PDPA Policy
1. Purpose
- The Personal Data Protection Act 2010 of Malaysia (“Act”) regulates the processing of personal data in commercial transactions. The Act requires the Company to inform data subjects about personal data that is collected from them and processed by the Company.
- This Policy serves to help you to understand the purposes for which we collect, use and disclose your personal data.
2. Scope
- Definition
- The terms “personal data”, “processing”, “commercial transactions”, “data subject” and “relevant person” used in this Policy shall have the meaning prescribed in the Act.
- The expression “we” or “us” shall refer to the Company including its subsidiaries, related or associated companies.
- you are using your actual identity;
- The expression “you” or “your” shall refer and include employees, potential employees, former employees, interns, clients, customers, potential customers, vendors, suppliers, contractors, sub-contractors, service providers, distributors, and/or relevant persons such as family members, guardians, parental authorities, dependants, or referees of employee/potential employee/former employee, and authorized representatives receiving, obtaining goods/services from or providing goods/services to the Company.
- Types of Personal Data and Sources of Personal Data
- The personal data voluntarily provided by you, your family members, guardians, parental authorities, recruitment agents, your current or previous employer, or your company, during your course of dealings with us in any way or manner including pursuant to any commercial transactions and/or communications made from/with us such as at events organized or participated by the Company and/or obtained independently by us from other lawful sources (if any such as from public depositories, trade/online directories, credit reporting agencies, public domain and other authorized third parties) in our forms, agreements, website, and/or other similar documents may include information concerning your name, address (such as correspondence and permanent address), phone numbers (such as mobile phone, home and office phone numbers), facsimile numbers, email address, identity card number, passport number, specimen signature, age, date of birth, place of birth, gender, weight, height, race, nationality, marital status, country of permanent residence, company name, occupation, salary, job position, vehicles information, sponsoring body details, referee information (such as name of referee, job position, address, contact number and email address), previous examination results, transcripts, academic qualifications, academic records, bank details (such as name of bank, bank’s address and bank account number), images (including photographs) information in audio and/or video format, closed-circuit television (“CCTV”) and security recording, and Sensitive Personal Data (as defined below) (collectively, “Personal Data”).
- The “Sensitive Personal Data” that you provide or have provided to the Company includes but is not limited to, information as to your race or ethnic origins, your physical or mental health or condition, your medical records, your religious or philosophical beliefs or other beliefs of a similar nature, your commission or alleged commission of any offence or any other Personal Data which is sensitive in nature.
- You hereby confirm that the Personal Data given by you, or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”, which may include your job placement agent), after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the Act or other laws is sufficient, accurate, complete and not misleading and that such Personal Data is necessary for us to provide a commercial or employment related transaction.
- If the Personal Data given by you or obtained from you (or your authorised representative) is inaccurate or is out of date, you shall notify the Company promptly.
- If you choose not to provide such Personal Data or if such Personal Data is insufficient, inaccurate, incomplete and/or misleading, the Company may not be able to provide you with the goods/services you require or the required level of service, or as an employee, you may not be able to enjoy the benefits provided to you as part as your employment with the Company, or as a supplier, vendor, contractor, or sub-contractor of the Company, the Company may not be able to purchase goods and services from you, or as a distributor, the Company may not be able to supply goods and services to you.
