PERSONAL DATA PROTECTION NOTICE (FOR CUSTOMERS)
A. INTRODUCTION
Beaconhouse Malaysia Sdn Bhd (Company No. 644050-M) and Beaconhouse Educational Services Sdn Bhd (Company No. 913492-M) (“Beaconhouse”), respect and are committed to protecting your privacy. In line with the Personal Data Protection Act 2010 (“PDPA”), which regulated the processing of Personal Data in commercial transactions, we have formulated this Personal Data Protection Notice (“Notice”) to describe the manner in which we collect, use and process Personal Data which we obtain about you, either directly form you or through various means, which include but without limitation to:-
- the provision of your Personal Data to us through our website at https://beaconhouse.edu.my/ (“Website”) and/or emails;
- through our written or verbal communication with you, including through documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you;
- through our communication, interaction and contact with you through other means, including that taking place at events, road shows, seminars, conferences and talks, either hosted by us or otherwise;
- from relevant third parties, such as suppliers, credit bureau, credit reference agency, credit reporting agency, rating agency, agency approved by Bank Negara Malaysia (“BNM”), insurance company, financial mediation bureau, General Insurance Association of Malaysia, Life Insurance Association of Malaysia, your employers, guarantors and security party; and
- from information available in the public domain.
For the purposes of this Notice, “Personal Data” means information in respect of commercial transactions which relates directly or indirectly to an individual as defined under the PDPA, including any sensitive Personal Data.
If you are reading this Notice on behalf of a company, business organisation or legal entity which maintains a commercial relationship with us, this Notice is intended to be addressed to the individual corporate officers (which may include but is not limited to authorised persons, authorised signatories, company secretaries, directors, shareholders, guarantors and obligors of the company, business organisation or legal entity) (collectively, “Individuals”) and “you” shall be construed accordingly to include such Individuals.
The Personal Data which we collect and process about you may include but is not limited to the following:-
- general data: name, gender, date of birth, citizenship, marital status, identity card number, passport number, race, ethnic origin, information in audio and/or video format (including voice, voice recording, closed-circuit television (“CCTV”) footage and security recording), images (including photographs) and other personally identifiable information;
- contact details: correspondence address, phone number and email address;
- financial information: bank account details, information on financial standing, creditworthiness and results of credit checks; and
- any such information as we deem necessary or appropriate from time to time in connection with your commercial relationship with us.
B. PURPOSES OF COLLECTION AND PROCESSING
Your Personal Data is collected and processed by us for purposes which are either directly or indirectly related to your commercial relationship with us, including but not limited to the following:-
- to assess, manage, maintain and process your accounts with Beaconhouse;
- to manage our relationship with you and to communicate with you as our new, existing, former or prospective customer;
- to address queries and/or respond to your requests and/or comments;
- to conduct credit checks and to assess, verify and monitor your background, financial standing and creditworthiness;
- to administer and communicate with you in relation to our accounts and other relevant payments, including but not limited to outstanding payments, etc.;
- to provide you with on-going information on services offered by us, for example, by sending you brochures, pamphlets, newsletter, periodicals and promotional materials on such programmes and services which you may be interested into and contacting you with regards to such programmes, services or upcoming events in relation thereto;
- to conduct internal business, risk management, cross-selling, marketing analysis and profiling activities;
- for research purposes including historical and statistical purposes and analysis;
- to comply with our legal, regulatory and/or governmental obligations in the conduct of our business;
- to satisfy requirements of applicable laws and/or to abide by court orders;
- to obtain feedback in relation to the programmes and/or services offered by us;
- for the planning and implementation of any corporate proposals, such as sale of business, sale of assets, mergers and acquisitions;
- for the purposes of enforcing or defending our legal rights and/or obtaining legal advice;
- for our internal records management or administrative purposes; and
- for any other purposes that are incidental or ancillary to or in furtherance to the above purposes.
Such Personal Data provided may be voluntarily given by you. However, if you do not provide your Personal Data or as a result of the withdrawal of your consent to our processing of your Personal Data in accordance with Section E below, we may not be able to communicate with you, process your accounts and/or provide you with information and/or services which you may require.
