1. PURPOSE
This Personal Data Protection Policy (“Policy”) sets out how Champagne Carbon Sendirian Berhad (“the Company”) collects, uses and protects your Personal Data which you have provided to the Company. The Personal Data Protection Act 2010 of Malaysia (“Act”) regulates the processing of personal data in commercial transactions. The Act requires the Company to inform data subjects about personal data that is collected from them and processed by the Company.
This Policy will act as guidance for the processing of personal data in commercial transactions as well as for employment and charitable purposes, in compliance with the Act.
2. SCOPE
2.1. The terms “personal data”, “processing”, “commercial transactions”,“data subject” and “relevant person” used in this Policy shall have the meaning prescribed in the Act.
and agree to us processing your Personal Data in accordance with the manner as set out in this Policy.
3. COLLECTION OF PERSONAL DATA
4. PURPOSE OF PROCESSING OF PERSONAL DATA
4.1. The Personal Data as provided/furnished by you to us or collected by us from you or through such other sources as may be necessary for the fulfilment of the purposes at the time it was sought or collected, may be processed for the following purposes (collectively referred to as the “Purposes”):
b) to maintain and improve customer relationship;
c) to assess, process and provide products, services and/or facilities to you;
d) to administer and process any payments related to products, services and/or facilities requested by you;
e) to establish your identity and background;
f) to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
g) to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time;
h) for direct marketing purposes via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels;
i) to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
j) to maintain and update internal record keeping;
k) for internal administrative purposes;
l) to send you seasonal greetings messages from time to time;
m) to send you the invitation to join our events and promotions and product launch events;
n) to monitor, review and improve our events and promotions, products and/or services;
o) to conduct credit reference checks and establish your creditworthiness, where necessary, in providing you with the products, services and/or facilities;
p) to administer and give effect to your commercial transactions with us (such as a tender award, contract for service, tenancy agreement);
q) to process any payments related to your commercial transactions with us;
r) to process and analyse your Personal Data either individually or collectively with other individuals;
s) to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
t) to share any of your Personal Data with the auditor for our internal audit and reporting purposes; to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
u) to share any of your Personal Data with our joint venture/business partners to jointly develop products and/or services or launch marketing campaigns;
v) to share any of your Personal Data with insurance companies necessary for the purpose of applying and obtaining insurance policy(ies), if necessary;
w) to share any of your Personal Data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
x) for audit, risk management and security purposes;
y) for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
aa) to transfer or assign our rights, interests and obligations under any agreements entered into with us;
bb) for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
cc) to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
dd) to carry out verification and background checks as part of any recruitment and selection process in connection with your application for employment with us; and/or
ee) for other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent; and you agree and consent to us using and processing your Personal Data for the Purposes in the manner as identified in this Policy. If you do not consent to us processing your Personal Data for one or more of the Purposes, please notify us at the contact details below.
4.2. It is voluntary for you to supply your Personal Data to the Company. Any modifications or changes to this Policy shall signify your acceptance to such modifications or changes.
4.3. In addition, we may also receive, store and process your Personal Data which are provided or made available by any third parties, credit reference bodies, regulatory and law enforcement authorities, for reasons including delivery of our products and/or services, performance of conditions of agreements and/or to comply with our legal and regulatory obligations.
5. DISCLOSURE OF PERSONAL DATA (WITHIN and/or OUTSIDE MALAYSIA)
5.1. Your Personal Data provided to the Company or obtained by the Company shall be kept confidential by the Company. However, it may be necessary for the Company to engage third party companies, service providers or individuals to perform certain services on the Company’s behalf. In such event, you hereby agree and consent that the Company may disclose and transfer your Personal Data to the third parties, within or outside Malaysia, including without limitation, as follows:
a) banks and financial institutions;
b) our employees, consultants, accountants, auditors, lawyers, advisers, agents, contractors, vendors, co-marketing partner, vendor, suppliers, contractors, sub contractors, service providers, insurance companies, merchants, distributors and/or financial institutions to provide support and services;
c) successors in title to us;
d) any third party (and its advisers/representatives) in connection with any proposed or actual re-organization, merger, sale, consolidation, acquisition, joint venture assignment, transfer, funding exercise or asset sale relating to any portion of the Company;
e) your immediate family members and/or emergency contact person as may be notified to us from time to time;
f) storage facility and records management service providers;
g) data centers and/or servers for data storage purposes;
h) foreign embassies and agencies appointed by the foreign embassies;
i) Malaysian Immigration Department;
j) government agencies, law enforcement agencies, courts, tribunals, regulatory bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any jurisdiction, if required or authorized to do so, to satisfy an applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities such as but not limited to the Inland Revenue Board, the Employees’ Provident Fund Board, the Social Security Organisation and Bank Negara Malaysia;
k) our business partners, third party product and/or service providers, suppliers, vendors, contractors or agents, on a need-to-know basis, that provide related products and/or services in connection with our business, or discharge or perform one or more of the above purposes and other purposes required to operate and maintain our business;
l) payment channels including but not limited to financial institutions for purpose of assessing, verifying, effectuating and facilitating payment of any amount due to us in connection with your purchase of our products and/or services;
m) any party nominated or appointed by us either solely or jointly with other service providers, for purpose of establishing and maintaining a common database where we have a legitimate common interest;
n) the general public when you become a winner in a contest, participate in our events, conferences, talks and seminars by publishing your name, photographs and other personal data without compensation for advertising and publicity purposes;
o) any other person reasonably requiring the same in order for us to operate and maintain or carry out our business activities.
p) any person under a duty of confidentiality to which has undertaken to keep your Personal Data confidential which we have engaged to discharge our obligations to you; and/or
q) such other party as the Company deems necessary for the purposes mentioned in paragraph 3 above.
