AQUAWALK BERHAD Personal Data Protection Act (“PDPA”) POLICY
1. Introduction
1.1 This is the personal data protection policy that is adopted by Aquawalk Group Berhad and its subsidiaries (“Aquawalk” or “Group”) in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”).
1.2 This policy explains below:
- the type of personal data we collect and how we collect it
- how we use your personal data
- the parties that we disclose the personal data to; and
- the choices we offer, including how to access and update your personal data.
1.3 The PDPA requires us to inform you of your rights in respect of your Personal Data that is being processed or that is collected and further processed by us and the purposes for the data processing. The PDPA also requires us to obtain your consent to the processing of your Personal Data. In view of the PDPA, we are committed to protecting and safeguarding your Personal Data.
1.4 By providing us your Personal Data and/or continuing access to our website (“Website”), you declare that you have read and understood this Policy and agree to us processing your Personal Data in accordance with the manner as set out in this Policy.
1.5 We reserve the right to modify, update and/or amend this Policy from time to time with reasonable prior notice to you. We will notify you of any amendments via announcements on the Website or other appropriate means. Please check the Website from time to time to see if there are amendments to this Policy. Any amendments to this Policy will be effective upon notice to you. By continuing to use the services and/or access to the Website after being notified of any amendments to this Policy, you will be treated as having agreed to and accepted those amendments.
1.6 If you do not agree to this Policy or any amendments to this Policy, we may not be able to render all services to you and you may be required to terminate your relevant agreement with us and/or stop accessing or using the Website.
2. Collection of Data
2.1 The term “Personal Data” means any information in our possession or control that relates directly or indirectly to an individual to the extent that the individual can be identified or are identifiable from that and other information in our possession, such as name, address, telephone number, Identification/Passport number, date of birth, photograph, email address etc. as well as Sensitive Personal Data as defined under the PDPA, which includes but is not limited to, information pertaining to the physical or
medical condition of a data subject. The types of Personal Data collected depend on the purpose of collection. We may “process” your Personal Data by way of collecting, recording, holding, storing, using and/or disclosing it.
2.2 Your Personal Data may be collected from you during your course of dealings with us in any way or manner pursuant to any transactions and/or communications made from/with us. We may also collect your Personal Data from a variety of sources, including without limitation, at any events, road shows, customer satisfaction surveys organised and/or sponsored by us, as well as from publicly available sources. Some examples of how personal data can be collected:
- When you purchase our tickets over the counter;
- When you register your details on our website;
- When you communicate or interact with us via social media (Facebook, Instagram etc.) or directly with our employees within our premises in relation to our products and services (in person, by email, telephone, direct mail or any other means);
- When you conduct certain types of transactions such as refund(s);
- When you commence a business relationship with us (for example, as a service provider or business partner);
- When you enter or interact with us during promotions, competitions, contests, lucky draws and special events;
- Participate in surveys and other types of research; or
- If you are a candidate for employment (when you complete our employment forms in relation to the recruitment and selection process) for the purpose of assessment. We may also collect information about you from your nominated referees where you have authorised us to do so.
2.3 We may also receive, store and process your Personal Data which are provided or made available by any third parties, credit reference bodies, regulatory authorities for reasons including delivery of our products and/or services, performance of conditions of agreements and/or to comply with our legal and regulatory obligations.
3. Purpose & Use of Personal Data
3.1 The Personal Data as provided/furnished by you to us or collected by us from you or through such other sources as may be necessary for the fulfilment of the purposes at the time it was sought or collected, may be processed for the following purposes (collectively referred to as the “Purposes”):
- to verify your identity
- to communicate with you
- to maintain and improve customer relationship • to assess, process and provide products and/or services to you
- to administer and process any payments related to products and/or services
- to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us
- to provide you with information and/or updates on our products and/or services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time
- for direct marketing purposes via SMS, phone call, email, mail, social media and/or any other appropriate communication channels
- to facilitate your participation in, and our administration of any events including contests, promotions or campaigns
- to maintain and update internal record keeping • for internal administrative purposes
- to send you seasonal greetings messages from time to time
- to send you the invitation to join our events and promotions and product launch events
- to monitor, review and improve our events and promotions, products and/or services
- to conduct credit reference checks and establish your creditworthiness, where necessary, in providing you with the products and/or services
- to administer and give effect to your commercial transactions with us (such as a tender award, contract for service, tenancy agreement)
- to process any payments related to your commercial transactions with us
- to process and analyse your Personal Data either individually or collectively with other individuals
- to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services
- to share any of your Personal Data with the auditor for our internal audit and reporting purposes
- to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action
- to share any of your Personal Data with our joint venture/business partners to jointly develop products and/or services or launch marketing campaigns
- to share any of your Personal Data with insurance companies necessary for the purpose of applying and obtaining insurance policy(ies), if necessary
- to share any of your Personal Data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary or audit, risk management and security purposes
- for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to
- to transfer or assign our rights, interests and obligations under any agreements entered with us
- for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us
- to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations
- to carry out verification and background checks as part of any recruitment and selection process in connection with your application for employment with us
- for other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent; and you agree and consent to us using and processing your Personal Data for the Purposes in the manner as identified in this Policy. If you do not consent to us processing your Personal Data for one or more of the Purposes, please notify us at the contact details below.
