1. INTRODUCTION
The Personal Data Protection Policy ("the Policy") of Timberwell Berhad "TWB" and/or "the Company" is prepared in line with the Malaysia's Personal Data Protection Act 2010 "PDPA2010" or "the Act" |
2. OBJECTIVE
The main objective of the policy is to ensure that the Company established the necessary guidelines to protect the privacy of information about individuals (hereinafter referred to as "personal information" or "personal data") who come into contact with the Group or on behalf of the Company and its subsidiaries "the Group". |
3. PERSONAL DATA PROTECTION STATEMENT
3.1 It is essential for TWB and its subsidiaries "the Group" to collect, process and use the personal information or personal data within the scope to serve the Group's "legitimate interests", and with prior consent from the person whose data belongs to. 3.2 Personal information must be collected and dealt with appropriately whether such information is collected on paper, stored in a computer data base system or recorded on other material, and adequate security measures should be accorded to such personal information under the provisions of the PDPA2010. 3.3 The Group regards the lawful and correct treatment and handling of personal information as very important to safe business practices and to uphold confidence of those within the Group and all of the stakeholders. 3.4 It is the Group's policy that all personal information held by the Group be treated and dealt with respectfully, correctly and lawfully at all times in accordance with the provisions of the Act. |
4. DATA USER
4.1 The Group is the sole "data user" within the meaning of the Act, which means that it determines what purposes of the personal information of individuals would be used for in the course of its business activities. 4.2 It shall also be the responsibility of the Group to provide the necessary statutory notifications under the Act to the "data subject" and "data processor" and where necessary, the general purpose that this data will be used for by the Group. |
5. DISCLOSURE
5.1 During the course of its business and operational activities, the Group may or shall be required to share personal information of individuals held by the Group with other parties such as the State Governments, Statutory Bodies, Public Corporations and other Government Agencies and private corporations. 5.2 Nonetheless, there are or could be circumstances where the law permits or requires the Group to disclose personal information without the consent of the data subject. 5.3 Where there is a requirement on the part of the Group to disclose or share personal information of individuals to third parties, the individual concerned will be made aware in the most circumstances of how and with whom their personal information will be disclosed or shared. |
6. MANAGEMENT CONTROL
The Group being the Data User shall, through effective and appropriate management control systems:
|
7. DATA COLLECTION
7.1 The Group shall ensure that personal information, in whatever manner, is collected within the limitation and boundaries set forth in this policy 7.2 Where informed consent is required from the data subject, the Group shall obtain the required consent in an appropriate manner from the data subject in writing before collecting and processing the personal information. The Group shall ensure that the data subject agreeing or refusing to provide such consent. 7.3 When collecting data, the Group shall ensure that the data subject:
|
8. DATA RETENTION AND STORAGE
8.1 It is the policy of the Group that information and records relating to data subjects shall be stored securely and be accessible only to authorised staff for legitimate purposes. 8.2 It is also the policy of the Group that personal information shall be stored for only as long as it is required by law and shall be disposed of appropriately thereafter. 8.3 It is the responsibility of the Group to ensure that all personal data is non- recoverable from any computer system previously used within the Group, which has been passed on or sold to any third party. |
9. DATA ACCESS AND ACCURACY
9.1 All individuals have the right to access the information the Group holds about them. The Group shall also take reasonable measures to ensure that information of data subjects is kept up to date by confirming with the data subjects from time to time, on whether there have been any changes on their personal information. 9.2 All employees are aware that any breach or violation of the rules and procedures identified in this policy may lead to disciplinary action being taken against them. |
10. UPDATE AND REVISION
This policy shall be updated and revised as and when it is necessary to reflect the best practice in management, and control of personal data and to ensure compliance with any changes or amendments made to PDPA2010. |