Data Protection Policy
This Data Protection Policy (“Notice”) sets out the basis which Company Startup Grants and all its related companies (collectively referred to herein as “Company Startup Grants”, “us”, “we” or “our”) may collect, use, disclose or otherwise process personal data of our stakeholders such as but not limited to our clients, employees and job applicants in accordance with the Malaysia Personal Data Protection Act (No. 26 of 2012) (“PDPA” or “Act”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use, disclose or process personal data for our purposes.
By interacting with us, submitting information to use, or signing up for any products and services offered by us, you agree and consent to us, as well as our authorized representatives and/or agents collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to our authorized service providers and relevant third parties in the manner set forth in this Notice.
This Notice supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.
We may from time to time update this Notice to ensure that this Notice is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Notice as updated from time to time on our website http://companystartupgrants.com/data-protection-policy/.
1. Scope
1.1 In this Notice, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
1.2 Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, age or date of birth, mobile number(s), telephone number(s), facsimile number(s), mailing address, email address, network data and any other information relating to any individuals which you have provided us via our interaction with you.
1.3 Other terms used in this Notice shall have meanings given to them in the PDPA (where the context so permits).
2. Collection of Personal Data
2.1 Generally, we collect Personal Data in the following ways:
- when you submit any forms relating to any of our products and services;
- when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
- when you interact with our staff, for example, via telephone calls, letters, face-to-face meetings, social media platforms and emails;
- when you interact with us via any of our websites or use services on any of our websites;
- when you request that we contact you or request that you be included in an email or other mailing list;
- when you respond to our promotions, initiatives or to any request for additional Personal Data;
- when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events at our premises;
- when you are contacted by, and respond to, our marketing representatives;
- when we receive references from business partners and third parties, for example, where you have been referred by them;
- when you engage us through any social media on the Internet and on the social media itself;
- when we seek information from third parties about you in connection with the products and services you have applied for; and/or
- when you submit your Personal Data to us for any other reason.
2.2 If you provide us with any Personal Data relating to a third party (eg information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent and warrant to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
3. Purposes for Collection, Use and Disclosure of Your Personal Data
3.1 Generally, we collect, use and disclose your Personal Data for the following purposes:
- responding to your queries, feedback and requests;
- verifying your identity and processing payments;
- managing our administrative and business operations and complying with internal policies and procedures;
- providing updates and other communications on developments relating to us;
- facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving us;
- matching any Personal Data held which relates to you for any of the purposes listed herein;
- preventing, detecting and investigating crime and analyzing and managing commercial risks;
- facilities management (including but not limited to maintaining the security of our premises);
- managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance);
- in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
- conducting investigations relating to disputes, billing or fraud;
- managing and preparing reports on incidents and accidents;
- meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies which have jurisdiction over us (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations);
- financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;
- project management;
- providing media announcements and responses; and/or
- any other purpose reasonably related to the aforesaid.
3.2 In addition, we collect, use and disclose your Personal Data for the following purposes, depending on the nature of your relationship with us:
- If you are our client:
- assessing and processing any applications or requests made by you for products and services offered by us;
- requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve the quality of our products and services;
- facilitating the continuation or termination of the relationship and the provision of services to you in accordance with the mandate that you have agreed with us;
- client relationship management, including sending information relating to our services and business, services offered by third parties, event invitations, newsletters or publications;
- archival management (including but not limited to warehouse storage and retrievals); and/or
- any other purpose reasonably related to the aforesaid.
- If you are our existing employee:
- providing remuneration, reviewing salaries and bonuses, conducting salary benchmarking reviews, appraisals and evaluation;
- staff orientation and entry processing;
- administrative and support processes relating to your employment, including its management and termination, as well as staff benefits, including manpower, business continuity and logistics management or support, processing expense claims, medical insurance applications, medical services, leave administration, training, learning and talent development, and planning and organizing corporate events;
- providing you with tools and/or facilities to enable or facilitate the performance of your duties;
- compiling and publishing internal directories and emergency contact lists for business continuity;
- conducting analytics and research for human resource planning and management, and for us to review, develop, optimize and improve work-related practices, environment and productivity;
- administering cessation or termination processes; and/or
- any other purpose reasonably related to the aforesaid.
