EHUB IT SOLUTIONS SDN BHD’S PERSONAL DATA PROTECTION POLICY
Please read, this Personal Data Protection Policy (“Policy”) or the Policy as amended at any time by EHUB (“We”, “Us” or “Our”) at its sole discretion (which supersedes prior Policy(s)), to appreciate Our handling of Personal Information (defined below).
In accordance with the Personal Data Protection Act (“PDPA”) 2010 and in accordance to the GDPR, a Customer (“You” or “Your”) has the right to know the reasons We, collect and use, such Personal Information, and whom We may share the Personal Information with.
Please note, by You providing Personal Information to Us or continuing to use Our Services or visiting our website, You are consenting to the practices outlined under this Policy. In the event You act for another person, You are confirming that You, have informed this person of the objectives of this Policy and thereafter got this person’s authority to provide its Personal Information to Us.
What Personal Information do We Handle?
In this Policy, “Personal Information” means only the information which You provide and which information relates, directly or indirectly, to a natural person, who is identified or identifiable, from that information or from that and other information, in Our possession. Such Personal Information includes the person’s:
- name, home address, business address, date of birth, gender, nationality, race, identity records (including National Registration Identity Card or passport details), spoken language, telephone number, fax number, mobile phone number and e-mail address;
- credit card or debit card or banking details;
- details or usage or analytics of the usage (for example including but not limited to the sent or received, amount of data, IP addresses, transmission details, details of the hardware used, the time of use, duration of use, clickstream data of pages browsed, personal settings, interest and preferences), of the subscribed, Services or third party services;
- details or usage or analytics of the usage of mobile devices (for example including but not limited to the mobile device’s unique identifier and the location) if used to access the subscribed, Services or third party services;
- CCTV recordings of Your visits at any of our branches;
- Recordings of Your phone calls to Us (at Our help desk or at any of Our other contacts).
Why We Collect Your Personal Information?
We require the aforementioned obligatory Personal Information for, communicating with You, tailoring Services for Your needs, improving our services and the proper functioning of Our business, when providing Your requested Service including but not limited to:
- for the purpose of verifying Your identity;
- if We believe it is relevant, to process Your application for or in providing You, the Services;
- if We believe it is relevant to operate Our business including but not limited to:
- managing “Our System” which includes Our, network, servers or employed software;
- maintaining the security of Our system (including against security breach);
- detecting, rogue activities or fraudulent activities or activities that might reduce our reputation, and stopping such activities;
- verifying credit worthiness;
- processing credit card payments;
- administering the Services provided to You by collecting analytic information for, billing purposes, collecting payments due, monitoring Our performance (service levels, service issues and its resolution, or QA/QC)
- addressing Your queries (billing, complaint or general enquiries);
- for optimizing Services – Our system (in planning its, expansion or upgrades or routine testing or maintenance scheduling) or Our staff (by training);
- complying to regulatory requirements;
- being ready for legal challenges (including investigating, defending or initiating, claims, charges or proceedings); or
- producing data as may be required (by Our suppliers, data analysers, market researchers, research bodies or government authorities);
- to contact You through any of Your points of contact including but not limited to providing customer care, furnishing Your requested information, [providing location based services save for when You have turned it off,] improving relationship, appraising you of products (newly developed, changed, modified or deprecated) or obtaining Your feedback on the Service; or
- as permitted by any law, regulations, guidelines or the authorities.
What is Your Obligation in Providing Personal Information?
As such, You are responsible for providing such Personal Information as required by Us. Please note that as a condition to use of Services, You shall ensure that the Personal Information at all times is, complete and accurate, failing which We shall not take responsibility nor are we liable for any inaccuracy of such Information provided and We reserve the right to terminate Your Agreement without notice.
What are Your Options in Providing Personal Information?
You, however, have the right to decline providing certain information. However, in the event that You refused to provide such information, may prevent us from providing our full capacity of the Service rendered depending on the information that You choose not to provide.
What About Other Information You Provide?
For the avoidance of doubt, “Other Information” is any information which You provide and NOT requested by us and which such information may relates, directly or indirectly, to a natural person, who is identified or identifiable, from that information or from that and other information, in Our possession. We will not be responsible for the Other Information’s security. Under the PDPA, You are responsible as a data user for any personal information that You, process or control, under any of Your commercial transaction with others. Accordingly All Personal Data collected shall be kept in a secure environment to minimize any potential abuse, You shall use Your best endeavours to secure, Other Information including but not limited to any other information, by use of adequate encryption technologies.
You shall have the right to request for a “Right to be Forgotten” dtawhereby upon such request, all data including collected including outdated Personal Information or irrelevant information of the User shall be removed from Our database.
