PERSONAL DATA PROTECTION NOTICE AND CHOICE PRINCIPLE
NOTIFICATION AND CONSENT
Pursuant to sections 7 and 6, respectively, of the Personal Data Protection Act 2010
We hereby inform you that we, Card Protection Plan Limited ("CPP") and our related corporations (as the term is defined in the Companies Act 1965), affiliates, and associated companies (whether or not controlled by us) ("Company", "we":, "our" or "us"), is committed to safeguarding your privacy and pledge to observe the requirements of the relevant data protection and privacy law applicable to Malaysia. As data users, as the term is defined in the Personal Data Protection Act 2010, we have or will collect, record, hold, store, use, disclose and / or process (collectively referred to as "Process") personally identifiable information from you.
When you visit this website, CPP will not collect any personally identifiable information from you until you actually decide to buy our products. Except as specified in the "Purposes of Collection" section below, CPP will not disclose any of your personally identifiable information except when we have your permission or under special circumstances. CPP will take all reasonable steps to ensure the security in respect of personal data transmitted to and held by us.
If you have any queries in relation to this notification, please feel free to email us at: email@example.com.
Type of Personal Data Collected
As part of our relationship you will supply us with data about yourself and/or any other relevant individuals (including the Supplementary Members) and information obtained from phone call recordings in connection with the effective provision of the Membership Privileges to you, processing Reports of Loss and/or the processing of any enquiries or complaints from you. You may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
(c)date of birth;
(d)home address or correspondence address;
(e)account details, including account numbers, service numbers, or user accounts;
(f)payment details, including credit card and banking information;
(g)contact details, including contact name and telephone number or email address; or
(h)information for the verification of identity, including identification type and identification number.
In some instances, you may also be requested to provide certain data that may be used to further improve CPP’s products and services. In most cases, this type of data is optional although failure to provide the requested data may prevent us from providing CPP’s products and services to you. This type of data includes, but is not limited to:
(i)salary range and employment details;
(j)education and profession;
(k)hobbies and leisure activities;
(l)other related products and services subscribed to; and
(m)family and household demographics.
(collectively from (a) - (m), "Personal Data").
In support of the products and other services offered by CPP, information may be automatically collected relating to those services so we may perform accurate reporting and administration of your accounts such as, but not limited to, call/connection time, duration, origin, and destination.
To the extent that you wilfully and voluntarily disclose to us any personal information whether or not coming within the definition of Personal Data above, of any another individual, we shall assume, without independent verification, that you have obtained such individual's consent for the disclosure as well as the Processing of the same in accordance with the terms of this notification.
CPP uses two types of cookie on this website:
(i)Session cookies, which are temporary cookies that remain in the cookie file of your computer until you close your browser (at which point they are deleted); and
(ii)Persistent or stored cookies that remain permanently on the cookie file of your computer.
Cookies will not be used to contact you for marketing purposes other than by means of advertisements offered within this website.
In order to develop this website in line with customer needs, CPP is working with WebTrends to track usage on this website. WebTrends provide CPP with statistics to show which pages on this website are visited most frequently and how long visitors spend on this website.
WebTrends uses a cookie to track the number of unique users of this website. It basically tells CPP whether the website has a small number of regular visitors or a large number of infrequent visitors. None of the information can be traced to an individual – CPP does not know who you are as a unique user, merely that there are a certain number of people using this website. The cookie only relates to what goes on in this website and the information cannot be used for marketing on an individual basis.
Under certain circumstances, telephone calls made to our order and/or service hotlines and/or inquiry telephone numbers are recorded for the purposes of quality control, appraisal, as well as staff management and development. Unless expressly indicated at the time of calling, such recordings are NOT personal data of the caller and therefore, in respect of the caller, are not subject to the various provisions of the Ordinance and the caller has no rights and/or claims; either statutory, contractual or tortious, over or to such data. At all times, every care is taken to protect such recordings from inadvertent and/or unauthorized access.
Sources of Information
Your Personal Data has and / or will be obtained from the following sources, where applicable, or such other sources which we may see fit from time to time:
(a)information provided or submitted by you through among others, as applicable [e.g. Card Registration Form, Claims Form]
(b)as applicable, publicly available or publicly accessible information; and
(c)such other written or verbal communications or documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you.
As the accuracy of your Personal Data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your Personal Data or if there have been any changes to your Personal Data.
