If you are a corporate entity/an organisation, references to the term “you” and “your” shall also include your directors, officers, employees, representatives and agents.
The PDPA requires us to inform you of your rights in respect of your personal data that is being processed or that is to be collected and further processed by us and the purposes for the data processing. The PDPA also requires us to obtain your consent to the processing of your personal data. In light of the PDPA, we are committed to protecting and safeguarding your personal data.
- COLLECTION OF PERSONAL DATA
The term “personal data” means any information in our possession or control that relates directly or indirectly to an individual to the extent that the individual can be identified or are identifiable from that and other information in our possession such as name, address, telephone number, identity number, date of birth, email address, bank account details, Internet Protocol (IP) address, etc. The types of personal data collected depend on the purpose of collection. We may “process” your personal data by way of collecting, recording, holding, storing, using and/or disclosing it.
Your personal data may be collected from you during your course of dealings with us in any way or manner including pursuant to your registration of account at our Platforms, any transactions and/or communications made from/with us or shared with us through our dealings with our clients, business partners and affiliates. We may also collect your personal data from a variety of sources, including without limitation, at any meetings, events, seminars, conferences, talks and/or from publicly available sources.
In addition, we may also receive, store and process your personal data which are provided or made available by any third parties, credit reference bodies, regulatory and law enforcement authorities, for reasons including delivery of our products and/or services, performance of conditions of agreements and/or to comply with our legal and regulatory obligations.
- PURPOSE OF ACQUIRING AND PROCESSING YOUR PERSONAL DATA
The personal data as provided/furnished by you to us or collected by us from you or through such other sources as may be necessary for the fulfilment of the purposes at the time it was sought or collected, may be processed for the following purposes (collectively referred to as the “Purposes”):
- to assess, process and provide products and services to you or our clients, business partners or affiliates, including performance of tasks by our SupaAgents;
- to facilitate, process, deal with, administer, manage and/or maintain your relationship with us;
- to consider and/or process your communication/application/transaction with us or our affiliated business partners;
- to respond to your enquiries or complaints or resolve any issues and disputes which may arise in connection with any dealings with us;
- to administer and process any payments related to products or services requested by you;
- to facilitate your participation in, and our administration of, any events including meetings, promotions or campaigns;
- to carry out due diligence or other monitoring or screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by us;
- to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time by SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels;
- to send you seasonal greetings messages, gifts, newsletters from time to time;
- to process and analyse your personal data either individually or collectively with other individuals;
- to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
- to share any of your personal data with the auditor for our internal audit and reporting purposes;
- to share any of your personal data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
- to share any of your personal data with a third party necessary for the preparation of legal documents or contract to be entered by you;
- to share any of your personal data with our business partners to jointly develop products and/or services;
- to share any of your personal data with financial institutions or investment firms necessary for the purpose of applying and obtaining loan or credit facility(ies) or investment fund respectively, if necessary;
- to communicate with you and to maintain and improve business and customer relationship;
- to detect, investigate and prevent any fraudulent, prohibited or illegal activity or omission or misconduct;
- to enable us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- to transfer or assign our rights, interests and obligations under any agreements entered into with us;
- to meet any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- to comply with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory bodies or other similar authorities;
- to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable;
- laws, legislation and regulations;
- for internal administrative purposes;
- for audit, risk management and security purposes;
- for registration for a user account with us;
- for our storage, hosting back-up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Malaysia; and/or
for other purposes required to operate, maintain and better manage our business and your relationship with us,
We may also use and process your personal data for the following marketing and promotional purposes (“Marketing and Promotional Purposes”):
- to send you information, alerts, newsletters, updates, promotional materials, special privileges announcements on products, services, upcoming events, activities, promotions, campaigns, or surveys offered/organized by us and/or our selected third parties (business/marketing partners, sponsors, advertisers) which may be of interest to you; and
- to share your personal data within our organization and our selected third parties (business/marketing partners, sponsors, advertisers) who may communicate with you to market their products, services, events or promotions,
from time to time by SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels. You have the right at any time to request us to stop sending you any marketing and promotional materials or contacting you for Marketing and Promotional Purposes. You may also click on the “Unsubscribe” link embedded in the relevant marketing and promotional email in order not to receive any marketing and promotional email in the future. If you unsubscribe, we may still send you non-marketing and promotional communications, such as those about your Account, about the Platforms and/or Services or our ongoing business relations.
We may also be collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes.
- provide you with the products or services you requested, either to the same standard, or at all;
- provide you with information about products and services that you may want;
- tailor the content of the Platform to your preferences and your experience of the Platform may not be as enjoyable or useful;
- complete commercial transactions in relation to our Services; or
- comply with any applicable law, regulation, direction, court order, by laws, guidelines and/or codes applicable to us.
You agree that we shall not be held liable for any consequences arising for not providing us with such mandatory personal data.
