PERSONAL DATA PROTECTION NOTICE (“Notice”)
1. Introduction
1.1. MR D.I.Y. Group (M) Berhad (“MRDIY”) is committed to protecting the privacy and confidentiality of Personal Data (as hereinafter defined) by observing applicable data protection laws, including the Personal Data Protection Act (“PDPA”) 2010 in Malaysia and other international best practices. This Notice sets out our approach to data protection, ensuring that Personal Data is handled responsibly and in compliance with legal, regulatory, and ethical standards.
1.2. The protection of Personal Data is essential to maintaining trust with our customers, employees, suppliers, and stakeholders. This Personal Data Protection Notice established how Personal Data is collected, processed, disclosed and retained by MRDIY.
2. Personal Data MRDIY Collects from You
2.1. Before your Personal Data is collected or process, we will obtain for your consent, which will be recorded and maintained properly by MRDIY, to such collection and processing. However, in certain scenarios, consent is not required such as when the processing of Personal Data is necessary for the performance of contract or is required under the law.
2.2. For the processing of Sensitive Personal Data, MRDIY will obtain explicit consent to such collection and processing. For avoidance of doubt, such consent, when collecting Sensitive Personal Data, cannot be obtained by inferring from your actions, such explicit consent must be expressly confirmed in words.
2.3. At MRDIY, we strive to collect only the Personal Data that we need that is deemed adequate, relevant and not excessive to the purpose for which Personal Data is processed by us within this Personal Data Protection Policy, when:
2.3.1. you submit any form, including but not limited to application forms, sign up for an account via Teamtailor platform;
2.3.2. you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
2.3.3. you are browsing through our Teamtailor platforms;
2.3.4. you interact and/ or contacted with our staff such as via telephone calls, emails, letters, Short Message Service (SMS), social media platforms or meetings;
2.3.5. you are being referred by any third party such as to join us; or
2.3.6. your images are captured by us via CCTVs while you are within our premises:
2.4. The following Personal Data MRDIY collects depends on how you interact with MRDIY such as if you are our:
2.4.1. Contact Details. Personal Data such as name, address, phone number, email may be collected from customers will only be used for purposes such as processing your application, maintaining record for employment purposes and service improvements.
2.4.2. Other Information You Provide to Us. Details such as the content of your communications with MRDIY, including interactions with our employee and contacts through social media channels or platforms.
2.4.3. Employee Data: Personal Data such as employees name, image, employment number, tax number, government-issued identification numbers/ passport numbers, Contact Details. For the purpose of employee verification, MRDIY will collect employee sensitive Personal Data, such as religion, marital status, health condition, fingerprints (solely for security clearance) of employees will be collected and used for employment related purposes, including payroll processing, benefits administration, performance evaluations, and compliance with legal obligations. (collectively referred to as “Personal Data”)
2.5. MRDIY will not collect the Personal Data involves individuals of age of eighteen (18) years (the “Minor”).
2.6. In the event the collection of Personal Data of a Minor, such consent shall be obtained from the parent, guardian or person who has parental responsibility on the Minor.
3. MRDIY Use of Personal Data
3.1. MRDIY uses your Personal Data only when we have a valid legal basis. Depending on the circumstances, MRDIY may rely on your consent or the fact that the processing is necessary to:
3.1.1. Fulfil a contract with you. MRDIY collects Personal Data necessary to facilitate your application, which may include Contact Details collected to improve our offerings, carry out our contractual obligation, for internal purposes such as auditing, or fulfilling your application.
3.1.2. Communicate with you. To respond to communications, reach out to you about your application or account, market our products and services, notify you on prizes, provide other relevant information or request information or feedback.
3.1.3. Security and Fraud Prevention. To protect individuals, employees and MRDIY and to prevent fraud, including to protect individuals, employees and MRDIY for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content.
3.1.4. Comply with the law. To comply with applicable law – for example, to satisfy tax and reporting obligations, or to comply with a lawful governmental request.
3.2. We may also process your Personal Data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, expectations, security and fraud prevention. if you have question about the legal basis, you can contact us through our contact details set out in the section at Paragraph 8 (Contact Us) below.
4. Personal Data MRDIY Receives From Other Sources
4.1. MRDIY may receive Personal Data about you from other individuals, from businesses or third parties acting at your direction, from our partners who work with us to provide our products and services and assist us in security and fraud prevention, and from other lawful sources.