- Purposes of Collecting Personal Data
We will process Personal Data in connection with any employment or commercial transactions for any of the following purposes:- to communicate with you;
- to facilitate, process, deal with, administer, manage and/or maintain your relationship with us;
- to consider and/or process your application/transaction with us;
- to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
- to facilitate your participation in, and our administration of, any events including meetings, talks, celebrations, road shows, contests, promotions or campaigns;
- to provide you with information and/or updates on our products, services, upcoming promotions or events offered and/or organized by us from time to time by SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels;
- to share any of your Personal Data with our business partners to jointly develop products and/or services or launch marketing campaigns;
- to monitor, review and improve our events and promotions, products and/or services;
- public disclosure and use of your Personal Data, images, photographs, voice and video recording for publicity purposes without payment or compensation;
- to conduct credit reference checks and establish your credit worthiness, where necessary, in providing you with the products, services and/or facilities;
- to administer and give effect to your commercial transactions with us;
- to process any payments related to your commercial transactions with us;
- to maintain and improve customer relationship;
- For any purposes connected with your employment including but not limited to payroll administration, entitlements and benefits, performance monitoring, training and development planning, career development, health and safety administration, succession and contingency planning;
- to facilitate special requirements such as those relating to any disability or medical condition;
- to communicate with family members, guardians and authorized representatives in the event of emergency or accident;
- for internal administrative purposes;
- for our storage, hosting back-up (whether disaster recovery or otherwise) of your Personal Data, whether within and/or outside Malaysia;
- to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
- to carry out due diligence or other monitoring or screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by us;
- to detect, investigate and prevent any fraudulent, prohibited or illegal activity or omission or misconduct;
- for audit, risk management, compliance and security purposes;
- to enable us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- to transfer or assign our rights, interests and obligations under any agreements entered into with us;
- to meet any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- to comply with or as required by any request or direction of any governmental authority or responding to requests for information from public agencies, ministries, statutory bodies or other similar authorities;
- to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
- for the purposes set out in our Recruitment PDPA Notice, Security PDPA Notice, and Marketing PDPA Notice; and/or
- for other purposes required to operate, maintain and better manage our business and your relationship with us.
- Disclosure of Personal Data (Within and/or Outside Malaysia)
You hereby consent and authorize us to disclose your Personal Data to third parties where necessary for the following purposes:-- our employees, consultants, accountants, auditors, lawyers, advisers, agents, contractors, vendors, co-marketing partner, vendor, suppliers, contractors, sub-contractors, service providers, insurance companies, merchants, distributors and/or financial institutions to provide support and services;
- the Company’s group of companies including the Company’s parent/holding company, subsidiaries, related and associated companies;
- successors-in-title to us;
- any third party (and its advisers/representatives) in connection with any proposed or actual re-organization, merger, sale, consolidation, acquisition, joint venture, assignment, transfer, funding exercise or asset sale relating to any portion of the Company;
- your immediate family members and/or emergency contact person as may be notified to us from time to time;
- any party in relation to legal proceedings or prospective legal proceedings;
- our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us;
- professional bodies, accreditation bodies or statutory regulatory bodies;
- foreign embassies and agencies appointed by the foreign embassies;
- Malaysian Immigration Department;
- government agencies, law enforcement agencies, courts, tribunals, regulatory bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any jurisdiction, if required or authorized to do so, to satisfy an applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities such as but not limited to the Inland Revenue Board, the Employees’ Provident Fund Board, the Social Security Organisation and Bank Negara Malaysia;
- our business partners, third party product and/or service providers, suppliers, vendors, contractors or agents, on a need-to-know basis, that provide related products and/or services in connection with our business, or discharge or perform one or more of the above purposes and other purposes required to operate and maintain our business;
- payment channels including but not limited to financial institutions for purpose of assessing, verifying, effectuating and facilitating payment of any amount due to us in connection with your purchase of our products and/or services;
- any party nominated or appointed by us either solely or jointly with other service providers, for purpose of establishing and maintaining a common database where we have a legitimate common interest;
- data centers and/or servers for data storage purposes;
- storage facility and records management service providers;
- any person under a duty of confidentiality to which has undertaken to keep your Personal Data confidential which we have engaged to discharge our obligations to you; and/or
- any other person reasonably requiring the same in order for us to operate and maintain or carry out our business activities.
- You agree not to hold the Company responsible for any loss or damage suffered arising from any access by third party where the Company has taken reasonable steps to protect the personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, errors in transmission, alteration or destruction.
- Notwithstanding the aforesaid, the Company may process your Personal Data without your consent if it is permitted under the Act, or any other relevant legislation.
- Right to Access and/or Correct Personal Data
- To the extent that the applicable law allows, you have the right to request for access to, request for a copy of, request to update or correct, your Personal Data held by us and to request us to limit the processing and use of your Personal Data (such as to stop sending promotional materials to you).