How do We Collect Your Personal Information?
Such Personal Information may be collected:
- when You, visit our offices, communicate with Us, subscribe to Services, use such Services (which includes but is not limited to any analytics from the background, infrastructure or network), participate in Our programmes, register Your interest in requesting for information, enter a business relationship with Us, visit Our website or give Us by any other means; or
- from other sources, which You have consented Us to collect from (for example including but not limited to credit rating agencies) or where legally permitted.
How do We Handle Your Personal Information?
If We believe it is necessary, to fulfil any of the purposes mentioned above for collecting Personal Information, we may at any time, without notice to You, pass such Personal Information to:
- Our employees or, companies or organizations or businesses, affiliated with Us (such as Our, representatives, group of companies, agents, contractors, data processors (who assist in, collecting or handling, transactions), suppliers (including but not limited to providers of products used in Your subscribed Services), or professional advisors) or carriers that We employ to communicate with You (including but not limited to by, post, courier, telecommunication or shipping agencies), and their employees;
- the appropriate, credit card company or finance institution, processing payment transactions;
- Government agencies, judicial bodies, regulators or law enforcement agencies; or
- such parties as per Your, express or implied, consent;
if permitted by, law, regulations or guidelines or:
- any, company or body, that is attempting to stop, rogue activities or fraudulent activities, provided it shows proof of such activities.
Also in the event, that Our business is substantially acquired by another party, it is likely that the customer information (including but not limited to Personal Information), which is an asset of the business, would also be transferred to the party acquiring the business. We will only pass Personal Information to the aforementioned parties if all such parties observe, this Policy or a policy which is equally protective of Personal Information as this Policy.
Moreover, We may release such Personal Information as We might believe is necessary without notice to YOU in:
- legal challenges (including in investigating, defending or initiating, claims, charges or proceedings);
- enforcing any of our Agreements or protecting Our rights; or
- protecting, any property or safety of anyone.
In such instances, depending on the circumstances, the Personal Information might be exposed in public documents. We, however, will seek redaction of such Personal Information to the extent permitted by, law, regulations or guidelines.
Other than the aforementioned, We will not otherwise disclose, Your identifiable Personal Information to others without Your consent and We wish to assure You that We will not sell Your identifiable Personal Data for commercial gain. In the event, there is a need for Us to disclose in circumstances not taken into account in this Policy, We shall seek Your consent before the release of such Personal Information.
We shall immediately inform You in case of detection of any harmful breach which had occurred or in the event of an early detection of possibility of harmful breach of Your Personal Information.
What About Up-Dating of Personal Information?
We make every effort to up-date Personal Information and You are responsible for, such up-dating. Subject to verification, You may assess Personal Information which you had provided in response to Our request and update the same. We shall endeavour to provide access to the remaining Personal Information, if requested, save for information which, is commercially confidential or we are unable to divulge by law or impacts security (of Our System or any other party’s system). In making such requests, please contact Us at the contact indicated below and kindly quote Your, name and account number. Please note that We charge a nominal fee for processing such requests. We shall endeavour to fulfil Your request within 21 days after receiving, it and the nominal fee.
How Do We Handle Cookies at Our Website?
What is Our Security Assurance?
We make every effort to implement a security system that prevents unauthorized access of Personal Information (including by Our staff without clearance). For example:
- when You transmit Personal Information to Us, We encrypt the input by use of [128 bit] Secure Sockets Layer (SSL) software;
- only the last four digits of your credit number is shown for the purpose of confirming a payment transaction;
- We employ firewalls to prevent unauthorized hacking.
We do not ask by, e-mail or through links within it, for any, Personal Information or confirmation of security particulars; links if any in our e-mails would direct you to informational pages only. Thus You should not respond to e-mails making such requests. Instead please contact Us at the contact indicated below to report any such e-mail requests or other suspicious activities.
What are the Security Measures You Should Consider?
The internet is not a secure environment. Whilst We make the aforementioned efforts to prevent breach, You should transmit confidential information only if You have taken appropriate security steps to protect the transmission. In particular, You should be extra vigilant when You transmit particulars which may, financially impact You or result in identity theft. You are advised to independently verify the input sought before giving out any particulars. You should also ensure that Your, password and account details, are kept secure and that You sign off at the end of every session of using Our Service, so as to prevent an unauthorized person using Your account. We cannot be responsible for unauthorized access which does not arise out of Our, default or negligence.
Is Personal Information Transferred Outside Malaysia?
We do not transfer Personal Information outside Malaysia save for instances the parties mentioned above to whom we pass Personal Information are “Overseas Entities” located outside Malaysia. You consent to passing such Personal Information to Overseas Entities where necessary.