C. DISCLOSURE AND TRANSFERS OUTSIDE MALAYSIA
We may disclose your Personal Data to the following categories of third parties (who may be located within our outside Malaysia) for any of the purposes as set out in Section B above:-
- relevant government departments, agencies, statutory authorities and industry regulators, such as the Ministry of Education Malaysia (Kementerian Pendidikan Malaysia);
- any of our related corporations and affiliates, including those established in the future or our business partners;
- third parties vendors, contractors, agents and other third party service providers engaged by us to provide related services or products in connection with our business, such as contractors, event organisers, insurance agencies or insurers, repossession agents, debt collection agents and electronic fund transfer facilitators;
- credit bureau, credit reference agency, credit reporting agency, rating agency, agency approved by BNM or the Association of Finance Companies of Malaysia;
- governmental, legal and/or regulatory authorities in order to comply with legal or regulatory requirements, including any requirements relating to disclosures;
- any other third party as may be required by applicable laws or court orders;
- our auditors, legal advisers, consultants and other financial or professional advisers; and
- the general public by publishing your images, photographs, voice and video recording for publicity purposes (without payment or compensation).
Your Personal Data may also be transferred to locations outside Malaysia and may be stored in any server located within Malaysia or outside Malaysia, for any of the purposes as set out in Section B above.
D. RIGHT TO REQUEST ACCESS AND CORRECTION AND TO LIMIT PROCESSING
You may at any time submit to us any inquiries and/or complaints and/or request to make corrections or to limit our processing of your Personal Data by contacting our Personal Data Protection Officer by email at [email protected] or by phone at +603-56322100 or by fax at +603-56322900 or by registered mail to be addressed to the Personal Data Protection Officer at Suite W1103, Wisma Consplant 1, No.2 Jalan SS 16/4, Subang Jaya 47500 Selangor Darul Ehsan, Malaysia. In general and subject to certain exemptions, you are also entitled as an individual under the PDPA, to request access to the Personal Data, including requesting for copies of the same, for which we may impose upon you the payment of a prescribed fee. Any data access requests can be made by contacting our Personal Data Protection Officer accordingly.
E. YOUR CONSENT
In any event that you do not approve or accept the terms of our use of your Personal Data in any of the ways which we have detailed out in this Notice, you may inform us by contacting our Personal Data Protection Officer, whose contact details are as specified above. For example, if you do not wish for us to provide you with information and/or to market our programmes and services to you, you may exercise your right to opt-out by contacting our Personal Data Protection Officer accordingly.
We will continue to handle and process your Personal Data in accordance with this Notice unless we hear otherwise from you.
If we do not receive any notification from you within a period of thirty (30) days from the date of our mailing of this Notice, we shall presume that you have approved our collection, use and processing of your Personal Data in accordance with this Notice. However, you may at any point withdraw your consent by way of written notice to our Personal Data Protection Officer. Please note however that withdrawal of consent given, whether in full or in part, shall only be effective after lapse of a reasonable time period in order to allow for such withdrawal to be processed, and shall be subject to any legal restriction and/or contractual conditions as may be applicable.
To the extent that you wilfully and voluntarily disclose to us any personal information, whether or not failing within the definition of Personal Data above, of any individual, we shall assume, without independent verification, that you have obtained consent of such individual for the disclosure as well as the processing of their personal information in accordance with the terms of this Notice.
F. CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA
We are committed in maintaining the security of your Personal Data and have taken reasonable steps and measure to prevent unauthorised access, disclosure, loss or theft of information in both physical and electronic environment.
We employ reasonable security measures and technologies, such as password protection, encryption, physical locks etc., to ensure the confidentiality and security of your Personal Data. We have also taken appropriate measures to provide employees who handle and process your Personal Data with appropriate training and awareness programmes to ensure that they are fully aware of their responsibilities with regards to data protection. Where we have chosen to employ third party processors to manage our systems and data or to provide such third party processors with such data, such third party processors have been required by us to be bound by contractual undertakings which include giving sufficient guarantees in respect of the technical and organisational security measures governing their processing of such Personal Data.
The transmission of Personal Data via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted via the Website or any other electronic channel. Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
G. REVISION, AMENDMENTS AND CONFLICT
We may revise, update, modify or amend the terms of this Notice at any time without prior notice to you, by placing the updated version of it on the Website. By continuing to use our Website and continuing your relationship with us without any written objection following such revision, modification or amendment of this Notice, you are deemed to accept such revisions, modifications or amendments. You are advised to check this Notice on a regular basis from time to time.
This Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistency between the English version and the Bahasa Malaysia version, the terms of the English version shall prevail.