General Principles
The Company will only process Personal Data with the purpose or a reasonably related purpose for which they were collected. The Company will not process such Personal Data in a manner that is incompatible with such purposes unless the relevant Data Subject has provided consent upon such action. In addition, the Company will perform at its best endeavour to ensure Personal Data being processed is accurate and up-to-date. Purposes for processing Personal Data must be legal and reasonable, which include and are not limited to:
- Performance of legitimate business interests of the Company;
- Performance of legitimate operational interests of the Company; and
- Compliance with legal obligations.
The Company will document records of processing and such documentation will be stored with full security in the Company’s database. They will be reviewed and accessed on a need-to-know basis.
The Company will not retain Personal Data for a period longer than necessary for the purpose for which they were collected unless they are necessary to be retained to comply with legal or regulatory obligations. The period will be determined on a case-to-case basis.
The Company will not sell, transfer, or disclose any Personal Data to other third parties without Data Subjects’ consent. However, the Company may share the Personal Data with its corporate affiliates provided that all procedures are complied with.
The Company will organize regular training to ensure all employees have sufficient knowledge about this policy and the correct procedure for processing Personal Data. The Company’s management and/or Human Resources Department is responsible for designing and conducting appropriate training sessions.
Obtaining Data Subjects' Consent
The Company must obtain consent from Data Subjects in an appropriate manner before any processing conducts are performed by any employees in the Company as we acknowledge Data Subjects have the right to receive information about the conducts performed on their Personal Information. Such information includes:
- Identity of Data Controller;
- Purpose and methods of processing Personal Data;
- Scope of Personal Information is processed; and
- Any third parties involved to which the Personal Data might be transferred or disclosed to.
In order to reduce potential disputes, Data Subjects’ consent must be provided orally, in writing, or electronically. The Company will not take any actions of Data Subject as implied consent. For Data Subjects who are not capable of providing their consent, such as children, elderly, and patients with mental disorders, the Company will obtain consent from their legal guardian(s). However, the Company need not obtain Data Subject’s consent under the following special circumstances:
- When the Personal Data can be publicly accessed and collected
- When the processing is necessary for the Company’s legitimate business interest; and
- When the processing is necessary for the public interest.
The Company hereby acknowledges privacy as a fundamental right and respects decisions made by Data Subjects to withdraw their consent by giving legal and reasonable notice to the Company. However, Data Subjects might not receive benefits and services prior to their withdrawal of consent after the Company accepts their withdrawal.
Data Subjects' Rights
Data Subjects have the following rights and these rights can be exercised by giving legal and reasonable notice to the Company:
- Right to Access: The Company will grant permission for Data Subjects to check about details of their Personal Data being processed upon request. The Company will provide legitimate reasons if we wish to reject such requests.
- Right to Correct: Data Subjects have the right to make requests for the correction of any incorrect or misleading Personal Data about themselves. Evidence should be supplemented with such requests.
- Right of Erasure: Data Subjects have the right to request their Personal Data to be erased from the Company’s database.
Confidentiality and Security
The Company will perform at its best endeavour to protect the confidentiality and security of personal data and such a duty extends to all interactions with third parties such as employees and clients. All terms and conditions stated in the Confidentiality Agreement signed by employees upon their employment applies.
We take all breaches of this policy very seriously and we hereby promise all allegations of breach will be thoroughly investigated by the Human Resources Department confidentially and fairly.