- If you submit an application to us as a candidate for an employment position:
- managing and verifying your application;
- performing background checks, and verifying all your employment details and qualifications;
- providing or obtaining employee references and for background screening;
- assessing your suitability for the position applied for; and/or
- any other purposes relating to any of the above.
- If you do not interact with us in the manners specified above, we may collect, use and/or disclose your Personal Data for the following purposes, in accordance with the Act:
- the purposes for which we have specifically obtained your consent; and/or
- the purposes for which you have provided your Personal Data to us.
3.3 If you have provided your telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, we may contact you using such telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services.
3.4 When the need arises for Personal Data to be collected, used or disclosed for purposes other than the ones originally consented for, we will obtain your fresh consent in that regard, where necessary, in accordance with the Act.
3.5 As we rely on your Personal Data to provide products and services to you, you should ensure that all Personal Data submitted to us is complete, accurate, true and correct.
3.6 The purposes listed in the above clauses may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).
4. Disclosure of Personal Data
4.1 We will take reasonable steps to protect your Personal Data against unauthorized disclosure. Subject to the provisions of any applicable law, we may disclose your Personal Data for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
- our existing or future related companies;
- agents, contractors or third-party service providers who provide operational services to us, such as courier services, telecommunications, information technology, payment, printing, technical services, training, market research, call center, security, employee recognition, storage and archival or other services;
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving us;
- banks, financial institutions, credit card companies and their respective service providers;
- in the event of default or disputes, any debt collection agencies or dispute resolution centers (whether in Singapore or otherwise);
- any liquidator, receiver, official assignee/trustee, judicial manager or any other person appointed under or pursuant to any applicable law or court order in connection with the bankruptcy, liquidation, winding up, judicial management or any other analogous process in respect of any individual, company or business;
- our professional advisors such as consultants, auditors and lawyers;
- any judicial, administrative or regulatory body, any government or public agency, statutory boards or authorities or law enforcement bodies or any agents thereof, having jurisdiction over us; and/or
- any other person in connection with the purposes set forth above.
5. Retention of Personal Data
5.1 We will retain your Personal Data for only as long as the purposes for which such data is collected or used continues, or where necessary for our legal or business purposes (“Purposes”).
5.2 We will take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted if it is no longer required for those Purposes.
6. Access to and Correction of Personal Data
6.1 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
6.2 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
6.3 We will respond to your request as soon as reasonably possible. In general, our response will be within ten (10) business days. Should we not be able to respond to your access request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
6.4 Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.
7. Withdrawing Consent
7.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
7.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
7.3 If you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such event.
8. Use of Cookies
8.1 A cookie is a small piece of information that is placed on your computer when you visit certain websites. The cookies placed by the servers hosting our websites are readable only by us, and cookies cannot access, read or modify any other data on an electric device, nor does it capture any data which allows us to identify you individually. The data collected by the cookies will be used for the purpose of improving your browsing experience on our websites and to enable us to serve you better.
8.2 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our websites.
9. Data Security
9.1 To safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures.
9.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we take reasonable efforts to protect the security of your information and are constantly reviewing and enhancing our information security measures.
10. Accuracy of Personal Data
10.1 We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.
11. Links to Other Websites
11.1 Our websites may contain links to other websites operated by third parties. As we do not have any control over such third-party websites, we cannot be responsible for the privacy practices of websites operated by third parties that are linked to our websites. Once you have left our websites, you should check the applicable data protection notice of the third party to determine how they will handle any information they collect from you.
12. Transfer of Personal Data Outside of Malaysia
12.1 Within the scope of your business and purpose with us, we may transfer your personal data to countries outside of Singapore. When we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
13. Contacting Us
13.1 You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures; or if you wish to make any withdrawal, access and correction request, in the following manner:
Designation: Data Protection Officer
Email Address: info@companystartupgrants.com
13.2 If you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such event.
14. Governing Law
14.1 This Notice and your use of this website shall be governed in all respects by the laws of Singapore.
15. Effect of Notice and Changes to Notice
15.1 This Notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
15.2 We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued relationship with us constitutes your acknowledgement and acceptance of such changes.