This
Notice and Consent is issued to all information providers to Ge-Shen
Corporation Berhad and its subsidiaries, which are Polyplas Sdn. Bhd.,
Ge-Shen Plastic (M) Sdn. Bhd. and Demand Options Sdn. Bhd. pursuant to the requirements of the Personal
Data Protection Act 2010 (“PDPA”) in Malaysia. We, Ge-Shen Corporation
Berhad and/ or group of Companies (referred hereinafter to as “Ge-Shen”)
wish to inform you that we maintain certain personal information about you as
part of our records. Ge-Shen respects and is committed to the protection
of your personal information and your privacy.
Section
2 of the PDPA provides that the Act applies to any persons who processes, and
who has control or authorizes the processing of personal information (“Data
User”) in commercial transactions. ‘Commercial transaction’ was defined as
‘…any transaction of a commercial nature, whether contractual or not, which
includes any matters relating to the supply of exchange of goods or services,
agency, investments, financing, banking and insurance, but does not include a
credit reporting business carried out by a credit reporting agency under the
Credit Reporting Agencies Act 2010.
A provider of information is essentially a commercial or contract of service of a commercial nature. Therefore, the provisions of the Act will apply to such situations and Ge-Shen will review its approach in terms of commercial arrangements or its employment contracts, handbooks, and the retention and use of employee’s personal information.
Please
find the following notice in English stating the reasons we will collect
information, the type of information collected, our disclosure to third parties
(if any) and who you may contact for access to your information.
Ge-Shen reserves
the right to amend this Notice to employees at any time and will place notice
of such amendments on the intranet/ internet or via any other mode the company
views suitable, which will be clearly informed to you.
The use of this information is for any commercial, business or employment purposes.
1. Purpose of information Collected
The use of this information is for any commercial, business or employment purposes
2. Type of Information Collected
- Personal data that we may collect:
- Name, Age, Gender, Nationality, IC Number, Date of Birth;
- Contact Details such as house number, Mobile number;
- Bank Account number;
- SOCSO, EPF, Tax details;
- Full Address;
- Marital Status;
- Email Address;
- Any other information supplied by you that can indirectly or directly identify you, in order for us to carry out our contract with you.
3. Type of Sensitive Data Collected
- Designs or any commercial documents with embedded intellectual property
- For employment, sensitive personal information:
- Physical/ mental health:
- occupational health;
- sickness absence records;
- the chronic illness of a specific employee in circumstances which may affect their ability to perform all aspects of the normal work.
- Race/ Disabilities – This will only be recorded on personnel files, with the express permission of each employee concerned, strictly for statistical purposes in connection with “ethnic monitoring’. – i.e. to identify and keep under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained.
4. Data Access Responsibility
Ge-Shen may
place all or part of its files onto a secure computer network and with
restricted access to personnel data. When implemented access to individual
employee data will only be granted to the following data users within Ge-Shen
or its group of Companies for specific and legitimate purposes:
- Business development or any other employees of the Group;
- Staff employed in the Human Resources Department;
- A member of staff’s Head of Department/ Chief Executive Office/ line manager;
- Staff employed in the payroll section of the Finance Department;
- Staff Development staff;
- Any specified and contracted outsourcing organisation (acting under the direction of the Data User, or his/ her representative) used to process internal corporate data providing secure processing facilities and data access in line with statutory provisions and the requirements of Ge-Shen.
5. Consequences of not providing Personal Data
The failure to supply us with
the required personal data will potentially:
- Result in us being unable to enter into any commercial arrangements
- Result in us being unable to enter into an employer-employee contract or agreement [or specific service] with you;
- Result in us not being able to compensate you for services rendered;
- Result in us being unable to communicate notices, value added services and updates to you;
- Affect our capacity to accomplish the above stated purposes
6. Disclosure
Your personal data will be
kept confidential, but you consent and authorise us to provide or share your
Personal data to the following class of users:
- Persons/ Organisations required under law or in response to government requests;
- Related, subsidiaries, holdings of Ge-Shen, including future entities under Ge-Shen
- Government agencies, statutory authorities, enforcement agencies under law;
- Auditors, accountants, lawyers under Ge-Shen
- Third party service/ product providers that is deem necessary or appropriate for the purposes stated above (including those located out of Malaysia, under conditions of confidentiality and similar levels of security);
- Persons under a duty of confidentiality to the Ge-Shen.
