analytics, research, business and development

a. To understand your user experience with our services;

b. To improve the layout or content of the pages of our platform and customise them for users;

c. To identify visitors on our platform;

d. To conduct surveys, including carrying out research on our users’ demographics and behaviour;

e. To improve our current technology (e.g. voice recognition tech, etc) via machine learning or other means;

f. To derive further attributes relating to you based on personal data provided by you (whether to us or third parties), in order to provide you with more targeted and/or relevant information;

g. To conduct data analysis, testing and research, monitoring and analysing usage and activity trends;

h. To further develop our products and services; and

i. To know our buyers/customers better.

(vi) Other

a. Any other purpose to which your consent has been obtained; and

b. To conduct automated decision-making processes in accordance with any of the above purposes.

Who we disclose your personal data to

4.2. We may share (or permit the sharing of) your personal data with and/or transfer your personal data to third parties and/or our affiliates for the above-mentioned purposes. These third parties and affiliates, which may be located inside or outside your jurisdiction, include but are not limited to:

(i) Service providers (such as agents, vendors, contractors and partners) in areas such as payment services, logistics and shipping, marketing, data analytics, market or consumer research, survey, social media, customer service, installation services, information technology and website hosting;

(ii) Their service providers and related companies; and

(iii) Other users of our platform

4.3. In disclosing your personal data to them, we endeavour to ensure that the third parties and our affiliates keep your personal data secure from unauthorised access, collection, use, disclosure, processing or similar risks and retain your personal data only for as long as your personal data is needed to achieve the above-mentioned purposes.

4.4. We may also share personal data in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we satisfy the requirements of applicable data protection law when disclosing your personal data.

4.5. We may transfer or permit the transfer of your personal data outside of your jurisdiction for any of the purposes set out in this Personal Data Protection Notice. However, we will not transfer or permit any of your personal data to be transferred outside of such jurisdiction unless the transfer is in compliance with applicable laws.

Third party services

4.6. We may share your personal data with our third party service providers or affiliates (e.g. payment service providers) in order for them to offer services to you other than those related to your use of our platform. Your acceptance and use of the third party service provider or our affiliate’s services shall be subject to terms and conditions as may be agreed between you and the third party service provider or our affiliate. Upon your acceptance of the third party service provider’s or our affiliate’s service offering, the collection, use, disclosure, storage, transfer and processing of your data (including your personal data and any data disclosed by us to such third party service provider or affiliate) shall be subject to the applicable privacy policy of the third party service provider or our affiliate, which shall be the data controller of such data. You agree that any queries or complaints relating to your acceptance or use of the third party service provider or our affiliate’s services shall be directed to the party named in the applicable privacy policy.

Withdrawal of Consent to Continued Use, Disclosure, Storing and/or Processing of Personal Data

4.7. You may communicate the withdrawal of your consent to the continued use, disclosure, storing and/or processing of your personal data by contacting us using the contact details below, subject to the conditions and/or limitations imposed by applicable laws or regulations.

4.8. Please note that if you communicate your withdrawal of your consent to our use, disclosure, storing or processing of your personal data for the purposes and in the manner as stated above or exercise your other rights as available under applicable local laws, we may not be in a position to continue to provide our services to you or perform any contract we have with you, and we will not be liable in the event that we do not continue to provide our services to, or perform our contract with you. Our legal rights and remedies are expressly reserved in such an event.

5. Updating Your Personal Data

5.1. It is important that the personal data you provide to us is accurate and complete for you to continue using our services and for us to provide our platform. You are responsible for informing us of changes to your personal data, or in the event, you believe that the personal data we have about you is inaccurate, incomplete, misleading, or out of date.

5.2. We encourage you to update and modify your information to make it more accurate and effective. You can access your information through our platform, and complete by yourself or request us to modify, supplement or delete it according to the management of corresponding information.

5.3. When accessing, updating, correcting, and deleting the above information, we may ask you to do identity verification to keep your information secure.

5.4. We take steps to share the updates to your personal data with third parties and our affiliates with whom we have shared your personal data if your personal data is still necessary for the above-stated purposes.

6. Accessing and Correcting Your Personal Data

6.1. You may request information about your personal data which we have collected, or enquire about the ways in which your personal data may have been used, disclosed, stored or processed by us via the personal account information setting on our platform or by contacting us using the contact details below. You may also request correction of any error or omission in your personal data which we have collected in the same way. In order to facilitate processing of your request, it may be necessary for us to request further information relating to your request. Where permissible under law, we may refuse such correction requests if deemed vexatious or unreasonable.

7. Security of Your Personal Data

7.1. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

8. Retention of Personal Data

8.1. We will only retain your personal data for as long as we are either required or permitted to by law or as relevant for the purposes for which it was collected.

8.2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data was collected, and is no longer necessary for any legal or business purpose.

9. Minors

9.1. XMUM does not sell products to minors (which is to be determined based on the applicable law), nor does it intend to provide any of our services or the use of our platform to minors. We do not knowingly collect any personal data relating to minors.

9.2. You hereby confirm and warrant that you are above the age of minority and you are capable of understanding and accepting the terms of this Personal Data Protection Notice. If you are a minor, you may use our platform only with the involvement of a parent or legal guardian.

9.3. As a parent or legal guardian, please do not allow minors under your care to submit personal data to XMUM. In the event that such personal data of a minor is disclosed to XMUM, you hereby consent to the processing of the minor’s personal data and accept and agree to be bound by this Personal Data Protection Notice and take responsibility for his or her actions.

9.4. We will not be responsible for any unauthorised use of our platform by yourself, users who act on your behalf or any unauthorised users. It is your responsibility to make your own informed decisions about the use of our platform and take necessary steps to prevent any misuse of our platform.

10. Collection of Computer Data

10.1. We or our authorised service providers may use cookies, web beacons, and other similar technologies in connection with your use of our platform.

10.2. When you visit our platform through your computer, mobile device, or any other device with Internet connectivity, our company servers will automatically record data that your browser sends whenever you visit a website, such as the technical data and usage data outlined in Section 2 above.

10.3. This data is collected for analysis and evaluation in order to help us improve our website and the services and products we provide, as well as to help us to personalise the content to match your preferred interests more quickly. The data is also collected to make our platform more convenient and useful to you, and to provide more relevant advertising related to market products, services and features to you.

10.4. Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. They allow us to recognise a particular device or browser. Web beacons are small graphic images that may be included on our platform. They allow us to count users who have viewed these pages so that we can better understand your preference and interests.

10.5. You may be able to manage and delete cookies through your browser or device settings. However, certain cookies are required to enable core functionality (such as adding items to your shopping basket), so please note that changing and deleting cookies may affect the functionality available on our platform or through our platform.

11. Third Party Sites

11.1. Our platform may contain links to other websites operated by other parties, such as our business affiliates, merchants or payment gateways. We are not responsible for the privacy practices of websites operated by these other parties. You are advised to check on the applicable privacy policies of those websites to determine how they will handle any information they collect from you.

12. Questions, Feedback, Concerns, Suggestions or Complaints

12.1. If you have any queries or complaints about this Personal Data Protection Notice or how we handle your personal data, please feel free to contact us enquiry@xmu.edu.my