- DISCLOSURE OF YOUR PERSONAL DATA
We will not sell, rent, transfer or disclose any of your personal data to any third party without your consent. However, we may disclose your personal data to the following third parties, for one or more of the above Purposes:
- the Company’s group of companies including the Company’s subsidiaries, related and/or associated companies;
- your immediate family members and/or emergency contact person as may be notified to us from time to time; successors in title to us;
- any person under a duty of confidentiality to which has undertaken to keep your personal data confidential which we have engaged to discharge our obligations to you;
- any party in relation to legal proceedings or prospective legal proceedings;
- our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us;
- any party nominated or appointed by us either solely or jointly with other service providers, for purpose of establishing and maintaining a common database where we have a legitimate common interest;
- data centres and/or servers located within or outside Malaysia for data storage purposes;
- storage facility and records management service providers;
- payment channels including but not limited to banks and financial institutions for purpose of assessing, verifying, effectuating and facilitating payment of any amount due to us in connection with your procurement of our products and/or services;
- government agencies, law enforcement agencies, courts, tribunals, regulatory/professional bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any jurisdiction, if required or authorised to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities;
- our business partners, third party product and/or service providers, suppliers, vendors, distributors, contractors or agents, on a need to know basis, that provide related products and/or services in connection with our business, or discharge or perform one or more of the above Purposes and other purposes required to operate and maintain our business;
- if you are our Client, your personal data may be disclosed to our SupaAgents involved in the products and/or services provided to you, on a need to know basis. If you are a SupaAgent, your personal data may also be disclosed to our Client, on a need to know basis;
- financial institutions or investment firms for the purpose of applying and obtaining loan or credit facility(ies) or investment fund, if necessary;
- financial institutions, merchants and credit card organisations in connection with your commercial transactions with us;
- the general public when you become a winner in a contest, participate in our events, conferences, talks and seminars by publishing your name, photographs and other personal data without compensation for advertising and publicity purposes;
- any third party (and its advisers/representatives) in connection with any proposed or actual reorganization, merger, sale, consolidation, acquisition, joint venture, assignment, transfer, funding exercise or asset sale relating to any portion of the Company. If we or our business is acquired by another entity or merged with another entity or there is a proposed acquisition or merger, your personal data may be transferred to such entity as part of the proposed or actual merger or acquisition; and/or
- any other person reasonably requiring the same in order for us to operate and maintain our business or carry out the activities set out in the Purposes or as instructed by you.
- ACCURACY OF YOUR PERSONAL DATA
We take it that all personal data provided by you is accurate and complete, and that none of it is misleading or out of date. You will promptly update us in the event of any change to your personal data.
- YOUR RIGHTS
To the extent that the applicable law allows, you have the right to request for access to, request for a copy of, request to update or correct, your personal data held by us. We may charge a small fee (such amount as permitted by the PDPA) to cover the administration costs involved in processing your request to access your personal data. Notwithstanding the foregoing, we reserve our rights to rely on any statutory exemptions and/or exceptions to collect, use and disclose your personal data.
You have the right at any time to request us to limit the processing and use of your personal data (for example, requesting us to stop sending you any marketing and promotional materials or contacting you for marketing purposes).
In addition, you also have the right, by notice in writing, to inform us on your withdrawal (in full or in part) of your consent given previously to us subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be effected. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us or the contract that you have with us will have to be terminated.
- RETENTION OF YOUR PERSONAL DATA
Any of your personal data provided to us is retained for as long as the purposes for which the personal data was collected continues; your personal data is then destroyed or anonymised from our records and system in accordance with our retention policy in the event your personal data is no longer required for the said purposes unless its further retention is required to satisfy a longer retention period to meet our operational, legal, regulatory, tax or accounting requirements.
- SECURITY OF YOUR PERSONAL DATA
We are committed to ensuring that your personal data is stored securely. In order to prevent unauthorised access, disclosure or other similar risks, we endeavour, where practicable, to implement appropriate technical, physical, electronic and procedural security measures in accordance with the applicable laws and regulations and industry standard to safeguard against and prevent the unauthorised or unlawful processing of your personal data, and the destruction of, or accidental loss, damage to, alteration of, unauthorised disclosure of or access to your personal data.
The Internet is not a secure medium. However, we will put in place various security procedures with regard to the Platforms and your electronic communications with us. All our employees and data processors, who have access to, and are associated with the processing of your personal data, are obliged to respect the confidentiality of your personal data.
Please be aware that communications over the Internet, such as emails are not secure unless they have been encrypted. Your communications may be routed through a number of countries before being delivered – this is the nature of the world wide web/internet.
We cannot and do not accept responsibility for any unauthorised access or interception or loss of personal data that is beyond our reasonable control.
- PERSONAL DATA FROM MINORS AND OTHER INDIVIDUALS
- TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF MALAYSIA
Our information technology storage facilities and servers may be located in other jurisdictions outside of Malaysia. This may include, but not limited to, instances where your personal data may be stored on servers located outside of Malaysia. In addition, your personal data may be disclosed or transferred to entities located outside of Malaysia (including that of our clients, business partners and affiliates) or where you access the Platforms from countries outside Malaysia. Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that offered in Malaysia. You hereby expressly consent to us transferring your personal data outside of Malaysia for such purposes. We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of Malaysia shall not use your personal data other than for that part of the Purposes and to adequately protect the confidentiality and privacy of your personal data.
- You acknowledge that the provision of your personal data to us over the Internet is entirely at your own risk.
- We may automatically receive, record and store location services information from your computer or mobile device when you interact with us. You hereby consent to our use of anonymized location services information collected from you. Where the location services information is personally identifiable, we will give you the options to manage your disclosure of this information. Depending on the functionalities available on your computer or mobile device, you may benefit from advanced options to manage the location services information. A computer or mobile device may report its GPS location at the time you interact with us if the location services settings are enabled. Such information is not identified as personal data, except where we are required to do otherwise under applicable law.
- CONTACT DETAILS
The Personal Data Protection Officer
SUPAHANDS DOTCOM SDN BHD
3A-12, Tower B, The Vertical Business Suites, Jalan Kerinchi, Bangsar South, 59200 Kuala Lumpur Malaysia
Contact No.: +603 2713 6946
Last reviewed on 13 January 2020