🔒 Privacy Policy
Q10 Pharmacy — Voucher System & Digital Member Card
Last Updated: March 19, 2026
Effective Date: March 3, 2026
1. Introduction
Q10 Pharmacy ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our voucher system and digital member card, in full compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and relevant pharmaceutical regulations.
2. What Personal Data We Collect
A. Voucher System (Online)
When you sign up for a voucher via our website or spin wheel, we collect:
- Full Name (as per your IC/NRIC or Passport)
- Phone Number (mobile number for WhatsApp notifications)
- IC Number (for identity verification and to prevent duplicate claims)
- Voucher Usage Data (voucher code, redemption status, date of use)
- Outlet Information (which Q10 outlet you redeemed at)
B. Membership Registration (In-Store)
When you register as a Q10 member at our pharmacy counter, we collect:
- Full Name, IC Number, Phone Number, Address — required by Malaysian law for poison/drug sales records (Poisons Act 1952 & Sale of Drugs Act 1952)
- Drug Allergies & Medical Notes — for your safety during dispensing
🔒 Important: Your membership registration data (IC, address, allergies, medical notes) is stored only on our local pharmacy computer and is never uploaded to any cloud service or third-party server. Only your name and member ID are used for the digital member card.
C. Digital Member Card (Google Wallet)
When you add your Q10 member card to Google Wallet, the card contains:
- Your Name and Member ID only — the same information shown on a physical member card
- A barcode of your Member ID for scanning at the counter
Your phone number is used to look up your membership but is encrypted using SHA-256 (one-way encryption) and cannot be traced back to you. No IC number, address, or medical information is included in the digital card or stored on any cloud server.
3. Why We Collect Your Data (Purpose)
We collect your personal data for these specific purposes:
- To generate and manage your discount vouchers
- To verify your identity at redemption (prevent fraud)
- To send you voucher expiry reminders via browser notifications
- To prevent duplicate voucher claims (one voucher per customer per type)
- To issue and manage your digital member card
- To comply with Malaysian pharmaceutical regulations for poison/drug sales (Poisons Act 1952)
- To maintain allergy and medical notes for your safety during dispensing
- To analyze voucher program performance (anonymized data only)
- To comply with legal and regulatory requirements
4. Legal Basis for Processing
We process your personal data based on:
- Your Consent: You explicitly agree to provide your data when signing up
- Contract Performance: To fulfill our voucher offer to you
- Legitimate Interest: To prevent fraud and manage our business operations
5. How We Use Your Data
- Voucher Generation: Create your unique voucher code linked to your phone number
- Verification: Match your IC and phone number with voucher code at redemption
- Digital Member Card: Look up your membership using your phone number (encrypted) to display your name and member ID
- Google Wallet: Generate a digital member card or voucher pass for your Google Wallet (contains name and member ID only)
- Notifications: Send browser push notifications 5 days before expiry (if you enabled notifications)
- Drug Dispensing: Access your allergy and medical notes at the counter for safe dispensing (local system only)
- Analytics: Track total vouchers issued, redemption rates, and outlet performance (anonymized data)
- Customer Support: Staff can look up your voucher if you forget your code
6. How We Store and Protect Your Data
A. Membership Data (Local Storage — High Sensitivity):
- IC number, address, phone number, allergies, and medical notes are stored only on our local pharmacy computer (on-premises server, not connected to the internet)
- This data never leaves our pharmacy premises and is not uploaded to any cloud service
- Access restricted to authorized pharmacy staff only
B. Voucher Data (Cloud Storage — Minimal Data):
- Voucher codes, customer names, and usage data are stored on Cloudflare Workers KV (encrypted cloud storage, Asia-Pacific region)
- Phone numbers used for member card lookup are encrypted using SHA-256 (irreversible one-way encryption) — even in the event of a data breach, your phone number cannot be recovered
- Access restricted to authorized staff only (password-protected admin panel)
C. Google Wallet (On Your Device):
- Your digital member card and voucher passes are stored on your own device via Google Wallet
- Contains only your name and member ID — no sensitive personal information
- You can remove the card from Google Wallet at any time
Security Measures:
- ✅ HTTPS encryption for all data transmission
- ✅ SHA-256 encryption for phone number lookups
- ✅ Admin dashboard requires password authentication
- ✅ Outlet staff use PIN codes to redeem vouchers (prevents unauthorized redemption)
- ✅ Sensitive data (IC, address, medical) stored only on local pharmacy systems
- ✅ No public access to customer database
- ✅ Regular security audits and updates
7. Who We Share Your Data With
We do NOT sell your data to third parties.
