INTRODUCTION
This Personal Data Policy (“Policy”) sets out the main principles and minimum requirements for processing and safeguarding personal data in Auto Prima College.
OBJECTIVE
Auto Prima College is committed to maintain high values of integrity in its business dealings and conduct. As such, as part of its commitment, Auto Prima College is adopting this Policy which outlines the minimum requirements and the main principles and minimum requirements for processing and safeguarding personal data.
PRINCIPALS
1. Auto Prima College shall process personal data with care in accordance with local laws and regulations in order to safeguard the interest of data subject.
2. The Personal Data Protection Act 2010 (“PDPA”) regulates the processing of personal data in commercial transactions.
3. This Policy encompasses the personal data principles as follows: –
a) the General Principle;
b) the Notice and Choice Principle;
c) the Consent and Disclosure Principle;
d) the Data Security Principle;
e) the Data Retention Management Principle;
f) the Data Integrity Management Principle; and
g) the Data Access Request Management Principle.
4. Subject to the relevant laws and regulations, Auto Prima College may process personal data for the relevant purposes (“Purpose”) such as: –
a) for human resource related purposes including but not limited to recruitment, employment, determination or assessment of employees’ remuneration and/or benefits, employee relations, payment for all statutory bodies and benefits related to employment and undertaking and/or maintenance of insurance policies;
b) for management, operation and administration purposes (including but not limited to making travel arrangements);
c) for accounting and banking purposes;
d) for the performance of due diligence exercises or to perform any evaluation/assessment;
e) to comply with all laws, rules, regulations, requirements, guidelines, policies, bylaws and/or legislations;
f) for organising, registering, inviting or notifying you of trainings, seminars, events, workshops, conferences, meetings or programs;
g) to create personal accounts to enable the data subject to have access to the database or network of Auto Prima College;
h) to tender or bid for projects, contract and/or work;
i) to obtain licensing, registration or such other approvals (including work permit, visa, offshore passport, offshore smartcard or trademark or patents applications) with any relevant governmental or non-governmental authority, department, board, body, agency, organization or company;
j) to enable Auto Prima College to enter into corporate or commercial transactions;
k) to undertake the operations of the business including execution of projects and/or enable Auto Prima College to discharge its contractual obligations;
l) for accident investigation and reporting purposes;
m) to conduct research, surveys and/or statistical analysis;
n) where the process of the Personal Data is necessary to respond to any claims or legal process or to enforce the law; and/or
o) for such other purposes incidental or associated with the above and/or in furtherance to the above purposes or any other purposes in connection with Auto Prima College’s objectives.
5. Minimum requirements in relation to the processing and protection of personal data and/or sensitive personal data will include the following: –
a) Data subject shall be informed when their personal data and/or sensitive personal data are processed, if they have not been informed. b) Data subject shall the right to exercise data subject choice and control and have appropriate legal rights to access their data.
c) The processing of personal data shall be properly documented.
d) Systematic measures shall be undertaken to ensure reasonablesecurity and integrity in relation to processing of personal data and/or sensitive personal data.
e) Appropriate awareness and/or trainign shall be given to the relevant personnel involved in the processing of personnel data and/or sensitive personal data.
PDPA COMMITTEE
PDPA Committee shall be responsible to oversee Auto Prima College compliance and implementation of PDPA requirements.
COMPLIANCE OFFICER
The Compliance Officer shall undertake the implementation of Auto Prima College’s PDPA compliance and reports to the PDPA Committee on PDPA compliance.
MONITORING AND REPORTING OF NON-COMPLIANCE
Auto Prima College shall implement compliance for monitoring and reporting any noncompliance with the requirements set out herein and/or in accordance with the applicable laws and regulations in relation to processing and protection of personal data and/or sensitive personal data. Any non-compliance shall always be reported to the Compliance Officer and escalated to the PDPA Committee.
REQUIREMENTS FOR ALL EMPLOYEES
All employees shall not process personal data regarding third parities, employees or others unless the necessary steps to compliance have been taken. All employees shall comply with this Policy. Any non-compliance of this Policy by any employees may results in disciplinary action and/or punishment as may be deemed appropriate by Auto Prima College under the relevant policy, procedures, laws and/or regulations.
