Tongle is deeply committed to safeguarding your personal information and upholding your privacy rights.

**INTRODUCTION**

As per data protection regulations, we are obligated to furnish you with essential details about our identity, the manner in which we process your personal data, the purposes for which we do so, and your rights concerning your personal information. This policy is designed to provide you with this crucial information, and it’s imperative that you review it thoroughly.

This policy (along with our end-user license agreement, available at (https://about.tongle.space/) (referred to as the EULA), or as presented to you when you initially use or install our Platform (as defined in the EULA), and any supplementary terms of use that are incorporated by reference into the EULA, collectively referred to as our “Terms of Use”), is applicable to:

1. Your use of all iterations of our Platform: This includes versions accessible as an app on your mobile device (Mobile Platform) or via our website (Web Platform). This applies once you have downloaded or streamed a copy of the Platform onto your personal computer, mobile phone, handheld device, or any other suitable electronic device (Device).

2. Any other interactions with us: Whether through phone, computer, or any other means, this policy governs the processing of your personal data conducted by us.

Our Platform is not intended for use by, or for the collection of personal data related to, children under the age of 16 years, and we do not knowingly collect data concerning children. Authorized Users (Employees) have the capability to allocate and withdraw up to 3 (three) access licenses to friends or family members who are over the age of 16 years.

Please carefully review the following information to comprehend our procedures regarding your personal data and how we will manage it.

WHO WE ARE

Tongle is operated by a company registered in Selangor, Malaysia. Our company is registered under company registration number 202201029335 (1475032-T)with our registered address at Block A Unit 07-10, Kelana Center Point, SS 7, 47301 Petaling Jaya, Selangor. We are the data controller responsible for your personal data, and throughout this policy, we will be collectively referred to as “we,” “us,” or “our.”

CONSENT

Before installing or accessing the Tongle Platform, you will be required to provide your consent to our processing of your personal data, where ‘consent’ is identified as the appropriate lawful basis, as explained in this policy.

How you can withdraw consent

Once you have granted your consent for us to process your personal data for specific processing activities (as outlined in our online registration form), you retain the option to change your decision and withdraw your consent at any time by reaching out to us. However, please note that withdrawing your consent will not affect the legality of any processing conducted prior to your withdrawal.

Certain information, including some of your health-related data, may still need to be retained, but only when it is strictly necessary for insurance purposes or other legal obligations. We will promptly delete any information that is not strictly required for fulfilling our own legal obligations in accordance with data protection laws. It’s important to mention that we will be unable to remove data you’ve provided if it has already been fully anonymized as part of an aggregated data set, which, as described below, does not reveal any individual’s identity.

THE DATA WE COLLECT ABOUT YOU

At Tongle, we may gather, utilize, store, and transmit various categories of personal data concerning you, including:

1. Identity Data.
2. Contact Data.
3. Health Data (Special Category).
4. Device Data.
5. Content Data.
6. Profile Data.
7. Usage Data.
8. App Data.
9. Marketing and Communications Data.

It’s essential to note that we will collect data pertaining to your health, which is classified as “Special Category” personal data under data protection laws.

We do not gather any information concerning criminal convictions or offenses. In cases where we collect Special Categories of Personal Data related to you, we will request your explicit consent for processing this information. Your consent will only be sought again if the purpose of our data processing changes.

Moreover, we do not collect financial or transaction data if access to our services is provided by your employer, a family member, or a friend.

DESCRIPTION OF CATEGORIES OF PERSONAL DATA

At Tongle, we classify personal data into the following categories:

1. Identity Data:This comprises your first name, last name, username or a similar identifier, age, and gender.

2. Contact Data:This category encompasses your email address.

3. Health Data: Our Health Data category includes information concerning your health and well-being, which encompasses Mental Health aspects such as stress, anxiety, and depression.

4. Device Data:Device Data encompasses details about the mobile device you utilize. It includes a unique device identifier (such as your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number associated with the Device), mobile network information, your mobile operating system, the type of mobile browser you use, and your time zone settings.

5. Content Data:Within this category, we consider log-in information stored on your Device and any digital content that you may upload to the Tongle Platform, including items like your profile photo.

Profile Data:This category encompasses details like your username and password, your interests, preferences, feedback, and survey responses.

Usage Data:Usage Data includes information regarding your utilization of the Tongle Platform or your visits to our websites. This data comprises, but is not limited to, traffic information, other communication data, and the specific resources you access during your interactions.

Marketing and Communications Data: In this category, we consider your preferences related to receiving marketing communications from Tongle.

App Data:App Data includes information about whether you are accessing the Tongle Platform through a mobile application.

