PERSONAL DATA PROTECTION NOTICE
Perbadanan Insurans Deposit Malaysia (“PIDM”, “we”, “us”, “our”) is committed to ensure that the processing of personal data by PIDM complies with the Personal Data Protection Act 2010 (“PDPA”). This notice is issued pursuant to the PDPA (“Privacy Notice”). For the purpose of this Privacy Notice, the terms “Personal Data” and “processing” shall have the same meaning as prescribed in the PDPA.
1. Personal Data
1.1 Types of Personal Data
During the course of PIDM’s dealings with you, PIDM may collect, use, disclose and/or process your Personal Data which may include, but is not limited to the following:
- Personal particulars: name, race, religion, date and place of birth, age, gender, nationality, address, e-mail address, contact details, NRIC number, passport number, marital status, details of spouse, dependents and next of kin;
- Employment related details and history: curriculum vitae (CV/resume), personal interests, skills, education and related qualifications, details of referees, performance appraisal, assessment, examination results, recruitment documentation, salary related information, organisational memberships, work permit, result of background checks;
- Financial details: bank account and credit card details, statutory contributions i.e. EPF, SOCSO and income tax, information on assets, liabilities, credit worthiness, directorship and shareholding in companies;
- Physical, mental health or medical condition;
- Commission or alleged commission of any offence or proceedings for any offence committed or alleged to have been committed including past misconduct, the disposal of such proceedings or the sentence of any court in such proceedings; and
- CCTV images, voice or video recordings, photographs.
1.2 Source of Personal Data
PIDM collects your Personal Data through several methods which include:
- information you have provided to us by whatever means and/or in whatsoever manner;
- information obtained independently by us or have been given to us from persons authorised by you, vendors who may be assisting us with our operations, other lawful sources or publicly available sources;
- completed enquiry, application or registration forms through various means, including from headhunters when you or our headhunters send us completed enquiry or application forms or curriculum vitaes;
- any form that you have submitted to us;
- any call, email, correspondence, inquiry from you or with us;
- any document (including statutory forms) submitted to us for processing;
- when you visit any relevant premises/facilities, including without limitation the premises/facilities owned, operated or managed by us or on our behalf (“PIDM’s Premises”) subject to any relevant terms and conditions;
- CCTV recordings in PIDM’s Premises;
- via any online platforms or sites owned, operated or managed by us or on our behalf (“Platform”) and/or the cookies;
- our initiatives, activities, events, campaigns, contests and surveys (“Events”);
- all other communication between you and us on any subsequent occasion; and
- all other communications between you and us and all other information that you may provide us from time to time.
2. Purposes of collecting and further processing (including disclosing) your Personal Data
The Personal Data may be processed, collected and used for the following purposes (“Purposes”):
- to discharge PIDM’s duties and obligations related to its functions or activities under the legislation administered by PIDM and when it is necessary for or directly related to such purposes;
- to perform our contractual obligations with you and for the continuation of such contractual obligations;
- to ensure the performance by you of your services to PIDM, pre-contractual and contractual obligations;
- to create directories or databases whether for publication or not;
- to facilitate, process, deal with, administer and manage your relationship or commercial transactions with us, including the preparation of all necessary documents and contracts with you;
- to process any payments relevant to you;
- to enable us to perform our obligations and enforce our rights under any agreement or documents that we are a party to;
- to provide access to PIDM’s Premises;
- to consider and process applications for scholarships, internship or employment;
- to evaluate your submission or response to our request for proposal, tender, request for quotation or request for information;
- for insurance purposes;
- for internal record keeping, internal investigations, audit, risk management or security purposes;
- where relevant, allowing you to connect to the wifi facilities offered by us or our service provider and/or granting you access to our Platform;
- for preventing or investigating any illegal or criminal activities;
- for enforcing our rights and obtaining professional advice;
- for conducting background and integrity checks, credit reference checks and establishing your credit worthiness, where necessary;
- to comply with legal and regulatory obligations in the conduct of our operations;
- to communicate with you and respond to your enquiries or complaints;
- to facilitate your participation in, and our administration of, any of our Events;
- to conduct research, review, study or surveys, profiling activities, statistical and trend analysis in relation to PIDM, our operations, activities and our objects;
- for or in connection with all other purposes authorised by you; and/or
- for or in connection with all other purposes related to any of the above Purposes.