REVISION
This Policy will be reviewed and updated from time to time. Any revision or amendment to this Policy will be subject to the review of the PDPA Committee and approval of the Group Managing Director.
APPENDIX 1
PDPA Notice
PERSONAL DATA PROTECTION NOTICE
The Personal Data Protection Act 2010 (“Act”) has been implemented to regulate the processing of personal data in commercial transactions. This Personal Data Protection Notice (“Notice”) has been issued by Auto Prima College in accordance with the Act to provide you with information on your personal data which may be processed by us and the manner in which we are doing so. For the purpose of this Notice, “Personal Data” shall have the meaning as ascribed to it in the Act. Unless otherwise stated, all capitalized terms herein shall have the same meaning as prescribed to it under the Act.
1. Types of Personal Data:
Auto Prima College may, from time to time, collect, store, maintain, use and/or otherwise process information in relation to you including your name, identity card number / passport number, contact details (e.g. address, telephone number and email address), resume and any other personal data required for any of the purposes listed under Paragraph 2 below (collectively, “Personal Data”).
2. Purposes of collecting and processing your Personal Data:
Subject to the Act and/or any relevant laws and regulations, Auto Prima College may process your Personal Data for the following purposes (hereinafter collectively referred to as the “Purposes”) or any of them: (a) to enable Auto Prima College to undertake the operations of the business and/or to discharge its contractual obligations;
(b) to tender or bid for projects, contracts and/or work;
(c) to obtain licensing, registration or such other approvals (including any work permit or visa) with any relevant governmental or nongovernmental authority, department, board, body, agency, organization or company;
(d) for due diligence or assessment for or by Auto Prima College; and/or
(e) for such other purposes incidental or associated with the above and/or in furtherance to the above purposes or any other purposes in connection with Auto Prima College’s objectives.
3. Source of Information:
Your Personal Data is or may be collected by Auto Prima College from various sources including such Personal Data collected or may be collected by Auto Prima College directly from you, your employer, the company or entity you are representing, the public domain or from any such other third parties who hold, store, maintain, use and/or otherwise process your Personal Data.
4. Importance of your Personal Data and/or Sensitive Personal Data
Your Personal Data and Sensitive Personal Data is necessary to us. If you do not provide all the information as requested, Auto Prima College may not be able to carry out the Purposes as stated in Paragraph 2 of this Notice
5. Data Integrity
Auto Prima College endeavours to take reasonable precautions to ensure that the Personal Data and/or Sensitive Personal Data that Auto Prima College collects and/or processes are accurately reflected in the records of Auto Prima College based on the details provided by you. Therefore, the accuracy of the Personal Data and/or Sensitive Personal Data depends to a large extent on the information you provide. As such, you shall:
(a) provide Auto Prima College with the accurate and complete Personal Data and/or Sensitive Personal Data.
(b) update Auto Prima College as and when such Personal Data and/or Sensitive Personal Data provided earlier to Auto Prima College becomes incorrect, incomplete or out of date.
6. Importance of your Personal Data
Your Personal Data is necessary to us. If you do not provide all the information as requested, Auto Prima College may not be able to carry out the Purposes as stated in Paragraph 2 of this Notice.
By providing and continuously providing your Personal Data and/or Sensitive Personal Data to Auto Prima College, you are consenting to this Notice and the collection, use, access, transfer, storage and processing of your Personal Data and/or Sensitive Personal Data as described in this Notice.
7. Disclosure of your Personal Data
Your Personal Data may be disclosed to other persons located within or outside Malaysia, for any of the Purposes or any other purpose for which your Personal Data was to be disclosed at the time of its collection or where such disclosure is required or authorized by law or by the order of a court. Please note that your Personal Data may be transferred to a place outside Malaysia.
8. Access, corrections and complaints
Subject to any applicable regulatory requirements, you may request for access to or for correction of your personal data or limit the processing of the personal data or seek further information by writing to us via post, e-mail or facsimile to the following address (if applicable):
Auto Prima College
No. 23, Jalan Kemuning Prima B,
33/B, Kemuning Utama,
40460 Shah Alam, Selangor, Malaysia.
Tel: +603 5121 7153
Pursuant to the Act, we may charge a fee for processing your request for access and we may deny your request for access or correction of your Personal Data under the circumstances as prescribed therein.