ST DIGITAL SOLUTIONS MALAYSIA SDN. BHD.(the “Company”, “we”, “our” or “us”) realizes the importance of protecting your personal data.
This document contains the personal data protection and privacy policy adopted by the Company to manage your personal data in accordance with the Personal Data Protection Act 2010 (as amended from time to time) and/or other relevant laws and regulations as well as guidelines applicable in Malaysia (collectively, the “Act” or “PDPA”). Please take a moment to read this policy to understand the purposes for which we collect, use and/or disclose your personal data. The term “personal data” we use herein has the same meaning as defined in the PDPA.
1.1.The Company respects the privacy of individuals and recognizes the need to treat personal data in an appropriate and lawful manner, and is committed to comply with its obligations in this regard, in respect of all personal data it handles.
1.2.The Company may change some parts or all of the contents of this policy from time to time to ensure that this policy is in line with the legal and regulatory requirements, as well as the regulations and constitutive documents of the Company. Hence, we advise you to check regularly for updated information on the handling of your personal data.
1.3.If you consider that this policy does not follow the PDPA in respect to the personal data about you or others, you should raise the matter with our Director as soon as possible.
2.1.In general, we collect your personal data in several ways, including but not limited to the following:
2.1.1.When you contact us for our services or enquiries, via your selected mode of communication;
2.1.2.When you request us to contact you; and
2.1.3.When you submit your personal data to us for employment purposes.
2.2. Personal data that is collected by the Company may include some or all of the following personal information:
2.2.1.Name;
2.2.2.Nationality, IC number and/or passport number;
2.2.3.Marital status;
2.2.4.Date of birth;
2.2.5.Gender;
2.2.6.Contact information such as email addresses and telephone numbers;
2.2.7.Demographic information such as address, postal code, preferences and interests;
2.2.8.Thumbprint;
2.2.9.Signature; and
2.2.10.Photographs, audio/video recordings and digital images.
2.3.Generally, the Company collects, uses and/or discloses your personal data for the following purposes:
2.3.1.Considering and processing your proposal on or application for our services;
2.3.2.Providing you with our services;
2.3.3.Responding to your queries and requests;
2.3.4.Resolving complaints, and handling requests of and enquiries;
2.3.5.Communication and marketing purposes; or
2.3.6.Internal record keeping;
2.3.7.Employment-related purposes (including but not limited to salary, personal income tax, work pass, and residential);
2.4.Your personal data will be retained by the Company for as long as necessary according to our internal policy for the fulfilment of the purposes stated in clause 2.3 or is required to satisfy any legal or business purposes.
2.5.The Company will take reasonable steps to protect your personal data against unauthorized collection, use and/or disclosure. Subject to the provisions of any applicable law or regulations, your personal data may be collected, used and/or disclosed for any purposes listed in clause 2.3 (where applicable), to the following:
2.5.1.the Company’s staff;
2.5.2.researchers, agents, contractors or third party service providers who provide services to the Company;
2.5.3.our professional advisers such as auditors and lawyers;
2.5.4.relevant government regulators, statutory boards or authorities, or law enforcement agencies to comply with any laws, rules, guidelines, regulations or schemes imposed by any governmental authority; and
2.5.5.any other party to whom you authorise us to disclose your personal data to.
2.6.In addition to clause 2.5, the Company will transfer your personal data to the entities outside Malaysia (i.e. Japan and other overseas group entity(ies)), for any purposes listed in clause 2.3.
2.7.In order to provide the best service possible, the Company may engage a data intermediary to process and handle personal data on its behalf. In these cases, we will only work with recognized personal data management firms and shall enter into contracts with these data intermediaries to include provisions that clearly set out the data intermediaries’ responsibilities and obligations to ensure compliance with the Act.
2.8Any personal data that has been collected will only be used within the required scope to achieve the purposes of use as initially explained in clause 2.3. In the event of rare and unpredicted events, we shall obtain your permission first, unless it is for one of the following situations:
2.8.1prevention or detection of crime or any threat to life or health;
2.8.2arrest or prosecution of legal offenders;
2.8.3valuation or assessment of taxes or any other similar payments;
2.8.4other guidelines or instructions issued by the relevant ministry, authority or government body;
2.8.5to comply with any legal requirements applicable to or imposed on us;
2.8.6to protect your vital interests;
2.8.7for the administration of justice; or
2.8.8for the exercise of any functions conferred on any person by or under any law.