4.1.1. Individuals. MRDIY may collect data about you from other individuals – for example, if that individual has sent us a job opening in relation to your interest, invited you to participate in Employee Referral Program (ERP), MRDIY service, forum, or shared content with you.
4.1.2. At Your Direction. You may direct other individuals or third parties to share data with MRDIY to fulfil a contract with MRDIY.
4.1.3. MRDIY Partners. We may also validate the information you provide – for example, when creating an account via Teamtailor, with a third party for security, and for fraud prevention purposes.
4.2. Generally, MRDIY shall not disclose your Personal Data to any third party. In the event disclosure is necessary, it shall be limited to the purpose and related purposes for which the original consent was obtained. We may share Personal Data with our subsidiaries, affiliates and/or associated companies and with third parties which may involve a transfer of your Personal Data outside your country of residence. The types of third parties to whom we may disclose that personal data includes, our service providers who assist us in providing job application in connection with your use of our services.
5. The Rights You Have Towards Your Personal Data.
5.1. In accordance with applicable laws, MRDIY allows you the following rights, upon request via our contact details set out in the section at Paragraph 8 (Contact Us) below, to:
5.1.1. ask us what Personal Data we have of you, including to be provided with a copy of your Personal Data;
5.1.2. correct or update your Personal Data where the personal data is inaccurate, incomplete, misleading or not up-to-date;
5.1.3. withdraw your consent to the processing of your Personal Data;
5.1.4. prevent processing likely to cause damages or distress; and
5.1.5. request that MRDIY transmits your Personal Data directly to another data controller.
5.2. If you request for a copy of your Personal Data and we are able to accede to your request, a fee may be charged for providing the copy. In such an event, we will inform you of the fee to be charged for the requested copy.
5.3. There will be instances where MRDIY is unable to comply with your request, such as when the burden or expense of providing access to Persona Data is disproportionate to the risk to others Personal Data or such access to Personal Data is regulated by another law, and in such circumstances MRDIY shall refuse your request.
6. How MRDIY Retains Your Personal Data.
6.1. MRDIY retains Personal Data only for so long as necessary to fulfil the purposes for which it was collected, including as described in this Notice, or as required by law.
6.2. MR DIY also does not use or disclose Sensitive Personal Data for any purposes that would require a user to exercise a right to limit processing according to PDPA.
6.3. MRDIY takes practical steps and established security standard to protect the Personal Data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alternation or destruction.
6.4. MRDIY takes reasonable steps to ensure that Personal Data is accurate, complete, not misleading and kept up-to-date by having regard to the purpose, including any direct related purpose, for which the Personal Data was collected and further process.
7. Data Breach Notification
7.1. In the event of a data breach involving Personal Data, MRDIY will promptly access the nature and scope of the breach and take appropriate remedial actions. Where required by applicable laws and regulations, MRDIY will notify the affected individuals and relevant authorities without undue delay, providing information on the breach, its potential impact, and any steps taken to mitigate the risks.
7.2. Should you become aware of any actual or suspected breach, you are required to notify MRDIY without delay. Reports can be made through Paragraph 8 below, and should include relevant details of the breach to facilitate investigation and remedial action.
8. Contact Us
8.1. You may reach out to our Data Protection Officer at the following contact details:
Email: my.jobs@mrdiy.com
Tel.: +60(3) 8961 1338
9. Review and Updates
9.1. This Notice will be reviewed periodically and updated as necessary to ensure its continued effectiveness and compliance with evolving legal, regulatory, and industry standards. Any changes to the policy will be communicated to all employees, contractors, and relevant stakeholders.
NOTIS PERLINDUNGAN DATA PERIBADI (“Notis”)
1. Pengenalan
1.1. MR D.I.Y. Group (M) Berhad (“MRDIY”) melindungi privasi dan Data Peribadi dengan mematuhi undang-undang perlindungan data yang terpakai, termasuk Akta Perlindungan Data Peribadi (“PDPA”) 2010 di Malaysia. Notis ini menetapkan pendekatan kami untuk memastikan Data Peribadi dikendalikan secara bertanggungjawab dan mematuhi piawaian undang-undang, kawal selia, serta etika.
1.2. Perlindungan Data Peribadi adalah penting untuk mengekalkan kepercayaan dengan pelanggan, pekerja, pembekal, dan pihak berkepentingan kami. Notis Perlindungan Data Peribadi ini menetapkan cara Data Peribadi dikumpul, diproses, didedahkan, dan disimpan oleh MRDIY.