AGGREGATED DATA AND ANONYMIZATION

At Tongle, we may collect, utilize, and share aggregated data, such as statistical or demographic data, to serve the purpose of providing your employer with an anonymized overview of workforce well-being. Aggregated data may be derived from your personal data, including Health Data, but is not considered personal data under the law, as it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to determine the percentage of users accessing a specific feature on the Platform. However, if we combine or link aggregated data with your personal data in a way that could directly or indirectly identify you, we treat the combined data as personal data, which will be processed in accordance with this privacy policy.

Additionally, we may utilize anonymized data, including Health Data, for research and scientific purposes, aimed at enhancing the delivery of our services.

For the anonymization of your personal data, we will rely on either legitimate interests or explicit consent as the lawful basis. If you do not wish for your data to be used in this manner, even though the source of the data cannot be discerned, or if you have given explicit consent and later decide to withdraw it, kindly get in touch with us. It is important to note, however, that due to the method of anonymizing and aggregating data, we may not be able to identify and remove your data from reports or research that has already utilized it prior to your consent withdrawal or opt-out date. In cases where you withdraw consent for the use of your health data, we may also be unable to provide certain other services to you.

We will collect and process the following data concerning you:

Information you provide: This encompasses information, including Identity, Contact, and Marketing and Communications Data, which you provide to us. You may provide this information when you complete forms while using the Tongle Platform or when you engage in correspondence with us, such as through email or chat. This includes the data you furnish when you register to use our Platform, download or register for the first time, subscribe to any of our services, search for our Platform or services, share data via the social media functions of our app, participate in competitions, promotions, or surveys, and when you report any issues with the Platform, our services, or our websites. Please be aware that if you get in touch with us, we will maintain a record of that interaction.

Information we receive from other sources, including third parties and publicly available sources:

At Tongle, we may obtain personal data about you from various third-party sources and publicly accessible sources, as outlined below:

1. Device Data: We may receive Device Data from analytics providers such as Google, which may be based outside the EU.

3. Identity Data, Contact Data, Health Data (Special Category), Financial Data, Transaction Data, Device Data, Content Data, Profile Data, Usage Data, App Data, and Marketing and Communications Data:** These categories of data may be received from third-party IT service providers or mobile application marketplaces. These providers are responsible for the operation and management of our Platform and Services, strictly following our instructions and not utilizing the data for their own purposes.

4. **Identity Data and Contact Data:** These details may be provided by your employer to verify your employment status.

5. **Identity Data and Contact Data:** Authorised Users may provide these details to offer you access to our Platform through the Friends and Family scheme.

Unique application identifiers. 

When you intend to install or remove a Tongle service featuring a unique application identifier, or when such a service checks for automatic updates, that identifier and installation-related data, such as your operating system type, may be transmitted to us.

HOW WE USE YOUR PERSONAL DATA

At Tongle, we will utilize your personal data only in cases where the law permits us to do so. Typically, we will employ your personal data in the following circumstances:

1. With your prior consent.
2. When it is necessary to fulfill a contract that we are either in the process of entering into or have already entered into with you.
3. When it is required for our legitimate interests, or the interests of a third party, provided that your interests and fundamental rights do not take precedence over these interests.
4. When we need to comply with legal or regulatory obligations.
5. In cases where it is essential to safeguard your vital interests, particularly when you are unable to provide consent.

Whenever we collect personally identifiable information through our digital platforms and website, we will adhere to the mentioned principles and provide clear information about our intended use of this data.

MARKETING

At Tongle, we uphold a policy of not sharing your personal data with any third parties for marketing purposes.

DATA SECURITY

At Tongle, we have implemented robust security measures to prevent the accidental loss, unauthorized access, use, or disclosure of your personal data, as well as any unauthorized alterations. Additionally, we restrict access to your personal data to individuals such as employees, agents, contractors, and other relevant third parties who have a legitimate business need to access this information. They are authorized to process your personal data solely in accordance with our instructions and are bound by confidentiality obligations.

Furthermore, we have established procedures to address any suspected breaches involving personal data and, when legally mandated, will promptly notify you and the relevant regulatory authorities of such breaches.

DATA RETENTION

At Tongle, your personal data is retained only for the duration that you maintain an active account with us. We ensure the secure deletion of your personal data under the following circumstances:

1. When you request an account closure by contacting us.

2. If your employer terminates their commercial agreement with Tongle.

YOUR LEGAL RIGHTS

Under specific circumstances, you possess certain rights in connection with your personal data as dictated by data protection laws:

– The right to access your personal data.