5.2. You agree not to hold the Company responsible for any loss or damage suffered arising from any access by third party where the Company has taken reasonable steps to protect the personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, errors in transmission, alteration or destruction.
5.3. The Company shall also disclose and transfer the information to any statutory bodies, regulatory bodies and/or governmental authorities where legally required to do so.
6. CONSEQUENCES OF NOT CONSENTING TO THIS POLICY
6.1. The collection of your Personal Data by us may be mandatory or voluntary in nature depending on the Purposes for which your Personal Data is collected. Where it is obligatory for you to provide us with your Personal Data, and you fail or choose not to provide us with such data, or do not consent to the above or this Policy, we will not be able :
a) to receive or obtain goods/services from us; or
b) to provide goods/services to us; or
c) to remain in our employment; or
d) to enter into or to maintain commercial relationship(s) with us
7. REQUEST FOR ACCESS, INQUIRIES, AND/OR CORRECTION OF PERSONAL DATA
7.1. You may at any time hereafter request for access to, or request for rectification or correction of your Personal Data (subject to payment of fees, if applicable), or limit the processing of your Personal Data by the Company, as the case may be, however subject to the exceptions and restrictions as may be contained under the applicable law. If you wish to do so, please contact:
Champagne Carbon Sdn Bhd
1-2, Street Wing, Sunsuria Avenue,
Persiaran Mahogani, Kota Damansara PJU 5,
47810 Petaling Jaya, Selangor.
or
Email Address: compliance@champagnecarbon.cc with
Subject: Request for Personal Data Access / Corrections
7.2. In addition, you also have the right, by notice in writing, to inform us on your withdrawal (in full or in part) of your consent given previously to us subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be effected. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will not be able to continue with your existing relationship with us or the contract that you have with us will have to be terminated.
7.3. Notwithstanding the foregoing, we reserve our rights to rely on any statutory exemptions and/or exceptions to collect, use and disclose your Personal Data.
7.4. We will ensure your Personal Data is accurate, complete and up-to-date where necessary. Therefore, we request that if there are changes to your Personal Data you should notify us directly at the contact details set out above.
7.5. You are to put your requests in writing for security reasons and verification purposes.
7.6. In accordance with the terms of the Personal Data Protection Act 2010, the Company may charge a reasonable fee for the processing of any data access request. The chargeable fee will take into the account the time needed for verifying, locating, retrieving, reviewing and copying the information requested as well as any other associated costs and expenses that may arise from conducting such retrieval. You will be notified of the anticipated fee chargeable, prior to the retrieval of your Personal Data.
7.7. In the event we refuse to adhere to your request for access and/or correction to your Personal Data such as when the information requested for is of a confidential commercial nature, we will inform you of our reason for the refusal.
8. RETENTION OF PERSONAL DATA
8.1. Any of your Personal Data provided to us is retained for as long as the purposes for which the Personal Data was collected continues.
8.2. Your Personal Data is then destroyed or anonymised from our records and system in accordance with our retention policy in the event your Personal Data is no longer required for the said purposes unless its further retention is required to meet our operational, legal, regulatory, tax or accounting requirements.
9. SECURITY OF PERSONAL DATA
9.1. We are committed to ensuring that your Personal Data is stored securely. In order to prevent unauthorised access, disclosure or other similar risks, we endeavour, where practicable, to implement appropriate technical, physical, electronic and procedural security measures in accordance with the applicable laws and regulations and industry standard to safeguard against and prevent the unauthorised or unlawful processing of your Personal Data, and the destruction of, or accidental loss, damage to, alteration of, unauthorised disclosure of or access to your Personal Data.
9.2. We will make reasonable updates to its security measures from time to time and ensure the authorised third parties only use your Personal Data for the Purposes set out in this Policy.
9.3. The Internet is not a secure medium. However, we will put in place various security procedures regarding the Site and your electronic communications with us. All our employees, joint venture/business partners, agents, contractors, vendors, suppliers, data processors, third-party product and/or service providers, who have access to, and are associated with the processing of your Personal Data, are obliged to respect the confidentiality of your Personal Data.
9.4. Please be aware that communications over the Internet, such as emails/web mails are not secure unless they have been encrypted. Your communications may be routed through several countries before being delivered – this is the nature of the World Wide Web/Internet.
9.5. We cannot and do not accept responsibility for any unauthorised access or interception or loss of Personal Data that is beyond our reasonable control.
End.