We only share your data with:
- Q10 Staff: Pharmacists and cashiers at our outlets (for voucher verification and dispensing)
- Cloudflare: Our cloud infrastructure provider — stores only voucher data and encrypted phone lookups (under strict data processing agreements)
- Google: When you choose to add a member card or voucher to Google Wallet — only your name and member ID are shared with Google (no IC, address, or phone number)
- Legal Authorities: If required by Malaysian law or court order
8. How Long We Keep Your Data
- Active Vouchers: Stored until expiry date + 30 days
- Redeemed Vouchers: Kept for 2 years (for financial records and tax purposes)
- Expired Unused Vouchers: Deleted after 90 days
- Membership Data (Local): Kept for as long as your membership is active, or as required by pharmaceutical regulations for drug dispensing records
- Digital Member Card Data (Cloud): Name and member ID kept for as long as your membership is active; updated every 15 minutes from our local system
After these periods, your data is permanently deleted from our systems. You may also request deletion at any time (see Section 9).
9. Your Rights Under PDPA 2010
You have the following rights:
- Right to Access: Request a copy of your personal data we hold
- Right to Correction: Ask us to correct inaccurate information
- Right to Withdraw Consent: Stop us from processing your data (note: this may prevent voucher use)
- Right to Data Portability: Request your data in a common format
- Right to Complain: Lodge a complaint with the Personal Data Protection Commissioner
10. Browser Notifications
Our voucher pages request permission to send browser notifications. These are:
- Optional: You can decline notification permission
- Limited: Only 1-2 reminders before voucher expiry
- Privacy-Friendly: Notifications are stored locally on your device
- Controllable: You can disable them anytime in browser settings
11. Cookies and Tracking
Our voucher system uses minimal tracking:
- Session Storage: To remember if you dismissed notification prompts (cleared when you close browser)
- Local Storage: To save your voucher code for quick access (only on your device)
- No Third-Party Cookies: We don't use Google Analytics, Facebook Pixel, or other trackers
12. Children's Privacy
Our voucher system is intended for adults (18+). We do not knowingly collect data from children under 18. If we discover we have collected data from a minor, we will delete it immediately.
13. About IC Number Collection
We understand that providing your IC number is a sensitive matter. Here is why we require it and how we protect it:
- Legal Requirement: Malaysian law (Poisons Act 1952, Sale of Drugs Act 1952) requires pharmacies to record customer identification for certain drug and poison sales
- Fraud Prevention: IC verification prevents duplicate voucher claims and ensures only genuine customers receive discounts
- Where It's Stored: Your IC number is stored only on our local pharmacy computer — it is never uploaded to any cloud service, website, or third-party server
- Who Can Access It: Only authorized pharmacy staff at the counter can view your IC number
- Not on Digital Cards: Your IC number does not appear on your digital member card or voucher — only your name and member ID are shown
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be notified via a banner on our website.
15. Data Protection Officer
For privacy matters, you can contact our Data Protection Officer:
Name: Q10 Pharmacy Management
Contact: Visit any Q10 outlet or call the numbers below
⚠️ Important: By signing up for a voucher or using the digital member card, you confirm that:
- You have read and understood this Privacy Policy
- You consent to the collection and use of your data as described
- The information you provide is accurate and complete
- You are 18 years old or above
- You understand that sensitive data (IC, address, allergies) is stored only on our local pharmacy system and never uploaded to any cloud service
16. Governing Law
This Privacy Policy is governed by the laws of Malaysia. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the Malaysian courts.
17. Compliance
We comply with:
- Personal Data Protection Act 2010 (PDPA) - Malaysia
- Personal Data Protection Standards issued by the Commissioner
- Industry best practices for data security and privacy
Questions or concerns? Contact us via WhatsApp (011-5681186 / 011-6586090) or visit any Q10 Pharmacy outlet.
← Back to Q10 Pharmacy