Pos Digicert Sdn Bhd | Data Protection and Privacy Statement

POS DIGICERT SDN BHD DATA PROTECTION NOTICE

We comply with the Personal Data Protection Act 2010. This notice informs you how we use your personal information based on the following guiding principles.

We use your personal information to provide you services pertaining to digital certificates and other transactional services which you request.
We aim to continuously improve our products and services for you and will use your personal information about you to help us do this.
We give you some control over the personal information we hold about you, including who is allowed to see it and how it is used.
We won’t use your personal information to contact you for direct marketing purposes without your consent.
We will take reasonable care to safeguard your personal information through security policies and secure business processes.

This Notice applies generally to all products and services provided by Pos Digicert Sdn Bhd.

There may however be occasions where a different data protection notice will be applicable for a specific transaction, and we will notify you accordingly.

Please read the terms of this Notice carefully before furnishing any personal data to Pos Digicert Sdn Bhd. By furnishing your personal data, you are indicating to us that you agree and consent to the terms and conditions of this Notice.

How we collect your personal data

Directly from you. We collect personal data that you provide to us when you use any of our products and services, website(s) or when you contact with us. This includes information that you provide:

when you request any services or buy products from us;
when you perform a transaction or contract with us;
when you fill up standard forms and submit them to us;
when you deal with us over the telephone or email us or have contact with us in person or through our website(s);
when taking part in our customer surveys, competitions and promotions;
when accessing our services and visiting our premises;
from correspondence you send directly to us including any enquiries or comments.

When you use our website. We may collect some information automatically when you access our website(s) including:

Information about your use of our products and services, including your browser type, operating system, platform, IP address, cookies, language and region; and
Search queries you conducted on our website(s), pages and advertisements you viewed and links you clicked on while using our website(s).

From third parties. We may ask third parties for personal information about you, for example when we acquire third party marketing lists or get authorisation for a payment you make using a credit or debit card or to complete a credit or fraud check.

Corporate entities. Where we transact or contract with a corporate entity, that corporate may provide personal data in connection with the transaction or contract. That corporate entity is responsible for obtaining your consent for disclosure of your information to us.

What personal data we collect

In this Notice, personal data means data we hold about you from which your identity is apparent or can be reasonably determined. This includes:

Your identification information such as name, identification number, gender, ethnic origin, nationality, date of birth, age, marital status;
Your contact details such as address (residential, office or billing) telephone number(s), email address(es) and other contact details that you provide us from time to time;
Your employment details such as your employer’s name, your position in the company, job description, the company’s address(es) and telephone number(s), income range;
Your payment details such as bank account number and credit or debit card details;
Transaction-related information including as sender and recipient identifying information and contact details;
Additional information that you provide when you transact with us or visit us.

Why we collect your personal data

To provide you with products and services. Note that the personal data we require may vary between transactions.
To verify your identity and to minimize the risk of unauthorized access to your personal data when you deal with us;
To enhance and improve your experience with us generally. When you indicate your preferences by filling in our forms, through your use of our website(s) or when you contact or deal with us directly, we will use this personal data to personalize our products and services to better meet your needs;
To provide you with information or notifications about products and services that we or our agents, contractors, employees, associate companies, business partners or professional consultants of Pos Digicert Sdn Bhd (“third party”) have selected and believe would be of interest to you (Please see the sections entitled “Who sees your data” and “Important information about opting-out”);
To prepare any statistics or analysis or internal reports for market research purposes;
To allow us to enforce our legal rights or to recover any debt owing by you to us;
To keep your personal data secure and minimize the risk of unauthorized access to your data by using some of your personal data to verify your identify when you use our website(s) and customer service helpdesk;
For security purposes when you visit our premises.

Who sees your personal data

Your personal data may be used by all the companies within Pos Digicert Sdn Bhd and its holding company - Pos Malaysia Berhad. Who sees your data depends on the context in which you provided it and the purpose for which it is being used (Please see the section entitled “Why we collect your data”).

Your personal data may be disclosed or transferred to a third party. This may include outsourcing any of our business operations or functions to any third party within or outside Malaysia. We may do this for the following reasons:

To provide you with our products and services or perform a contract with you. Some of our products and services are provided in conjunction or collaboration with certain third parties, and we will need to disclose your personal data to them to provide you with the products and services. We may also share your personal data with certain third parties who have been engaged to perform our business functions.
To provide you with information or notifications about products and services that we or third parties have selected and believe would be of interest to you. If you have given your consent by choosing not to opt out when filling in our manual forms, using our website(s) or when you contact or deal with us directly, we may share some of your personal data with carefully selected third parties so that they can provide you with information about products and services that may be of interest to you.
We may share your personal data with third parties (including the police and other law enforcement agencies) when we believe it is necessary to comply with the law or protect our or another person’s rights, property or safety. This includes exchanging data with third parties to protect against fraud and to reduce payment risks or disclosure of personal data to the police and other law enforcement authorities in connection with the prevention and detection of crime.
If we sell or buy any business or assets, we may disclose your personal data to the potential seller or buyer of such business or assets.