Purposes of Collection
CPP may collect Personal Data from users of this website for any of the following purposes:
(i)processing your applications for and renewals of Membership;
(ii)administering matters in relation to the Membership and claims;
(iii)providing Membership Privileges to the Members and arranging for the same to be provided by our group companies and affiliated companies and third parties selected by us;
(iv)designing Membership Privileges for Members;
(v)marketing Membership Privileges and/or other products and services offered by us or other companies selected by us which may be of interests to Members;
(vi)collecting Membership Fees and/or any other amounts owed by you;
(vii)processing (including, but not limited to, investigating and analysing) any Report of Loss from you;
(viii)conducting matching procedures;
(ix)communicating with Members via telephone, mail, e-mail, facsimile and/or any other communication means;
(x)complying with any requirements to make disclosures under any laws and regulations and other regulatory requirements binding on us or any of our group companies and affiliated companies; and
(xi)all other purposes relating thereto.
Disclosure of Personal Data
The Personal Data held by us shall be kept confidential, but in becoming a Member you consent that we may provide the Personal Data to any of the following parties (whether within or outside Malaysia) for the purposes set out as specified in (i) to (xi) above, without prior notification to you and/or any other relevant individuals to whom the Personal Data is related:
(i)the Insurer who provides the Additional Membership Benefits under Section A4 of these Terms and Conditions;
(ii)agents, contractors, business partners, and third party service providers who provide administrative, telecommunications, computer, payment, marketing, and/or other services to us in connection with the operation of our business;
(iii)our overseas offices, our group companies and affiliated companies (including those established in the future), and third parties selected by us;
(iv)persons to whom we and/or our group companies and affiliated companies are under an obligation to make disclosure as required by any laws and regulations, and other relevant regulatory requirements that are binding on us and/or any of our group companies and affiliated companies;
(v)in the event of default, debt collection agencies;
(vi)pursuant to an order of a court of competent jurisdiction;
(vii)any person to whom we are compelled or required to do so under law or in response to a legitimate instruction from a competent or government agency; and
(viii)in providing the Membership Benefits and other services to you, we may share your data with other organisations outside of our group of companies both in Malaysia and elsewhere. We will only do this if we feel that it is beneficial for you and in becoming a Member you consent to us sharing your data in such a manner.
Retention of Personal Data
CPP will destroy any personal data it may hold in accordance with our retention policy. The policy states that:
(a)Personal Data will only be retained for as long as is necessary to fulfil the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
(b)Personal Data is purged from CPP's electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and CPP’s internal procedures.
In accordance with the requirements of the Ordinance, CPP will honor an individual's request not to use his or her Personal Data for the purposes of direct marketing. Should you wish not to receive direct marketing material from CPP, please address this request to the CPP's Compliance Officer, who's contact details are stipulated below. Any such request should clearly state details of the Personal Data in respect of which the request is being made.
Unless otherwise instructed as per the above, CPP may use any of the Personal Data collected in the normal course of its business for marketing purposes.
Impact resulting from failure to supply Personal Data
It is obligatory for you to provide all of the categories of Personal Data which we request from you for Purposes other than for direct marketing purposes. Failure to supply Personal Data in this regard will:
(a)result in us being unable to provide you with the information, and / or services requested; and/or
(b)affect the ability of the parties to enter into the necessary agreement in relation to the provision of the services.
It is optional for you to provide all of the categories of Personal Data which we request from you for direct marketing purposes. Failure to supply Personal Data in this regard will result in us and / or our selected authorised third parties from being unable to send you information by e-mail, telecommunication means (telephone calls and text messages) or via social media concerning related and unrelated services offered by us and our affiliated business partners which we consider will or may interest you.
Access and Correction of Personal Data
Users of this website have the right to request access to and/or correction of their Personal Data held by CPP. In accordance with the Personal Information Collection Statement and subject only to you paying us a reasonable fee for making such a request, you have the right to:
(i)check whether we hold Personal Data about you and, if so, obtain a copy of such Personal Data;
(ii)require us to correct any Personal Data relating to you that is inaccurate;
(iii)ascertain our policies and practices in relation to Personal Data and to be informed of the kind of Personal Data held by us; and
(iv)request that we limit the manner in which we process your Personal Data.
CPP will, upon satisfying itself of the authenticity and validity of the correction request, make every endeavour to comply with and respond to the request within the period set by the Personal Data Protection Act 2010.
Security of Personal Data
Physical records containing Personal Data are securely stored in locked areas and/or containers when not in use.
Access to records and Personal Data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis that is commensurate with an individual's Company responsibilities and their training.
Records of CPP are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate and complies with the Ordinance. Audit records may be produced to validate data modifications in order to verify the data's integrity.
There may be violations logging processes for investigation of any unauthorized attempt to access information. Encryption technology, such as SSL, may be employed for the transmission of data collected online.
Privacy Compliance Officer – Contact Details
All enquiries regarding CPP’s compliance with its obligations under the Personal Data Protection Act 2010 and / or requests to access or correct any Personal Data thereof should be addressed to:
The Compliance Manager, Card Protection Plan Limited, PO Box 10012, 50700 Kuala Lumpur, Malaysia, at firstname.lastname@example.org, Tel :+603 2168 5688 Fax : +603 2168 5650