- In addition, you also have the right, by notice in writing, to inform us on your withdrawal (in full or in part) of your consent given previously to us subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be effected. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will not be able to continue with your existing relationship with us or the contract that you have with us will have to be terminated.
- Notwithstanding the foregoing, we reserve our rights to rely on any statutory exemptions and/or exceptions to collect, use and disclose your Personal Data.
- If you would like to request for access to or correction of your Personal Data or limit the processing of your Personal data, make any inquires or complaints, please contact:-
everlas@everlas.com - However, please note that the Company has the right to refuse your request to access and/or make any correction to your Personal Data in certain situations, which include but are not limited to situations when the Company is unable to confirm your identity or where the information requested for is of a confidential commercial nature or in the event that the expense of providing such access is disproportionate to the risks to your privacy or where the processing of your Personal Data is being controlled by any third parties which prohibits the Company from complying (whether in whole or in part) with your request, or where such access is regulated by another law.
- In accordance with the terms of the Act, the Company may charge a reasonable fee for the processing of any data access request. The chargeable fee will take into the account the time needed for verifying, locating, retrieving, reviewing and copying the information requested as well as any other associated costs and expenses that may arise from conducting such retrieval. You will be notified of the anticipated fee chargeable, prior to the retrieval of your Personal Data.
- In the event we refuse to adhere to your request for access and/or correction to your Personal Data such as when the information requested for is of a confidential commercial nature, we will inform you of our reason for the refusal.
- Changes to Personal Data
- We will ensure your Personal Data is accurate, complete and up-to-date where necessary. Therefore, we request that if there are changes to your Personal Data you should notify us directly at the contact details set out above.
- Retention of Your Personal Data
- Any of your Personal Data provided to us is retained for as long as the purposes for which the Personal Data was collected continues.
- Your Personal Data is then destroyed or anonymized from our records and system in accordance with our retention policy in the event your Personal Data is no longer required for the said purposes unless its further retention is required to meet our operational, legal, regulatory, tax or accounting requirements.
- Security of Your Personal Data
- We will endeavour to take all measures to ensure the reliability, integrity and competence of the Company’s personnel having access to the Personal Data as well as to ensure that all the third parties involved in processing the Personal Data have taken reasonable and appropriate administrative and security measures and procedures to prevent any unauthorized or unlawful processing, loss of or damage to, misuse, modification, alteration or destruction to the Personal Data.
- By providing us with Personal Data or using our services or our website, you consent to the transfer, storage and processing of Personal Data to where our servers, central database and system facilities are located and/or operated, which may be outside your country of domicile or the location where you access our website to provide Personal Data.
- Our website may contain links to websites operated by third parties. Third party websites and /or links to such third party websites that are accessible from our website (if any) are not under the care and control of the Company and do not operate under this Policy and we do not accept any responsibility or liability arising from those websites. Likewise, if you subscribe to an application, content or a product from those third party websites and you subsequently provide your Personal Data directly to that third party, that Personal Data will be subject to that third party’s privacy/personal data protection policy (if they have such a policy) and not to this Policy.
- Please be aware that communications over the Internet, such as emails are not secure unless they have been encrypted. We cannot and do not accept responsibility for any unauthorized access or interception or loss of Personal Data that is beyond our reasonable control.
- Personal Data from Minors and Other Individuals
- To the extent that you have provided (or will provide) Personal Data about your family, spouse and/or other dependents, you confirm that you have explained to them that their Personal Data will be provided to, and processed by, us and you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their Personal Data in accordance with this Policy and, in respect of minors (i.e. individuals under 18 years of age) or individuals not legally competent to give consent, you confirm that they have appointed you to act for them, to consent on their behalf to the processing (including disclosure and transfer) of their Personal Data in accordance with this Policy.
3. Revisions
- This Policy may be revised from time to time. Notice of any such revision will be given on our website and/or by such other means of communication deemed suitable by us.
4. Miscellaneous
- In the event of any inconsistency between the English version and other language versions of this Policy, the terms of this English version shall prevail.