4. Disclosure of Your Personal Data
4.1 We commit that we will not sell, rent, transfer or disclose any of your Personal Data to any third party without your consent. However, we may disclose your Personal Data to the following third parties, for one or more of the above Purposes:
- Aquawalk Group Berhad group of companies (both local and overseas)
- your immediate family members and/or emergency contact person as may be notified to us
- any person under a duty of confidentiality to which has undertaken to keep your Personal Data confidential which we have engaged to discharge our obligations to you
- government agencies, law enforcement agencies, courts, tribunals, regulatory bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any jurisdiction, if required or authorised to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities
- our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us
- our joint venture/business partners, third-party product and/or service providers, suppliers, vendors, contractors, data processors or agents, that provide related products and/or services in connection with our business
- financial institutions for the purpose of applying and obtaining credit facilities (if necessary)
- financial institutions, merchants and credit card organisations in connection with your commercial transactions with us
- any credit reporting agencies or in the event of default, any debt collection agencies subject to the permitted law applicable to us
- the public when you become a winner in a contest by publishing your name, photographs and other Personal Data without compensation for advertising and publicity purposes
- in the event of a potential, proposed or actual sale/disposal of any of our business or interest, merger, acquisition, consolidation, re-organisation, funding exercise or asset sale relating to us, or in the event of winding-up (“Transaction”), your Personal Data may be required to be disclosed
- other parties in respect of whom you have given your express or implied consent
5. Accuracy of your Personal Data
5.1 We aim to keep all Personal Data as accurate, complete, not misleading, up-to date and reliable as possible. Therefore, the accuracy of your Personal Data depends to a large extent on the information you provide. As such, it is a condition of us providing the products and/or services to you that you:
- warrant and declare that all your Personal Data submitted or to be submitted to us are accurate, not misleading, updated and complete in all respects for purposes of acquiring or using the relevant products and/or services, and you have not withheld any Personal Data which may be material in any respect and that we are authorised to assume the accuracy of the Personal Data given by you when processing such Personal Data)
- promptly update us as and when such Personal Data provided becomes inaccurate, incomplete, misleading, outdated or changes in any way whatsoever by contacting us at the contact details below.
6. Your Rights towards Personal Data
6.1 We can assist you to access and correct your personal data held by us. Where you wish to have access to your personal data in our possession, or where you are of the opinion that such personal data held by us is inaccurate, incomplete, misleading or not up-to date, you may make a request to us via our Data Access Request Form or Data Correction Request Form respectively.
6.2 In respect of your right to access and/or correct your Personal Data, we have the right to refuse your request to access and/or correct your Personal Data for the reasons permitted under the law, such as where the expense of providing access to you is disproportionate to the risks to your privacy, or where the rights of others may also be violated, amongst other reasons.
6.3 You have the right at any time to request us to limit the processing and use of your Personal Data (for example, requesting us to stop sending you any marketing and promotional materials or contacting you for marketing purposes).
6.4 In addition, you also have the right, by notice in writing, to inform us on your withdrawal (in full or in part) of your consent given previously to us subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be affected. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will not be able to continue with your existing relationship with us and/or the contract that you have with us will have to be terminated.
7. Retention of your Personal Data
7.1 Your Personal Data provided to us is retained for as long as the purposes for which the Personal Data was collected continues; your Personal Data is then destroyed from our records and system in accordance with our retention policy in the event your Personal Data is no longer required for the said purposes unless its further retention is required to satisfy a longer retention period to meet our operational, legal, regulatory, tax or accounting requirements.
8. Security of your Personal Data
8.1 We are committed to ensuring that your Personal Data is stored securely. In order to prevent unauthorised access, disclosure or other similar risks, we endeavour, where practicable, to implement appropriate physical, electronic and procedural security measures in accordance with the applicable laws and regulations and industry standard to safeguard against and prevent the unauthorised or unlawful processing of your Personal Data, and the destruction of, or accidental loss, damage to, alteration of, unauthorised disclosure of or access to your Personal Data.
8.2 We will make reasonable updates to its security measures from time to time and ensure the authorised third parties only use your Personal Data for the Purposes set out in this Policy.
8.3 All our employees, joint venture/business partners, agents, contractors, vendors, suppliers, data processors, third-party product and/or service providers, who have access to, and are associated with the processing of your Personal Data, are obliged to respect the confidentiality of your Personal Data.
8.4 Please be aware that communications over the Internet, such as emails/web mails are not secure unless they have been encrypted. Your communications may be routed through a few countries before being delivered. We cannot and do not accept responsibility for any unauthorised access or interception or loss of Personal Data that is beyond our reasonable control.
9. Transfer of your Personal Data Outside Malaysia
9.1 Any personal data, which you volunteer to us, will be treated with the highest standards of security strictly in accordance with the PDPA 2010. It may be necessary for us to transfer your personal data outside Malaysia if any of our service providers or business partners are involved in providing part of a services are located in countries outside Malaysia. You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such service providers or business partners are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.
10. Your Consent
10.1 By submitting your personal data, you consent to the use of that personal data as set out in this Policy. If we change our Policy, we will publish the amended version on our Website. But you can email or write to us to ask for a copy. Continued use of the service will signify that you agree to any such changes.
11. Our Contact Details
11.1 If you have any questions about this Policy, or have any further queries, or would like to make a complaint or data access or correction request in respect of your Personal Data, you may contact us at the contact details below:
Data Protection Officer (DPO)
Level 3A-01, Menara Darussalam No 12, Jalan Pinang 50450 Kuala Lumpur Tel No: 03-2333 1888 E-mail: dpo@aquawalk.com