2.9Please note that by providing your consent under this policy as stipulated under clause 3 herein, you also provide your unconditional and voluntary consent for us to process your sensitive personal data based on the same. In the event that such consent was not provided or subsequently withdrawn, please note that we reserve the right to process such sensitive personal data for the following circumstances without having to obtain such consent:
2.9.1for the execution or claim of rights or obligation under the law against an individual in the regards of employment;
2.9.2to protect the interests of an individual or other person, where the truth cannot be granted by the individual or his representative or is impossible for us to obtain permission in a normal and reasonable manner;
2.9.3to protect the interests of an individual or other person, where the permission by the individual or his representative is deliberately not granted;
2.9.4for medical purposes - under the custody of a professional in the field of healthcare or a person who has the same confidentiality responsibility with professionals in the field of healthcare;
2.9.5for any relevant legal action and to seek legal advice;
2.9.6to create, carry or defend the rights under the law and to administer the system of legal justice;
2.9.7to carry out any function given to a person by or under the law;
2.9.8other purposes perceived by the relevant ministry; or
2.9.9the information contained in personal data has been publicly known as a result of an individual's actions and in such instance, we will not be required to obtain the individual’s permission in respect of such personal data.
3.1.By submitting your personal data to the Company, you agree and consent to the collection, use and/or disclosure of your personal data by the Company for a part or all of the purposes set out in clause 2.3.
3.2.If at any time we decide to collect, use or disclose your personal data in a different manner as to the purposes set out above, we will request your consent to the additional purpose(s) in writing, in which you may refuse to give at your discretion.
3.3.If you provide us with personal data relating to a third party (e.g. information of your spouse, children, parents or relatives), you represent to us that you have obtained the consent of such third party to provide us with their personal data for the relevant purposes.
3.4.You may at any time withdraw or limit any consent given in respect of the collection, use or disclosure of your personal data by giving prior notice in the form of a formal written request addressed to the Director.
3.5.In the event that you withdraw or limit your consent to the Company in relation to the purposes mentioned above, the Company shall cease to collect, use and/or disclose your personal data upon receiving your withdrawal or limitation request within a reasonable time period. Please note that once consent is withdrawn or limited, it may not be possible for us to accomplish the purposes as set out in clause 2.3, and hence, we may be unable to continue providing the requisite services to you.
The Company will take reasonable measures to protect your personal data from unauthorized access or modification, improper collection, use or disclosure, unlawful destruction or accidental loss. You should be aware, however, that no method of transmission over the internet or electronic storage is 100% secure. While security cannot be guaranteed, we strive to protect the security of the personal data and will constantly review and enhance our information security measures. In the event that we have credible grounds to believe that an incident of personal data breach has occurred, we will take reasonable and expeditious steps in accordance with the Act.
5.1.You may apply for a copy of your personal data held by the Company, or request for your personal data to be updated or corrected, by sending a formal written request to our Director. Please be informed that we are entitled to charge a fee to recover the costs directly related to the access of the personal data for the time and effort spent by us in responding to the same, and will let you know the amount accordingly.
5.2.Within twenty one (21) days upon receiving your request, the Company shall:
5.2.1.provide you with a copy of your personal data under our custody and/or other relevant information in accordance with the Act therein;
5.2.2.correct your personal data as soon as practicable and inform you that the relevant correction has been made; or
5.2.3.inform you that your request for access or correction of your personal data is rejected, if the request was made in circumstances predefined by the Act where such access or correction is prohibited or not required.
5.3.You should ensure that all personal data submitted to us is complete and accurate. Failure to do so may result in our inability to provide you with the information or services you requested. The Company shall make a reasonable effort to ensure that the personal data collected by or on behalf of the Company is accurate.
5.4.You may also request that your personal data is transferred to another person (data portability).
The personal data we collect from you may be transferred to multiple destinations outside Malaysia for the fulfilment of the purposes stated in clause 2.3. The Company will ensure that any transfers of your personal data to a territory outside of Malaysia will be in accordance with the PDPA so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the PDPA.
Please be informed that this foreign entity may be established in countries that may not offer the level of data protection which is equivalent to the law in Malaysia. You hereby clearly give us permission to transfer and store your personal data to any place outside Malaysia. However, we will always strive to ensure that all third parties outside Malaysia will not use or process your personal data other than for the intended purposes and in accordance with the policy and while upholding the confidentiality and privacy of your personal data properly.
In order to appropriately manage personal data, the Company shall continually work towards improving the development of our data management system and internal company regulations.
8.1The Company does not knowingly solicit or collect personal data from minors under the age of 18. If this was unintentionally done, said personal data will be removed from the Company’s records promptly.
8.2However, the Company may collect and process personal data of a minor below the age of 18, provided that their parent, ward, or legal guardian has provided their own consent towards the processing of the same. The Company may also need to collect and process the personal data of said parent, ward, or legal guardian.
In accordance with Section 7(3) of the PDPA, this policy is issued in both Bahasa Malaysia and English languages. In the event of any inconsistency, the English language version of the policy shall prevail.
Should you have a complaint or require more information about how we manage your personal data, please contact our us via the following particulars:
| Via email | : | STSGRP-stdm-it@g.softbank.co.jp |
| Via mail | : | ST DIGITAL SOLUTIONS MALAYSIA SDN BHD Level 10, Axiata Tower, 9, Jalan Stesen Sentral 5, Kuala Lumpur Sentral, 50470, Kuala Lumpur |