PERSONAL DATA PROTECTION NOTICE
Dear Valued Users and Guests,
This Personal Data Protection Notice (“Notice”) is issued to all valued users and guests of Carsome Certified Philippines Inc and its affiliate (“Carsome”) pursuant to the Personal Data Protection Act 2012 (“PDPA”).
- 1. During your course of dealing with us, we will collect and process your personal data for purposes, including, to communicate with you, provide products and/or services to you, respond to y our enquiries, provide information and updates on our products, services and promotions offered by Carsome and other purposes required to operate and maintain our business as set out in our Personal Data Protection Policy (collectively referred to as “Purposes”).
- 3. We are committed to ensuring that your personal data is stored securely. You have the right to request for access to, request for a copy of, request to update or correct your personal data held by us. You have the right at any time to request us to limit the processing and use of your personal data. Your written request should be addressed to our Data Protection Officer at <[email protected]>.
- 4. We may update this Notice from time to time to ensure that it is consistent with any changes in legal or regulatory requirements. You agree to be bound by the prevailing terms of the Notice as updated from time to time. We will endeavour to notify you by email or by notice on our Website of any material changes to the Notice.
Dated: July 12, 2022
PERSONAL DATA PROTECTION POLICY
- 1.1 This Policy applies to personal information about individuals (including but not limited to customers, vendors, distributors, suppliers, service providers, joint venture/business partners, job applicants, employees) held by us. We will only process your Personal Data in accordance with the Personal Data Protection Act 2012, the applicable regulations, guidelines, orders made under the Personal Data Protection Act 2012 and any statutory amendments or re-enactments made of the Personal Data Protection Act 2012 from time to time (collectively referred to as the “PDPA”) as well as this Policy.
- 1.3 We reserve the right to modify, update and/or amend this Policy from time to time with reasonable prior notice to you. We will notify you of any amendments via announcements on the Website or other appropriate means. Please check the Website from time to time to see if there are amendments to this Policy.
- 1.4 You may refuse or withdraw your consent for us to collect, use or disclose your Personal Data by giving us reasonable notice. This can be done at any time by emailing our Data Protection Officer (as long as there are no legal or operational restrictions preventing you from doing so). It is important to note that in the event that you do withdraw consent, we will be unable to collect, use or disclose your Personal Data meaning that you will no longer be able to use our services. Our Data Protection Officer will further advise you on the legal consequences that may ensue should you contact him to withdraw your consent. We will process such a request within a reasonable time from receiving notice from you of your withdrawal of consent. Once the processing is complete, we will no longer collect, use and/or disclose your Personal Data, except to the extent that we retain your Personal Data for compliance, regulatory or other legal purposes.
- 1.7 Those who engage in transactions with Carsome may be requested to provide additional information, including, where necessary, their personal and financial information so as to process those transactions. In each case, Carsome collects such information only insofar as is necessary or appropriate to fulfil the purpose of the visitor’s interaction with Carsome. Carsome does not collect personally-identifying information other than as described above. Visitors may decline to supply personally-identifying information, with the caveat that they may be prevented from engaging in certain activities on our Website or services.
- 1.8 If you have elected to receive marketing materials, at any time subsequently you can request not to receive marketing materials by contacting our Data Protection Officer or clicking the “unsubscribe” option made available in our emails to you. Please note however that this may result in us being unable to provide you with updates on our products and services, events and promotional offerings.
- 1.9 In the event you do not agree to this Policy or any amendments to this Policy, we may not be able to render all services to you and you may be required to terminate your relevant agreement with us and/or stop accessing or using the Website.
- 2.1The term “Personal Data” means any information in our possession or control that relates directly or indirectly to an individual to the extent that the individual can be identified or are identifiable from that and other information in our possession, such as name, address, telephone number, Identification/Passport number, date of birth, photograph, email address, household information, etc. as well as Sensitive Personal Data as defined under the PDPA, which includes but is not limited to, information pertaining to the physical or mental health or condition of a data subject and religious beliefs.