2. Data Peribadi yang MRDIY Kumpul daripada Anda
2.1. Sebelum Data Peribadi anda dikumpul atau diproses, kami akan mendapatkan persetujuan anda, yang akan direkodkan dan diselenggarakan dengan sewajarnya oleh MRDIY. Walau bagaimanapun, dalam senario tertentu, persetujuan tidak diperlukan seperti apabila pemprosesan adalah perlu untuk pelaksanaan kontrak atau dikehendaki di bawah undangundang.
2.2. Untuk pemprosesan Data Peribadi Sensitif, MRDIY akan mendapatkan persetujuan secara nyata. Persetujuan ini mesti disahkan secara nyata dengan kata-kata dan tidak boleh disimpulkan daripada tindakan anda.
2.3. Kami mengumpul Data Peribadi yang dianggap mencukupi, relevan, dan tidak berlebihan apabila:
2.3.1. Anda menyerahkan sebarang borang, termasuk borang permohonan atau mendaftar akaun melalui platform Teamtailor.
2.3.2. Anda membuat perjanjian atau memberikan dokumentasi/maklumat berkaitan interaksi anda dengan kami.
2.3.3. Anda melayari platform Teamtailor kami.
2.3.4. Anda berinteraksi dengan kakitangan kami melalui panggilan telefon, e-mel, surat, SMS, media sosial, atau mesyuarat.
2.3.5. Anda dirujuk oleh mana-mana pihak ketiga, seperti untuk menyertai kami.
2.3.6. Imej anda dirakam melalui CCTV semasa anda berada di dalam premis kami.
2.4. Jenis Data yang Dikumpul:
2.4.1. Butiran Hubungan: Nama, ID kerajaan, alamat, nombor telefon, dan e-mel untuk tujuan memproses permohonan anda, rekod pekerjaan, dan penambahbaikan perkhidmatan.
2.4.2. Maklumat Lain: Kandungan komunikasi anda dengan MRDIY, termasuk interaksi dengan pekerja kami dan melalui saluran media sosial.
2.4.3. Data Pekerja: Nama, imej, nombor pekerja, nombor cukai, nombor pengenalan kerajaan/pasport, dan butiran hubungan. Data sensitif (agama, kesihatan, biometrik) dikumpul untuk tujuan pengesahan, penggajian, faedah, dan pematuhan undangundang. (“Data Peribadi”)
2.5. MRDIY tidak akan mengumpul Data Peribadi individu di bawah umur lapan belas (18) tahun (“Minor”). Jika perlu, persetujuan mesti diperoleh daripada ibu bapa atau penjaga.
3. Tujuan Pengumpulan Data Peribadi oleh MRDIY
3.1. MRDIY menggunakan data anda hanya apabila terdapat asas undang-undang yang sah. Kami mungkin bergantung pada persetujuan anda atau keperluan untuk:
3.1.1. Memenuhi kontrak: Memproses applikasi, memenuhi permohonan anda, atau tujuan audit dalaman.
3.1.2. Berkomunikasi: Membalas komunikasi, menghubungi anda mengenai permohonan atau akaun.
3.1.3. Keselamatan dan Pencegahan Penipuan: Melindungi individu dan MRDIY serta menyaring kandungan yang berpotensi menyalahi undang-undang.
3.1.4. Mematuhi undang-undang: Memenuhi kewajipan cukai, pelaporan, atau permintaan sah pihak kerajaan.
3.2. Kami juga boleh memproses Data Peribadi anda di mana kami percaya ia adalah demi kepentingan sah kami atau orang lain, dengan mengambil kira kepentingan, hak, jangkaan, keselamatan dan pencegahan penipuan anda. Jika anda mempunyai soalan tentang asas undang-undang, anda boleh menghubungi kami melalui butiran hubungan kami yang dinyatakan dalam bahagian di Perenggan 8 (Hubungi Kami) di bawah.
4. Data Peribadi daripada Sumber Lain
4.1. MRDIY mungkin menerima Data Peribadi tentang anda daripada individu lain, daripada perniagaan atau pihak ketiga yang bertindak atas arahan anda, daripada rakan kongsi kami yang bekerjasama dengan kami untuk menyediakan produk dan perkhidmatan kami dan membantu kami dalam keselamatan dan pencegahan penipuan, dan daripada sumber lain yang sah.
