PDPA - Aquaria KLCC

AQUARIA KLCC PERSONAL DATA PROTECTION POLICY

Effective Date: 01 November 2024
Last Updated: 01 November 2024

Aquaria KLCC (“we,” “us,” “our”) is committed to protecting your personal data in compliance with the Malaysian Personal Data Protection Act 2010 (“PDPA”). This Policy explains how we collect, process, use, and safeguard your personal data, and outlines your rights.

1. Our Approach to Privacy

1.1 At Aquaria KLCC, we recognize that the protection of your personal data is a fundamental principle in building trust and maintaining a strong relationship with you. In this Privacy Policy, the terms “we,” “our,” “us,” and “ours” refer to Aquawalk Group Sdn Bhd or any of its affiliates responsible for the collection and processing of your personal data. The terms “you,” “your,” and “yours” refer to you as the individual whose personal data is being collected, processed, or otherwise handled under this Policy.

1.2 This Privacy Policy outlines our commitments to safeguarding your personal data and your rights concerning the collection, processing, and use of your personal data for the purposes stated in this document.

1.3 We are responsible for all personal data under our control, including data disclosed to third parties acting on our behalf, often referred to as “data processors” or “vendors.” A “vendor,” in this Policy, refers to any entity or individual (excluding employees of Aquawalk Group Sdn Bhd) that processes personal data on behalf of Aquaria KLCC. “Processing” includes, but is not limited to, collecting, recording, storing, organizing, retrieving, using, disclosing, and verifying personal data.

1.4 In certain instances, this Privacy Policy may be supplemented by additional policies, terms, or brief privacy notices, specifically tailored for particular purposes or forms (e.g., event participation, contests). These additional policies will be identified as applicable and used in conjunction with this Policy.

1.5 We take every necessary measure to ensure that personal data processed by vendors on our behalf receives a comparable level of protection and is handled securely in accordance with this Policy.

1.6 By providing your personal data, you consent to its collection, use, processing (including disclosure), and storage as described in this Privacy Policy. We will always ensure that any processing is carried out lawfully, transparently, and in accordance with applicable data protection laws.

1.7 By continuing to interact with us, whether through our services, website, or participation in events, you affirm your consent to the collection, use, and processing of your personal data in the manner and for the purposes outlined in this Privacy Policy.

2. Personal Data Collected

2.1 Types of Personal Data Collected
The personal data we may collect includes, but is not limited to:

  • Identity Data: Name, identification card or passport number, date of birth, and gender.
  • Contact Data: Phone number, email address, home or business address.
  • Transaction Data: Payment details, purchase history, and membership information.
  • Digital Data: IP addresses, browser types, cookies, and website usage data.
  • Sensitive Data: Health information (only when explicitly required and consented to, e.g., for event participation).

2.2 Source of Data Collection
We collect personal data directly from you through:

  • Online forms and account registrations.
  • Event sign-ups, contests, and surveys.
  • Ticket purchases or refunds.
  • Interactions with our staff in person, via email, or through other channels.

3. Purpose of Processing Personal Data

We collect and process your personal data for the following purposes:

3.1 Transaction Management:

  • To process ticket purchases, memberships, and refunds.

3.2 Marketing and Promotions:

  • To inform you about promotions, events, and special offers.
  • To deliver newsletters and seasonal greetings.

3.3 Customer Support:

  • To respond to inquiries, complaints, and service requests.

3.4 Event Participation:

  • To manage and facilitate contests, events, and surveys.

3.5 Legal and Compliance Obligations:

  • To comply with legal, regulatory, and enforcement requirements.

3.6 Business Operations:

  • To analyze data for service improvements and market insights.

4. Disclosure of Personal Data

We do not sell, rent, or trade your personal data. However, we may disclose your data to:

4.1 Service Providers:

  • Third-party vendors assisting in operations (e.g., payment processing, marketing campaigns).

4.2 Affiliates and Subsidiaries:

  • Entities within the Aquaria KLCC group for administrative and operational purposes.

4.3 Regulatory Authorities:

  • Legal or regulatory bodies when required by law for audits or investigations.

4.4 Promotional Partners:

  • With your explicit consent, selected partners for joint promotions or events.

5. Retention of Personal Data

5.1 Retention Period:
We retain personal data as long as necessary for the purposes stated in this Policy or as required by law.

5.2 Data Disposal:
Once the retention period expires, data will be securely deleted or anonymized to prevent unauthorized access.

6. Security of Personal Data

6.1 Technical Safeguards:

  • SSL encryption, firewalls, and secure servers.

6.2 Organizational Safeguards:

  • Restricted data access and staff training on confidentiality.

6.3 Physical Safeguards:

  • Secure storage facilities and monitored access.

6.4 Your Responsibility:
You are responsible for protecting your login credentials and other sensitive data.

7. International Transfers of Personal Data

Your personal data may be transferred to countries outside Malaysia for processing or storage. We ensure such transfers comply with the PDPA and provide adequate safeguards.

8. Use of Cookies

8.1 Purpose of Cookies:
Our website uses cookies to enhance your browsing experience and analyze website traffic.

8.2 Opt-Out Options:
You can disable cookies via your browser settings; however, this may limit website functionality.

9. Your Rights

Under the PDPA, you have the right to:

9.1 Access and Correction:
Request access to or correction of your personal data.

9.2 Withdraw Consent:
Withdraw consent for specific data uses by submitting a written request.

9.3 Restrict Processing:
Request restrictions on processing data for marketing purposes.

10. Children’s Privacy

We do not knowingly collect data from individuals under the age of 18 without parental or guardian consent.

11. Changes to This Policy

We reserve the right to update this Policy to reflect changes in laws, technology, or business practices. Updates will be posted on our website, and continued use of our services constitutes acceptance of the revised terms.

12. Contact Information

If you have questions or wish to exercise your rights, please contact us:

Data Protection Officer (DPO):
Aquaria KLCC
Level 3A-01, Menara Darussalam
No.12, Jalan Pinang, 50450 Kuala Lumpur, Malaysia

Email: dpo@aquariaklcc.com.my
Phone: +03-2333 1888