Protection of your Personal Data is important to us. We respect confidentiality and privacy of individuals and are committed to complying with the Malaysia Personal Data Protection Act 2010 and its regulations, as amended from time to time (“PDPA”) and other applicable data protection laws.
For the avoidance of doubt, to the maximum extent permitted under applicable laws, nothing in this Policy establishes any joint and several liability on the part of any entities within IOIPG.
Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained. The legal basis for our processing of your Personal Data could also be that it is necessary for the legitimate interests pursued by us, or a third party which is described in paragraph 4 of this Policy. These legitimate interests include providing services to you where you are our client/customer, managing the relationship between IOIPG and you, and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested.
- For the purpose of this Policy, “Personal Data” shall have the meaning as ascribed to it in the PDPA which means any information in respect of commercial transactions, which:
(a) is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose;
(b) is recorded with the intention that it should wholly or partly be processed by means of such equipment; or (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system.
- “Personal Data” means data or information about you from which you are identifiable either from the data alone or from that data combined with other information, including but not limited to the following:
(a) your name, national registration identification number (NRIC), birth certificate number, passport number or other identification number, mailing address, email address, telephone number(s), facial image in a photograph, fingerprint and any other information relating to you which you have provided to us in any form you may have submitted;
(b) your education background, personal interests, your employment history and income levels;
(c) your payment related information such as your bank account detail or credit card information and your credit history; and
(d) information about your use of our websites and services including cookies, IP addresses and membership details.
- The type of Personal Data collected will depends on the nature of your dealing or transaction with IOIPG.
Collection of Personal Data
- We may collect your Personal Data from you through various means, including but not limited to instances when you:
(a) submit registration forms (either electronic or printed) relating to any of our products (new launches or property roadshows, showcases, exhibitions or any other promotional events) or services, or submit any online queries;
(b) register for or use any of our services on websites owned or operated by us or when you register as a member on any of our websites or mobile applications owned and/or operated by us;
(c) register for or use any of our services, including accessing our properties or utilising any facilities within our properties or registering for your stay at our hotels;
(d) use or purchase our services or products;
(e) enter into or make payments related to any transactions with us;
(f) interact with our customer service officers i.e. via face-to-face meeting, telephone calls, letters, online forms such as any “contact us” form on our websites, online chat, social media
platforms, emails and business interactions in any events;
(g) sign-up or update any online accounts with us;
(h) respond to our request for additional Personal Data;
(i) subscribe to our mailing list;
(j) respond to our promotions or other initiatives;
(k) participate in our contests, events and market surveys or research;
(l) submit a job application;
(m) have been referred by our business partners and/or third parties;
(n) browse our website such as cookies; and
(o) submit your Personal Data to us for any other reason.
The above does not purport to be exhaustive and sets out some common instances of when your Personal Data may be collected.
In addition to the above, we may use variety of technologies, as the case may be, to automatically collect information about your activities on the mobile application(s) (if any), such as web beacons, clear pixels or pixel tags, analytical tags, geo-location technologies and quick response (QR) code.
Sensitive Personal Data
Some of the Personal Data that we collect may be sensitive in nature. This may include Personal Data pertaining to your race, religious beliefs, background information (including financial and
criminal records, where legally permissible), health data, disability, marital status and biometric data, as applicable. We collect sensitive Personal Data only with your consent and/or in strict compliance with applicable laws. In the event that you are required to furnish any documentation or information to us for any Purpose (as defined below) which may contain such sensitive Personal Data (which is not required for that Purpose), you agree to redact such sensitive Personal Data before providing such documentation or information to us.
Provision of third party Personal Data by you If you provide Personal Data of a third party to us, you represent, warrant and confirm that:
(a) prior to disclosing such Personal Data to us, you would have and had obtained consent from the individual whose Personal Data are being disclosed to us, to permit you to disclose the
individual’s Personal Data for one or more of the Purposes; and permit us to collect, use, disclose and/or process the individual’s Personal Data;
(b) any Personal Data of individual that you disclose to us is accurate; and
(c) you are validly acting on behalf of such individual and that you have the authority to provide their Personal Data to us.