– The right to correct your personal data.

– The right to request the erasure of your personal data.

– The right to restrict the processing of your personal data.

– The right to data portability.

– The right to withdraw your consent.

– The right to object to the processing of your personal data.

Furthermore, you have the entitlement to request that we cease processing your personal data for marketing purposes.

You may exercise any of these rights at any time by reaching out to us at hello@tongle.space.

We regularly review and update our privacy policy to ensure its relevance and effectiveness.

This version was last revised in September 2023. Please be aware that it may be subject to changes, and in such cases, these revisions will be posted on this page. When applicable, we will also notify you of these changes via email the next time you access the Tongle Platform or log in to one of our Platform Sites. The updated policy may be presented on your screen, and you may be required to review and accept the changes to continue using the Platform or our services.

Maintaining accurate and current personal data is crucial. Kindly keep us informed if there are any changes to your personal data during our association with you.

Third-Party Links

Occasionally, our Tongle Platform may feature links to external websites maintained by our partner networks, advertisers, and affiliates. It is important to acknowledge that these websites, as well as any services that they offer, are governed by their individual privacy policies. We do not assume any responsibility or liability for these policies or for the collection of personal data, including Contact Data and Identity Data, on these websites or through these services.

We strongly recommend that you review these privacy policies before sharing any personal data on these websites or engaging with their services.

GLOSSARY

Lawful Basis

Consent:This pertains to the processing of your personal data when you have expressed your agreement through a statement or clear opt-in for a specific purpose. Consent is deemed valid when it is freely given, specific, informed, and an unambiguous indication of your intentions. You have the option to withdraw your consent at any time by contacting us.

Legitimate Interest:Refers to the interest of our business in conducting and managing our operations to provide you with the best service, product, and the most secure experience. We ensure that we carefully assess and balance any potential impact on your rights and interests (both positive and negative) before processing your personal data for our legitimate interests. We do not employ your personal data for activities where our interests are outweighed by the impact on you, unless we have your consent or are obligated or permitted by law. You can obtain further details about how we evaluate our legitimate interests against their impact on you in relation to specific activities by reaching out to us.

Performance of Contract:This refers to processing your data when it is necessary for the execution of a contract to which you are a party, or when we need to take steps at your request before entering into such a contract.

Compliance with a Legal Obligation: Entails processing your personal data when it is necessary to comply with a legal obligation that we are bound by.

Protecting Your Vital Interests:Encompasses processing your data when your vital interests are at risk, particularly in emergency situations. In such cases, we carefully consider and balance any potential impact on your rights and interests (both positive and negative) before processing your personal data under this justification.

YOUR LEGAL RIGHTS

You possess the following rights:

1. Request access: You can ask for access to your personal data, typically referred to as a “data subject access request.” This allows you to obtain a copy of the personal data we have about you and verify that we are processing it lawfully.

2. Request correction: You have the right to request correction of any incomplete or inaccurate personal data we hold about you. We may need to verify the accuracy of any new data you provide.

3. Request erasure:You can request the deletion or removal of your personal data when there is no valid reason for us to continue processing it. You also have the right to request deletion or removal when you have successfully exercised your right to object to processing, when your information has been processed unlawfully, or when we are obliged to erase your personal data to comply with local law. Please note that there may be specific legal reasons why we cannot always fulfill your erasure request, and we will inform you of these reasons if applicable at the time of your request.

4. Object to processing:You can object to the processing of your personal data when we rely on a legitimate interest (or that of a third party), and there is something about your specific situation that leads you to object to processing due to its impact on your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. In certain instances, we may demonstrate that we have compelling legitimate grounds to process your information, which outweigh your rights and freedoms.

5. Request restriction of processing: You have the right to ask us to suspend the processing of your personal data in the following scenarios:

   (a) If you want us to verify the data’s accuracy.

   (b) When the use of the data is unlawful, but you prefer not to have it erased.

   (c) When you need us to keep the data even if we no longer require it because you need it to establish, exercise, or defend legal claims.

   (d) When you have objected to our use of your data, but we need to verify whether we have compelling legitimate grounds to use it.

6. Request data transfer:You can request the transfer of your personal data to yourself or a third party. We will provide your personal data in a structured, commonly used, machine-readable format to you or a third party of your choice. It’s important to note that this right applies only to automated information for which you initially provided consent for us to use or where we used the information to fulfill a contract with you.

7. Withdraw consent:If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawing your consent will not affect the legality of any processing carried out before you withdrew your consent. We will notify you if this withdrawal of consent affects our ability to provide certain products or services to you at the time of withdrawal.