PDPA ACT / Privacy Policy
We, Agape Chapel, respect the privacy of all individuals with whom we have a contractual relationship. We are committed to protecting all Personal Data kept by us.
For this reason, Agape Chapel and its subsidiaries (collectively, “AC”) have adopted this Personal Data Protection Policy (“this Policy”) in compliance with the Personal Data Protection Act 2010 of Malaysia (“PDP Act”).
Definitions
Consent
the free, informed and prior agreement given by the Data Subject for the processing of his/her Personal Data.
Personal Data
any information relating to an identified or identifiable natural person. An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or the person’s physical, physiological, mental, economic, cultural or social characteristics. Personal data may relate to any natural persons, including employees, customers, clients, investors, suppliers, contractors or other individuals.
Processing
collecting, recording, holding or storing the Personal Data or carrying out any operation or set of operations on the Personal Data, including:-
-
the organization, adaptation or alteration of Personal Data;
-
the retrieval, consultation or use of Personal Data;
-
the disclosure of personal data by transmission, transfer, dissemination or otherwise making available; or
-
the alignment, combination, correction, erasure or destruction of personal data;
Data Subject
a natural person, a private individual about whom information is collected, stored or processed.
Minister
refers to the Minister of Information, Communications & Culture.
Sensitive Personal Data
comprises information as to:-
-
the physical or mental health or condition of Data Subject;
-
the political opinions of Data Subject;
-
the religious beliefs or other beliefs of a similar nature of Data Subject;
-
the commission or alleged commission of any offence by Data Subject; or
-
any other Personal Data determined by the Minister.
Third parties
a person or a company who is not a party to a contract or a transaction with AC, but excluding AC’s subsidiaries, contractors, sub-contractors, authorized agents, vendors and professional advisors.
1. SCOPE This Policy applies to all operations units of AC. To the extent any operations unit of AC already has a data protection policy in place, this Policy shall supersede and replace any such policy.
2. RESPONSIBILITY
Legal Services Department is responsible for the administration of this Policy and monitoring enterprise wide compliance.
3. EFFECTIVE DATE This policy is effective as at 15 November 2013.
4. PERSONAL DATA PROTECTION PRINCIPLES
4.1 General Principle:
4.1.1 AC will only process Personal Data in the manner set out below:
-
Processing of Personal Data will be for a lawful purpose directly related to the activity of AC;
-
Processing of Personal Data must be necessary for or directly related to that purpose;
-
the Personal Data is adequate but not excessive in relation to that purpose; and
-
the Consent of the Data Subject must be obtained.
4.1.2 AC is not responsible to obtain the Consent of the Data Subject where the Processing Personal Data is necessary: -
-
for the performance of a contract to which the Data Subject is a party;
-
at the request of the Data Subject with a view to entering into a contract with the Data Subject;
-
for compliance with any legal obligation to which AC is subject, other than an obligation imposed by a contract;
-
to protect the vital interests of the Data Subject;
-
for the administration of justice; or
-
for the exercise of any functions conferred on any person by or under any law.
4.1.3 AC will only process Sensitive Personal Data:
-
with the consent of the Data Subject;
-
where Processing is necessary for any of the following purposes:
-
for the performance of any right or obligation which is conferred or imposed by law on AC in connection with employment;
-
in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;
-
for medical purposes;
-
any legal proceedings;
-
obtaining legal advice;
-
establishing, exercising or defending legal rights;
-
administration of justice;
-
exercise of the functions conferred on any person by or under any written law;
-
for any other purposes as the Minister thinks fit; or
-
the information contained in the Personal Data has been made public as a result of steps deliberately taken by the Data Subject.
4.1.4 The Data Subject may withdraw his/her consent at any time and may attach any condition or limitation he/she believes to be appropriate.
4.1.5 It is AC’s policy that Personal Data must be processed fairly and lawfully. AC is responsible for collecting Personal Data only for specific, lawful, explicit and legitimate purposes, and for further processing of Personal Data consistent with those purposes.
4.1.6 It is AC’s policy that Personal Data is adequate, relevant and not excessive to the purpose for which they are collected or further processed. AC is responsible for making every reasonable effort to maintain such data accurately, provide reasonable means to correct, delete, or rectify any inaccurate data, and store such data for periods no longer than is necessary.
4.2 Notice and Choice Principle:
4.2.1 AC will inform the Data Subject of the following by a written notice as soon as practical:
-
that the Personal Data is being processed;
-
a description of the Personal Data;
-
the purpose of the collection of the Personal Data;
-
the source of the Personal Data;
-
the right of the Data Subject to request access and correction of the Personal Data;
-
classes of third parties to whom the Personal Data is / may be disclosed;
-
the choice and means of limiting the processing of Personal Data;
-
whether the supply of the Personal Data is obligatory or voluntary; and
-
the consequences of the Data Subject’s failure to supply the Personal Data.
4.3 Disclosure Principle:
4.3.1 AC will only disclose Personal Data:
-
to comply with any government agency notification requirements; and/or
-
for the purpose for which the Personal Data is processed.
4.3.2 AC will not disclose the Personal Data for other purpose and to third parties unless with the Consent of the Data Subject.
