CyberSecurity Malaysia (“we”, “us”, “our”) built the Mobile Assessment Security Scanning Application (“App”) as a free application. The service provided by CyberSecurity Malaysia through the App (“Service”) is provided at no cost and is intended for use as-it is.

This Privacy Policy is used to inform users of the App (“you”, “your”) regarding our policy in respect of the collection, use, and disclosure of personal data collected via the App and Service.

For the avoidance of doubt, this Privacy Policy applies strictly with regards to CyberSecurity Malaysia’s processing of information collected and processed by the App. If you choose to further avail of any other services provided by CyberSecurity Malaysia based on the results obtained from your use of the App (e.g. where you decide to lodge an incident report to CYBER999), note that the relevant Privacy Policy issued to users for such separate service shall apply with respect to any information which you provide or which is collected pursuant to the said service. As such, we encourage that you read and understand the relevant Privacy Policy for such services before you use the same.

By choosing to use our App and Service, you agree to our collection and use of all personal data provided by you or as collected from you in the course of your use of the App and Service, as described in this Privacy Policy. The personal data that we collect is strictly used for providing and improving the App and Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions (which is accessible via the App), save where any terms have been otherwise defined in this Privacy Policy.

 

Information Collection and Use
For a better experience while using our App and Service, we may require you to provide us with certain personal data. Personal data provided by you will be retained by us and used as described in this Privacy Policy. In providing the Service, we also engage the services of third parties that may collect information used to identify you (for the purposes which are further explained below).

 

Information Collected by the App

  • Details relating to App Usage

During your use of the App, the App will collect and store certain information relating to your use and interaction with the App on an automatic basis. We will use the information collected for analytics purposes, to enable us to further optimise and improve the App based on user use patterns, and to help us detect any potential threats or abuse. The information collected may include details on how you use the App, User-Agent data, Internet Protocol (“IP”) address, browser type, standard HTTP request headers, referral URLs, device name, operating system version, the configuration of the device when utilizing the App, the time and date of your use of the App and Service, and other statistics.

  • Samples of malware detected by the App

The purpose and function of the App is to assist in detecting potential malware on your device. In this regard, the App will collect samples of potential malware from your device and will submit the malware samples to our back-end server for further assessment. In doing so, the App will log details such as your User-Agent and IP address. These data points are used to provide analytics that allow us to optimize the App based on actual use patterns and help us detect abuse (such as DDoS and other attacks). User-Agent data are only analysed and used at an aggregate level for statistical purposes and are not tied to unique users or individuals.

  • Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory. The App and Service does not use these “cookies” explicitly. However, the App may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

 

Disclosure of Your Personal Data

  • Service Providers

We may employ third-party companies and individuals (from within or outside Malaysia) for the following reasons:
o    To facilitate our App and Service;
o    To provide the App and Service on our behalf;
o    To perform App and Service-related services; or
o    To assist us in analysing how our App and Service is used.

In order to perform the tasks assigned by us, these third parties may have access to your personal data, or we may be required to disclose your personal data to them. However, we have put in place the necessary measures to ensure that such third parties are under obligations not to disclose or use the information for any other purpose.

  • Disclosures to CyberSecurity Malaysia Incident Units

Where any potential malware is detected by the App, we will share all relevant information collected by the App with the relevant unit(s) within CyberSecurity Malaysia tasked to further investigate the incident.

 

Security
We value your trust in providing us with your personal data, thus we will strive to use commercially acceptable means of protecting it. Notwithstanding this, please note that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and as such we cannot guarantee the absolute security of your personal data.

 

Links to Other Sites
This App and Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the privacy policies of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 

Privacy of Minors
The App and Services are not intended to be used by any individual under the age of 13. We do not knowingly collect personal data from minors (i.e. any person under the age of 18). In the case we discover that a minor has provided us with personal data, we will immediately delete the relevant data from our servers. If you are a parent or guardian and you are aware that a minor under your care or responsibility has provided us with personal data, please contact us so that we will be able to carry out the  necessary actions.

If you provide us with any personal data belonging to a minor, you warrant that you are the parent, legal guardian, or person with parental responsibility over such minor, and you have the necessary authority to provide such personal data to us.

 

What If Personal Data Provided By You Is Incomplete?
We will only collect and process such personal data as needed to provide you with the Services. If you do not provide us with your personal data, we may not be able to effectively provide you with the Services.

 

Your Rights to Access and Correct Your Personal Data
You have the right to request for access to, request for a copy of and request to update or correct, your personal data held by us. You also have the right at any time to request us to limit the processing and use of your personal data, subject to our right to rely on any statutory exemptions and/or exceptions to collect, use and disclose your personal data.
 
Your written requests or queries should be addressed to:

Data Protection Officer : Ts.Dr.Solahudin bin Samsudin
Contact No.                : 03-8800 7999
Fax No.                      : 03 8008 7000
Email Address            : solahudin[at]cybersecurity.my

 

Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

 

Language
In accordance with Section 7(3) of the PDPA, this Privacy Policy is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.