Privacy Policy
Protection of your Personal Data is important to us. We respect confidentiality and privacy of individuals and are committed to complying with the Malaysia Personal Data Protection Act 2010 and its regulations, as amended from time to time (“PDPA”) and other applicable data protection laws.
This Privacy Policy (“Policy”) outlines how IOI Properties Group Berhad (Registration No. 201301005964 (1035807-A)) and its subsidiaries (“IOIPG”, “we”, “us” or “our”) collect, use, process and disclose your Personal Data.
For the avoidance of doubt, to the maximum extent permitted under applicable laws, nothing in this Policy establishes any joint and several liability on the part of any entities within IOIPG.
Generally, we process your Personal Data for one or more of the specific purposes identified in this Policy based on your consent obtained. The legal basis for our processing of your Personal Data could also be that it is necessary for the legitimate interests pursued by us, or a third party which is described in paragraph 4 of this Policy. These legitimate interests include providing services to you where you are our client/customer, managing the relationship between IOIPG and you, and administrative purposes. In some cases, the provision and processing of your Personal Data may be a statutory and/or contractual requirement, or may be necessary in order to perform any contract you have agreed with us or perform services that you have requested.
1.1 For the purpose of this Policy, “Personal Data” shall have the meaning as ascribed to it in the PDPA which means any information in respect of commercial transactions, which:
1.2 “Personal Data” means data or information about you from which you are identifiable either from the data alone or from that data combined with other information, including but not limited to the following:
1.3 The type of Personal Data collected will depends on the nature of your dealing or transaction with IOIPG.
2.1 We may collect your Personal Data from you through various means, including but not limited to instances when you:
The above does not purport to be exhaustive and sets out some common instances of when your Personal Data may be collected.
2.2 In addition to the above, we may use variety of technologies, as the case may be, to automatically collect information about your activities on the mobile application(s) (if any), such as web beacons, clear pixels or pixel tags, analytical tags, geo-location technologies and quick response (QR) code.
2.3 Sensitive Personal Data
Some of the Personal Data that we collect may be sensitive in nature. This may include Personal Data pertaining to your race, religious beliefs, background information (including financial and criminal records, where legally permissible), health data, disability, marital status and biometric data, as applicable. We collect sensitive Personal Data only with your consent and/or in strict compliance with applicable laws. In the event that you are required to furnish any documentation or information to us for any Purpose (as defined below) which may contain such sensitive Personal Data (which is not required for that Purpose), you agree to redact such sensitive Personal Data before providing such documentation or information to us.
2.4 Provision of third party Personal Data by you
If you provide Personal Data of a third party to us, you represent, warrant and confirm that:
3.1 In order to effectively provide you with the products and services that you require, we need to collect a range of Personal Data about you. In general, we will or may, subject to applicable law, use, disclose and/or process your Personal Data for one or more of the following purposes (“Purpose”):
3.2 The above Purposes are not exhaustive and depending on the nature of your relationship with us, we may collect, use and disclose your Personal Data for additional purposes which you will be notified of, in accordance with the applicable terms and conditions.
4.1 Your Personal Data will be protected and kept confidential but subject to the provisions of any applicable law, your Personal Data may, depending on the products and/or services concerned, be disclosed to third parties set out below. Such disclosure may be subject to additional legal requirements under applicable law, depending on the nature of such transfer to the third parties. Your Personal Data will, in each case, only be disclosed to the extent necessary.
4.2 The third parties are:
4.3 We require organisations which obtain or process Personal Data as our service providers to acknowledge the confidentiality of this data, undertake to abide and comply with the PDPA and any other applicable data protection laws. As a requirement under these laws, we have specific agreements in place with such third parties to regulate and safeguard your data protection rights and also require that these organisations use this information only for the Purpose.
Your Personal Data may be stored in external servers located overseas or in countries outside of your country of residence. In carrying out our business, it may be necessary to share information about you with and between our related companies and third party service providers, some of which may be located in countries outside of Malaysia. We will take reasonable steps to ensure that your Personal Data transferred outside of Malaysia is adequately protected and that such transfers comply with the requirements of the applicable data protection laws.
6.1 IOIPG is committed to take all reasonable steps to ensure your Personal Data is kept confidential and secure, and to take appropriate administrative and security safeguards, policies and procedures to prevent any unauthorised and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data. However, your Personal Data is accessible by a limited number of employees who have special access rights to such systems through the use of a unique identifier and password for the purpose of performing their official duties.
6.2 Your Personal Data is maintained on systems that are protected by secure networks and appropriate security arrangements to prevent any unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data.
We may retain your Personal Data for as long as it is necessary for the Purposes it has been collected, unless otherwise permitted by applicable law or in order to defend legal claims. Where we no longer require your Personal Data for those Purposes, we will cease to retain such Personal Data in accordance with our internal retention policy.
8.1 You have the rights, under applicable data protection laws, to request access and/or correct your Personal Data currently in our possession or control, which can be exercised by contacting the relevant department at the contact details provided in paragraph 10 below. We will need sufficient information from you in order to ascertain your identity as well as the nature of your request to enable us to deal with your request. Where mandated under the applicable data protection laws, your exercise of the rights described or referred to above shall be free of charge. In all other situations, we may charge a fee to cover the cost of verifying the request and locating, retrieving and copying any material requested.
8.2 We reserve the right to decline your request where the applicable data protection laws exempts certain types of Personal Data from being subject to your request and situations when correction need not be made by us despite your request.
9.1 Where we rely on your consent to use your Personal Data, you have the right to withdraw your consent at any time. This withdrawal will however not affect the lawfulness of processing based on your consent before your withdrawal.
9.2 We will process your request within a reasonable time once we have verified your identity and received your clear withdrawal instructions. In this regard, if you withdraw your consent to any or all Purposes and depending on the nature of your request, we may not be in a position to continue to provide our products or services to you.
If you have any questions about this Policy or any queries relating to your Personal Data, or you would like to obtain access and/or make corrections to your Personal Data, please contact us at:
IOI Properties Group Berhad 201301005964 (1035807-A)
Address: Level 29, IOI City Tower 2, Lebuh IRC, IOI Resort City, 62502 Putrajaya, Malaysia (Attention: Group Marketing & Branding)
Email: central.mktg@ioigroup.com
Telephone Number: +603 8947 8888
This Policy shall be governed in all respects by the laws of Malaysia. For the avoidance of doubt, the applicable data protection laws will apply to the processing of your Personal Data.
This Policy will be reviewed from time to time by us. We may also update this Policy to take into account of new laws and technology, changes to our business operations and environment. We shall notify you by posting an updated version of this Policy on our websites and/or mobile applications.
Last updated: 22 November 2022