4.1.1. Individu. MRDIY mungkin mengumpul data tentang anda daripada individu lain – contohnya, jika individu itu telah menghantar peluang pekerjaan kepada kami berhubung dengan minat anda, menjemput anda untuk mengambil bahagian dalam Program Rujukan Pekerja (ERP), perkhidmatan MRDIY, forum atau kandungan yang dikongsi dengan anda.
4.1.2. Atas arahan anda. Anda boleh mengarahkan individu lain atau pihak ketiga untuk berkongsi data dengan MRDIY untuk memenuhi kontrak dengan MRDIY.
4.1.3. Rakan Kongsi MRDIY. Kami juga boleh mengesahkan maklumat yang anda berikan – contohnya, apabila membuat akaun melalui Teamtailor, dengan pihak ketiga untuk keselamatan dan untuk tujuan pencegahan penipuan.
4.2. Secara amnya, MRDIY tidak akan mendedahkan Data Peribadi anda kepada mana-mana pihak ketiga. Sekiranya pendedahan diperlukan, ia hendaklah terhad kepada tujuan dan tujuan berkaitan yang mana persetujuan asal diperolehi. Kami mungkin berkongsi Data Peribadi dengan anak syarikat, sekutu dan/atau syarikat bersekutu kami dan dengan pihak ketiga yang mungkin melibatkan pemindahan Data Peribadi anda di luar negara tempat tinggal anda. Jenis pihak ketiga yang kami boleh dedahkan bahawa data peribadi termasuk, pembekal perkhidmatan kami yang membantu kami dalam menyediakan permohonan kerja berkaitan dengan penggunaan perkhidmatan kami oleh anda.
5. Hak Anda Terhadap Data Peribadi
5.1. Tertakluk kepada undang-undang, anda mempunyai hak untuk:
5.1.1. Meminta akses atau salinan Data Peribadi anda (bayaran mungkin dikenakan).
5.1.2. Memperbetulkan atau mengemas kini data yang tidak tepat atau tidak lengkap.
5.1.3. Menarik balik persetujuan pemprosesan data.
5.1.4. Menghalang pemprosesan yang mungkin menyebabkan kerosakan atau kesusahan.
5.1.5. Meminta pemindahan data kepada pengawal data lain.
5.2. Jika anda meminta salinan Data Peribadi anda dan kami dapat menyetujui permintaan anda, bayaran mungkin dikenakan untuk menyediakan salinan tersebut. Dalam keadaan sedemikian, kami akan memaklumkan kepada anda tentang yuran yang akan dikenakan untuk salinan yang diminta.
5.3. Akan ada keadaan di mana MRDIY tidak dapat mematuhi permintaan anda, seperti apabila beban atau perbelanjaan menyediakan akses kepada Data Persona tidak seimbang dengan risiko kepada Data Peribadi orang lain atau akses sedemikian kepada Data Peribadi dikawal oleh undang-undang lain, dan dalam keadaan sedemikian MRDIY akan menolak permintaan anda.
6. Penyimpanan dan Keselamatan Data
6.1. MRDIY menyimpan Data Peribadi hanya selama yang diperlukan untuk memenuhi tujuan pengumpulan atau seperti yang dikehendaki oleh undang-undang. Kami mengambil langkah praktikal dan standard keselamatan untuk melindungi data daripada kehilangan, penyalahgunaan, atau akses tanpa kebenaran.
7. Notifikasi Pelanggaran Data
7.1. Sekiranya berlaku pelanggaran data, MRDIY akan menilai skop pelanggaran dan mengambil tindakan pemulihan. Kami akan memaklumkan individu yang terjejas dan pihak berkuasa jika dikehendaki oleh undang-undang. Anda dikehendaki memaklumkan MRDIY dengan segera jika menyedari sebarang pelanggaran sebenar atau disyaki.
8. Hubungi Kami
8.1. Anda boleh menghubungi Pegawai Perlindungan Data kami di:
E-mel: my.jobs@mrdiy.com
Tel: +60(3) 8961 1338
9. Kemas Kini
9.1. Notis ini akan disemak secara berkala untuk memastikan pematuhan terhadap standard undang-undang dan industri yang berkembang. Sebarang perubahan akan dimaklumkan kepada semua pekerja, kontraktor, dan pihak berkepentingan yang berkaitan.