4.4 Security Principle:
4.4.1 AC is responsible for taking prudent steps to safeguard the confidentiality and security of all Personal Data, including appropriate procedural, organizational and technical steps to protect personal data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with AC’s instructions and incorporating AC’s own data protection standards as a minimum.
4.4.2 AC has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite AC’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of AC’s ability, access to Data Subject’s Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such information.
4.5 Retention Principle:
4.5.1 AC shall take all reasonable steps to ensure that:
-
Personal Data are retained only for so long as the information is necessary to comply with a Data Subject’s request or until that Data Subject request that the information be deleted according to AC’s internal procedures; and
-
the Personal Data is destroyed or permanently deleted, where possible, after the purpose is served.
4.6 Data Integrity Principle:
AC will ensure that the Personal Data is accurate, complete, not misleading and kept up-to-date, having regard to the purpose the data was collected and further processed.
4.7 Access Principle:
4.7.1 AC recognizes the right of Data Subjects to obtain without constraint at reasonable intervals and without excessive delay or expense:
-
confirmation concerning whether AC, any representative or agent is holding or processing Personal Data relating to him or her;
-
information on the purpose(s) of the processing, the categories of data concerned, and the recipients or categories of recipients;
-
information in an intelligible form concerning the data relating to him or her being processed and the source of such data; and
-
information, as appropriate, concerning the logic underlying the data processing.
4.7.2 Further, AC recognizes the Data Subject’s right to require, as appropriate, the correction, erasure or blocking of data whenever the processing of such data does not comply with applicable laws and regulations. AC will alert, to the extent practicable, third parties to whom the Personal Data has been disclosed of any such correction, erasure or blocking.
4.7.3 A Data subject will be entitled to access his/her Personal Data that is being used by AC by making a request in writing which will be complied within 21 days from date of receipt of such request.
5. DATA COLLECTION, TRANSFER & PROCESSING
5.1. AC is responsible for collecting, processing and transferring Personal Data in compliance with the PDP Act. Only in very limited and rare circumstances, will AC disclose Personal Data to healthcare professionals, e.g. where the data subject’s health and well-being would otherwise be adversely affected and the Data Subject is unable to give formal consent.
5.2. It is AC’s policy that except as allowed or required by the PDP Act, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, health or sex life or alleged commission of any offense not be processed and the collection and storage of such Sensitive Personal Data be particularly safeguarded. The Processing of the Sensitive Personal Data by AC will be in the manner set out in Clause 4.1.3 of this Policy.
5.3. For Personal Data obtained directly from the Data Subject, AC is responsible for informing the Data Subject of the identity of those controlling the Personal Data, the purpose for which the Personal Data is being collected and processed and any further information the Data Subject may need for fair processing. This same standard applies to Personal Data not obtained directly from the Data Subject, except as allowed by law for statistical purposes.
5.4 AC is responsible for informing the Data Subject prior to any initial transfer or Processing of Personal Data for direct marketing purposes and, upon request, for blocking such action.
5.5 It is AC’s policy not to transfer Personal Data to any entity, individual, or organization, particularly entities within third countries without adequate data protections, which does not meet the standards established by this policy without ensuring that:
5.5.1 the Data Subject has given his/her unambiguous consent;
5.5.2 the transfers are needed for the performance of a contract between the Data Subject and the third party or to implement a pre-contractual commitment made at the request of the Data Subject;
5.5.3 the transfers are needed for the conclusion or performance of a contract concluded in the interest of the Data Subject with a third party;
5.5.4 the transfers are needed to protect the vital interests of the Data Subject; or
5.5.5 the transfers are made from a register established pursuant to laws and regulations as being open for consultation by members of the general public or by any person who can demonstrate a legitimate interest.
6. USE OF COOKIES AND WEB BEACONS
6.1 From time to time when a Data Subject visit AC’s website, information may be placed on his/her computer to allow AC to recognize Data Subject’s computer in the form of a text file known as a “cookie”. AC’s use of cookies is intended to provide benefits Data Subject, such as eliminating the need for Data Subject to enter his/her password frequently during a session. Cookies are also used for website traffic analysis and anonymous demographic profiling so that AC may improve its services.
6.2 AC may use so called web beacons (or “pixel tags”) in connection with some websites. However, AC do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve AC’s services. Web beacons do not typically collect any other information than what Data Subject browser provides AC with as a standard part of any internet communication. If Data Subject turn off cookies, the web beacon will no longer be able to track Data Subject specific activity. The web beacon may, however, continue to collect information of visits from Data Subject’s IP-address, but such information will no longer be unique.
6.3 If Data Subject does not wish to receive cookies, or wants to be notified before he/she is placed, Data Subject may set his/her web browser to do so, if his/her browser so permits. Once the cookies are turned off, Data Subject may not be able to view certain parts of AC’s site that may enhance Data Subject’s visit. Some of ACACrtners whose content is linked to or from AC’s website may also use cookies or web beacons. However, AC has no access to or control over these cookies.
*More information can be found at :
*AC reserves the right to change any portion of this Personal Data Protection Policy. AC will announce such changes through its dedicated webpage www.agapechapelkd.com/privacy-policy.
*AC is committed to protecting the Personal Data of any Data Subject. If you have questions or comments about AC’s administration of Personal Data, please contact us at agapechapeldk.com/contactus. You may also use this address to communicate any concerns you may have regarding compliance with this Policy.