We will only deal with third parties who we trust will act in our customers’ best interests and who will treat our customers’ personal data with the same security controls that we apply ourselves.

Where we store and process your personal data

We generally store and process your personal data within Malaysia. However, the personal data that we collect about you may be processed in, transferred to, or stored at a destination outside of Malaysia. By filling in our manual forms, using our website(s) or when you contact or deal with us directly, you agree to this processing, transfer or storage outside Malaysia. Please be aware that we will take reasonable steps to ensure that your personal data is treated securely and in accordance with this Notice even when your personal data is processed in, transferred to, or stored at a destination outside Malaysia.

How long we keep your personal data

This depends on the context in which you provided your personal data and the purposes for which we use it. Your personal data will be retained for as long as is reasonably necessary for such purpose, see the section entitled “Why we keep your personal data”, or for such period as may be necessary to protect our legal interest. We will keep your personal data:

for as long as it is reasonably necessary for us to provide you with our products and services you have purchased or requested or the performance of a contract with you;
for marketing purposes to provide you with information about products and services that we or our third party business partners have selected and believe would be of interest to you until you choose to opt-out from allowing us to process your personal data for marketing purposes (Please see the sections entitled “Your rights to access and correct personal data” and “Important information about opting-out”);
We may keep records of any transactions you enter with us for up to six years so that we can respond to any complaints or disputes which may arise. Where the records are the subject of legal investigations or proceedings, we will keep the personal data for longer periods.
We will keep your personal data for as long as is required to comply with the law.

Your rights to access and correct personal data

In relation to our manual forms, you may access, correct or update your personal data; and limit the processing of personal data or withdraw your consent to process your personal data by filling in the Personal Data Access Request Form and/or Personal Data Correction Form. These forms are available at our website (www.posdigicert.com.my) or if you contact our Customer Care Department and we will endeavour to comply with your instructions within 21 days of receiving your completed form and the prescribed processing fee.

You can request details of all the personal data that we hold about you, by contacting our Customer Care Department. Our Customer Care Department will send you the Personal Data Access Request Form and/or Personal Data Correction Form which you should complete and return.

The charge for data access service is as follows:

Data Access Request with a copy - RM 10
Data Access Request without a copy - RM 2

The contact details of the Customer Care Department are set out in the section entitled “Enquiries” below. Your right to access your personal data is not absolute, and may be limited by the Personal Data Protection Act 2010.

Important information about opting-out

The personal data that we ask you to provide may either be mandatory or optional, and may differ depending on the particular product or service. Mandatory personal data is information required for the processing of the transaction or provision of products and services or performance of a contract. Optional personal data is information you voluntarily provide to us, which we may process during the transaction or to provide you with other products and services. Fields requiring mandatory personal data will be indicated in our manual forms and registration forms on our website(s).

If you choose not to furnish any mandatory personal data requested or wish to withdraw your consent or significantly limit the processing of your personal data, you agree that (notwithstanding any agreement between you and us) we shall be entitled to cease the provision of any products or services to you without incurring any liability whatsoever for any losses which you may suffer as a result such cessation.

By not ticking a clearly displayed "opt out" box, we will assume we have your implied consent to receive marketing communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.

You may choose not to receive any marketing information from us or any third party in relation to our products and services or that of our third party business partners, by any one of these means:

(i) contacting us at the contact details provided in the section entitled “Enquiries”;
(ii) by ticking the ‘opt out’ box in our manual forms for our products and/or services; or

We will endeavour to comply with your request within 21 days / as soon as we are reasonably able to do so.

If you are providing us with personal data of another person, you agree that this Notice has been given to such person and his consent has been obtained before you provide his or her personal data to us.

In relation to links to other sites found on our website(s), please note that personal data provided to these third parties are not under our control and responsibility and you may need to contact them directly if you wish to withdraw your consent for their continued use of your personal data.

Keeping your personal data secure

We will take reasonable steps to ensure that your personal data held by us is protected from unauthorized access, improper use or disclosure, unauthorized modification, unlawful destruction or accidental loss.

In relation to our website(s), some of the information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person’s web browser in their computer that can be retrieved by this site. Such information, for example, may be a user’s password that is stored to avoid having to retype it during subsequent visits to a site. Should you wish to disable these cookies you may do so by changing the setting on your browser itself.

We will take reasonable steps to secure your data, but note that data cannot be 100% secure. We will not be liable for any breach of security unless we have been negligent.

Our website(s) may also contain links to other sites controlled by a third party. Please be aware that we are not responsible for the privacy practices of such other sites. We are not responsible for how these other companies or organizations collect, use, disclose, or secure the information that you provide them. This Notice applies solely to information collected by website(s) maintained by Pos Digicert Sdn Bhd. If you choose to access a third party site linked to our website(s), you do so at your own risk and subject to any terms of service or privacy policy (if any) associated with such third party sites.

Revisions to the Notice

Our Notice may be revised from time to time and if there is any revision, it will be posted on our website(s) and/or other means of communication deemed suitable by us.