Use and Disclosure of Personal Data
- In order to effectively provide you with the products and services that you require, we need to collect a range of Personal Data about you. In general, we will or may, subject to applicable law, use, disclose and/or process your Personal Data for one or more of the following purposes (“Purpose”):
(a) provide you with the products or services that you have requested and/or signed up for;
(b) provide access to our properties or facilities within our properties;
(c) facilitating, implementing and/or formalising (including processing any payments related to) any transactions with us;
(d) communicate with you and respond to your queries, requests and complaints;
(e) process your application for the account(s) and maintain your account(s) with us;
(f) facilitating IOIPG’s loyalty or membership programmes;
(g) verify or update your personal particulars;
(h) conduct due diligence, risk assessments and/or background or credit checks;
(i) provide information about the products and services of IOIPG, our business partners which may be of interest to you;
(j) inform you of our performance and the products and services that we provide through circulars, reports, newsletter and communications;
(k) facilitating your participation in our contests and events;
(l) maintain the client relationship;
(m) help us review, improve, manage the delivery of and enhance our products and services including analysing future customer needs, conducting market research and data analytics;
(n) facilitating business transactions which may include mergers, acquisitions or asset sales;
(o) communicate with you of changes and development to our policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(p) handle and/or resolve complaints or disputes, conduct and facilitate investigations;
(q) prevent, detect and investigate security breaches and crime, including fraud, money laundering and other commercial risks;
(r) protect and enforce our contractual and legal rights and obligations;
(s) manage and maintain appropriate records and comply with internal policies and procedures;
(t) comply with any applicable rules, regulations and laws, codes of practices or guidelines or assist in law enforcement by relevant authorities; and
(u) any other purpose related to any of the above.
- The above Purposes are not exhaustive and depending on the nature of your relationship with us, we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with the applicable terms and conditions.
Disclosure to Third Parties
- Your Personal Data will be protected and kept confidential but subject to the provisions of any applicable law, your Personal Data may, depending on the products and/or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to the third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary.
- The third parties are:
(a) other divisions, departments or entities within IOIPG;
(b) our affiliates, joint venture partners, business partners, investors and/or assignee or transferee to facilitate business asset transactions (including any merger, acquisition or asset sale);
(c) our agents, contractors, consultants, third party service providers and specialist advisers who have been contracted to provide us services such as management, administrative, financial, legal, audit, insurance, research, telecommunications, public utilities, information technology, payment, training, market research and storage;
(d) the Joint Management Body, Management Corporation and property management company for the maintenance and management of the properties;
(e) relevant government authority, regulator or law enforcement agency to comply with any laws or rules or regulations imposed by the government;
(f) banks, financial institutions and their respective service providers;
(g) credit reporting agency or in the event of default or disputes, any debt collection agencies or dispute resolution centres; and
(h) any other party as may be consented to by you, as specified by you or as may be notified to you by us in subsequent notices.
- We require organisations which obtain or process Personal Data as our service providers to acknowledge the confidentiality of this data, undertake to abide and comply with the PDPA and any other applicable data protection laws. As a requirement under these laws, we have specific agreements in place with such third parties to regulate and safeguard your data protection rights and also require that these organisations use this information only for the Purpose.
Transfer of Personal Data
Your Personal Data may be stored in external servers located overseas or in countries outside of your country of residence. In carrying out our business, it may be necessary to share information about you with and between our related companies and third party service providers, some of which may be located in countries outside of Malaysia. We will take reasonable steps to ensure that your Personal Data transferred outside of Malaysia is adequately protected and that such transfers comply with the requirements of the applicable data protection laws.
Management and Security
- IOIPG is committed to take all reasonable steps to ensure your Personal Data is kept confidential and secure, and to take appropriate administrative and security safeguards, policies and procedures to prevent any unauthorised and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. However, your Personal Data is accessible by a limited number of employees who have special access rights to such systems through the use of a unique identifier and password for the purpose of performing their official duties.
- Your Personal Data is maintained on systems that are protected by secure networks and appropriate security arrangements to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data.
Retention of Personal Data
We may retain your Personal Data for as long as it is necessary for the Purposes it has been collected, unless otherwise permitted by applicable law or in order to defend legal claims. Where we no longer require your Personal Data for those Purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.
Request for Access and/or Correction of Personal Data
- You have the rights, under applicable data protection laws, to request access and/or correct your Personal Data currently in our possession or control, which can be exercised by contacting the relevant department at the contact details provided in paragraph 10 below. We will need sufficient information from you in order to ascertain your identity as well as the nature of your request to enable us to deal with your request. Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
- We reserve the right to decline your request where the applicable data protection laws exempts certain types of Personal Data from being subject to your request and situations when correction need not be made by us despite your request.
Request to Withdraw Consent
- Where we rely on your consent to use your Personal Data, you have the right to withdraw your consent at any time. This withdrawal will however not affect the lawfulness of processing based on your consent before your withdrawal.
- We will process your request within a reasonable time once we have verified your identity and received your clear withdrawal instructions. In this regard, if you withdraw your consent to any or all Purposes and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you.
If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to obtain access and/or make corrections to your Personal Data, please contact us at:
IOI Properties Group Berhad 201301005964 (1035807-A)
Address: Level 29, IOI City Tower 2, Lebuh IRC, IOI Resort City, 62502 Putrajaya, Malaysia
(Attention: Group Marketing & Branding)
Email: [email protected]
Telephone Number: +603 8680 3333
This Policy shall be governed in all respects by the laws of Malaysia. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.
This Policy will be reviewed from time to time by us. We may also update this Policy to take into account of new laws and technology, changes to our business operations and environment. We shall notify you by posting an updated version of this Policy on our websites and/or mobile applications.