3. Consequences of failure to provide Personal Data
The Personal Data provided to us may be mandatory (as may be specified by us, among others, in the forms) or voluntary in nature depending on the Purpose for which the same is collected. Failure to provide mandatory Personal Data may affect PIDM’s ability to fulfil the Purposes in paragraph 2.
4. Access to or correction of Personal Data and withdrawal of consent
You have the right to, upon payment of a prescribed fee (if any), request access to and correction of your Personal Data held by us to ensure that it is accurate, complete, not misleading and up-to-date. If you wish to exercise this right to access or correct your Personal Data, please complete the “Personal Data Request Form” available at our “Contact Us” page and email the completed form to firstname.lastname@example.org.
We have the right to refuse to comply with your data access request or a data correction request and shall, by notice in writing, inform you of our refusal and the reasons of our refusal.
You may also (i) request us to limit the processing of your Personal Data or request us to cease or not begin processing your Personal Data for purposes of direct marketing such as informing you on our Events, (ii) withdraw your consent or restrict the purposes and methods in which we process your Personal Data and the Personal Data relating to other persons who may be identified from your Personal Data, subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be effected, by providing us a notice in writing. If you withdraw your consent or restrict the purposes and methods in which we may process your Personal Data, we may not be able to continue to deal with you and/or may result with us being unable to process your Personal Data for any of the Purposes.
If you wish to withdraw your consent for us to process your personal data, please complete the “Withdrawal of Consent Form” available at our “Contact Us” page and email the completed form to email@example.com.
You may contact us with any inquiries or complaints in respect of your Personal Data via the methods below:
||Head, Legal Department
Please note that notwithstanding the withdrawal of your consent, we may still process your Personal Data under circumstances permitted by law.
5. Disclosure of Personal Data (within or outside of Malaysia)
The Personal Data held by us shall be kept confidential. However, when processing your Personal Data for any of the Purposes in paragraph 2, we may disclose such Personal Data to the following persons including but without limitation to:
- departments, divisions, units or functions within PIDM including any of our directors, employees, agents, representatives on a need-to-know basis;
- building management of PIDM’s Premises;
- our business partners, contractors and service providers;
- credit reporting agencies and background check agencies (where relevant);
- banks, insurance companies, payment verification providers and payment processors (where relevant);
- such third party as requested for or authorised by you;
- professional bodies and training institutions for employment related purposes, our legal advisors, financial institutions and any governmental or statutory authorities, agencies, bodies or departments;
- regulatory and enforcement agencies;
- all other persons or bodies who provide us with services necessary and/or incidental to our operations on a need-to-know basis;
- relevant third parties as required under law, pursuant to relevant contractual relationship or for the Purposes stated in paragraph 2 above (or directly related to those Purposes); and/or
- any third party for any of the above Purposes.
6. Transfer of Personal Data outside Malaysia
As and when required by us, we may transfer your personal data outside of Malaysia for such purposes as necessary for our mandate, business, purposes, or legal or contractual compliances. By providing your personal data to us, you expressly consent to any transfer of your personal data outside of Malaysia by us.
7. Changes to this Privacy Notice
We will review and update this Privacy Notice from time to time to reflect the changes in operations or laws or regulations. You are advised to obtain the latest version of our Privacy Notice by contacting us or visiting our website to ensure that you are familiar with the latest version. By continuing to communicate and deal with us after posting of our latest Privacy Notice, you are deemed to have accepted and consented to the revision and update contained therein.
8. Personal Data of third parties
In the event you have to provide or may have provided Personal Data relating to a third party, you hereby confirm that such third party has read this Privacy Notice and consented to us processing his/her Personal Data for any of the Purposes prior to providing his/her Personal Data to us. Where another person is providing/submitting any of your Personal Data to us, you agree that you have authorised the disclosure of your Personal Data to us and consented to the processing of your Personal Data by us in accordance with this Privacy Notice.
9. Your consent
Please take note that by giving us your Personal Data, you hereby agree and expressly consent to us processing or continuing to process your Personal Data in accordance with the terms of this Privacy Notice.
This Privacy Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.
Last updated: 20 March 2023