Data
shared will be for the purpose as stated in this notice, or purposes not stated
but directly related to the primary purpose of collection. We may also share
your Personal Data where required by law or where disclosure is necessary to
comply with applicable laws, legal processes or queries from the relevant
authorities. We may also disclose personal data to a prospective party of a
‘business asset transaction’, which refers to any type of acquisition, disposal
or financing of an organisation or division
7. Data Security
We shall take necessary steps
to store and process your personal data securely. We will undertake the
following security steps:
- Implementation of a formal information security policy and necessary technology controls such as firewall, password controls, physical security, logging and monitoring etc;
- Process controls such as segregation of duties, defined roles and responsibilities and need to know basis for staff;
- Third party providers and contractors storing or processing personal data has implemented similar acceptable standards of security;
8. Retention of Personal Data
Your personal data will be
stored for only the period as necessary to fulfil the purposes stated above
after which we proceed to ensure that your personal data is destroyed,
anonymized or permanently deleted if it is no longer necessary to store.
Reasons to further store your information even after the fulfilment of the
purposes includes
- to satisfy legal, regulatory or accounting requirements;
- to protect the interest of Ge-Shen.
All
employee data other than the name, job title, department and period of
employment at Ge-Shen will be deleted seven (7) years after employment
has ended. Data relating to disciplinary and grievance records of current
employees are removed from personal files once they become spent in accordance
with Ge-Shen’s disciplinary procedure and deleted three (3) years from
the date issued. Where disciplinary or grievance cases have involved concerns
of sufficient severity or gravity data will be deleted five (5) years from the
date issued.
Once
an employee has left Ge-Shen any data relating to them within their
department should be sent to Human Resources.
9. Direct Marketing
We may use your personal data
to provide you with internal information about our corporate exercises and job
vacancies, and third-party services and/or products, which may be related to
your interests, unless requested otherwise by you. We take reasonable steps to
ensure that the 3rd parties we are sharing your personal data with also have
appropriate privacy and confidentiality obligations. If you do not wish your
personal data to be utilised for the purposes of marketing and promotion,
please contact us at the contact details below. Your latest written
instructions to us will prevail.
10. Right of Access and Correction
Under PDPA, you reserve the
right to access your personal data and request for correction of the personal
data that might be inaccurate, obsolete, incomplete or misleading. In respect
to this, you may:
- Request to check and access your personal data in our records;
- Request that we correct any of your inaccurate, obsolete, incomplete or misleading personal data;
- Request copies of the data from us.
Once
we receive a request, we will acknowledge the receipt of such request. For data
amendment and correction, we will consider if the information requires
amendment. If there is any disagreement, then we specify the reason in clearly
stated terms such as where rights of others will be violated, or regulatory
functions will be affected.
Ge-Shen
reserves the right to withhold:
- Information in the case of repeat requests from individual employees made unreasonably frequently;
- Specific information if Ge-Shen cannot comply with an employee’s request without disclosing information relating to another individual who can be identified from that information (including its source). However, this can be provided if Ge-Shen is satisfied that the other individual has consented to the disclosure of the information to the employee making the request, or it is reasonable in all the circumstances to comply without the consent of the other individual;
- Any data which is excluded through legislation on the grounds of national security, breaches of ethics for regulated professions, or is relevant to any current investigation concerning any possible criminal/ civil legal action;
- Where such data is “opinion data” that is “kept solely for an evaluative purpose”. This includes opinions written in the course of assessment of individuals for employment or promotions;
- Additionally, any circumstances falling under Section 32 of PDPA, circumstances where data user may refuse to comply with data access request.
11. Transfer of Your Personal Information Outside Malaysia
It may be necessary for us to
transfer your personal data outside Malaysia if any of our service providers or
strategic partners who are involved in providing part of any employment
services are located in countries outside Malaysia. You consent to us
transferring your personal information outside Malaysia in the instances whereby
it is necessary to fulfil the execution of the employer-employee contract that
has been agreed on.
We shall take necessary steps
to ensure that any such partners are contractually bound not to use your
personal information for any reason other than to provide the specific service
which they are contracted by us, to safeguard your personal information.
12. Contact us
For further information or
clarification regarding personal data access, correction, deletion or any other
information in relation to PDPA, you can contact us through the following
details:
Privacy Officer: audit@gscorp.com.my
03-2785 0975
Unit 13-05 & 13-07,
Level 13, Menara MBMR,
No. 1, Jalan Syed Putra Utara,
58000 Kuala Lumpur
13. Language
As per Section 7(3) of the
PDPA, this notice and consent form is issued in both English and Bahasa
Malaysia. In the event of any inconsistency, the terms of the English version
shall prevail.
This document was last updated on 5 March, 2020