PERSONAL DATA PROTECTION ACT 2010
We are writing to you in regards with the Personal Data Protection Act 2010 (PDPA) recognising the importance of protecting your personal information and is committed to the compliance of the Act as per the Notice below.
- For purposes of this document, the expression “personal data” shall bear the meaning as defined by the Personal Data Protection Act 2010 (“PDPA”), and includes “sensitive personal data” (as also defined by the PDPA).
- Where applicable, and in relation to any personal data that may have been or may from time to time hereafter be provided by or on behalf of such provider of personal data and/or obtained independently by the company from other lawful sources (if any) in connection with a commercial transaction: -
2.1 the data provider covenants that the provider of such personal data has acknowledged, confirmed and consented to the company, and
2.2 the data provider hereby acknowledges, confirms and consents to the company collecting, recording, holding, storing, using, dealing with and otherwise processing such personal data, for any of the following purposes:-
(i) for the company’s record-keeping in the ordinary course of its business;
(ii) to administer and give effect to the commercial transaction and the management and/or enforcement thereof, and to contact and communicate with the data provider and/or the organization and/or such other persons or companies as represented by the data provider;
(iii) to enable the company to inform the data provider and/or the organisation and/or such other persons or companies represented by the data provider regarding the company’s products, services, upcoming events, promotions, advertising, marketing and commercial materials (including emails, SMS or other means) and/or to be used in, to provide and/or to improve the services of the company, analysing consumption patterns and choices, market surveys, processing invoices and payments (including card payments) and providing other services to enhance and support the relationship of the data provider and/or the organization and/or such other persons or companies represented by the data provider;
(iv) to enable the company’s compliance with its obligations under any law, rule, regulation, by-law, order, guideline, directive, policy and such other requirements in force and as amended from time to time relating to the commercial transaction and/or relating to the conduct of the business or activities of the company. The data provider, the organization and/or such other persons or companies represented by the data provider respectively referred to above further acknowledge that information given or the request made by the data provider and/or the organisation and/or such other persons or companies represented by the data provider leading to the provision of any personal data is sufficient, accurate, complete and not misleading, and that such personal data is provided voluntarily and is necessary for the purposes set out above.
- Where personal data is requested, the data provider, the organization or such other persons or companies represented by the data provider has the option not to provide additional information requested other than the information which the company has indicated as necessary to facilitate the commercial transaction. If data provider does not complete the required fields for itself or on behalf of the organization or such other persons or companies represented by the data provider as the case may be, the company will not be able to offer the services and/or fulfil the request of data provider and/or the organization and/or such other persons or companies represented by the data provider.
- In connection with the purposes above, the company is hereby permitted to disclose such personal data to the relevant authorities, the company’s successor in interest, sponsors, advertisers, solicitors, insurers, adjusters, other advisers, suppliers, contractors and/or service providers, and the company’s parent company, related and associated companies, affiliates and partners, some of whom may be outside Malaysia, who may undertake administrative, management and operational functions for or on behalf of the company in respect of or arising from the commercial transaction or to support sales, marketing, promotion and/or advertising efforts.
- In the event of a sale of business, disposal, acquisition, merger or reorganisation involving the company or the assets of the company to another party, personal data may be required to be disclosed and/or transferred to the other party as part of the process of sale, disposal, acquisition, merger or reorganisation. The data provider acknowledges and covenants that the provider of such personal data has acknowledged, confirmed and consented to the company that such disclosure and transfer may occur and hereby permit the company to release the personal data to the other party and its advisers and representatives and that the other party has the provider’s consent to process such personal data.
- The provider of such personal data may request in writing for access to and to request for correction of personal data in accordance with the PDPA. In the event of such request, or if the provider of such personal data has an inquiry or complaint in respect of the company’s handling of such personal data, the provider can contact the company at the company’s office at Block E-1-49, Jalan PJU 1/45, Aman Suria Damansara, 47301 Petaling Jaya Selangor Darul Ehsan. (Tel: +603 7805 2528, Fax: +603 7805 5268).
- In the event of any inconsistency between the English version and the Bahasa Malaysia version of the PDP clauses, the English version shall prevail over the Bahasa Malaysia version.