- 2.2 The types of Personal Data collected depend on the purpose of collection. We may process your Personal Data by way of collecting, recording, holding, storing, using and/or disclosing it.
- 2.3 Your Personal Data may be collected from you during your course of dealings with us in any way or manner including pursuant to any transactions and/or communications made from/with us. We may also collect your Personal Data from a variety of sources, including without limitation, at any events, seminars, road shows, customer satisfaction surveys organised and/or sponsored by us, as well as from publicly available sources.
- 2.4 In addition, we may also receive, store and process your Personal Data which are provided or made available by any third parties, credit reference bodies, regulatory and law enforcement authorities, for reasons including delivery of our products and/or services, performance of conditions of agreements and/or to comply with our legal and regulatory obligations.
- 2.5 The Personal Data as provided/furnished by you to us or collected by us from you or through such other sources as may be necessary for the fulfilment of the purposes at the time it was sought or collected, may be processed for the following purposes (collectively referred to as the “Purposes”):
- a. to communicate with you;
- b. to maintain and improve customer relationship;
- c. to assess, process and provide products, services and/or facilities to you;
- d. to administer and process any payments related to products, services and/or facilities requested by you;
- e. to establish your identity and background;
- f. to respond to your enquiries or complaints and resolve any issues and/or disputes which may arise in connection with any dealings with us;
- g. to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organised by us and selected third parties which may be of interest to you from time to time;
- h. for direct marketing purposes via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels;
- i. to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
- j. to award points in a loyalty or rewards programme;
- k. to maintain and update internal record keeping;
- l. for internal administrative purposes;
- m. to send you seasonal greetings messages from time to time;
- n. to send you the invitation to join our events, promotions and product launch events;
- o. to monitor, review and improve our events, promotions, products and/or services;
- p. to conduct credit reference checks and establish your creditworthiness, where necessary, in providing you with the products, services and/or facilities;
- q. to administer and give effect to your commercial transactions with us (such as a tender award, contract for service, tenancy agreement);
- r. to process any payments related to your commercial transactions with us;
- s. to process and analyse your Personal Data either individually or collectively with other individuals;
- t. to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
- u. to share any of your Personal Data with the auditor for our internal audit and reporting purposes;
- v. to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
- w. to share any of your Personal Data with our joint venture/business partners to jointly develop products and/or services or launch marketing campaigns;
- x. to share any of your Personal Data with insurance companies necessary for the purpose of applying and obtaining insurance policy(ies), if necessary;
- y. to share any of your Personal Data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
- z. for audit, risk management and security purposes;
- aa. for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
- bb. for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
- cc. to transfer or assign our rights, interests and obligations under any agreements entered into with us;
- dd. for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
- ee. to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
- ff. to carry out verification and background checks as part of any recruitment and selection process in connection with your application for employment with us; and/or
- gg. for other purposes required to operate, maintain and better manage our business and your relationship with us, which we notify you of at the time of obtaining your consent; and you agree and consent to us using and processing your Personal Data for the Purposes in the manner as identified in this Policy. If you do not consent to us processing your Personal Data for one or more of the Purposes, please notify us at the contact details below.
- 2.6 We may also use your Personal Data (a) for other purposes which are reasonably related to the Purposes; or (b) in circumstances where such use does not require consent under applicable laws.
- 2.7 We may use your Personal Data to contact you in respect of our services. We will send emails to the email addresses provided by you and we will be making calls on the phone numbers provided by you if required. If you have provided an incorrect email address or phone number (or if these details have been changed without notice to us), then you may not receive these communications. Carsome will not be responsible for any breach of privacy due to correspondence going to an incorrect address or phone number. We may also use your Personal Data to contact you to perform surveys about your opinion of Carsome or our services, or of potential new services that may be offered. By submitting your Personal Data on our Website, you consent to your Personal Data being used by Carsome for such communications. Should you no longer wish to be contacted, you may opt out of receiving these communications on your profile.
- 2.8 We use location-related information such as your current location, where you live, the places you like to go and the businesses and people you’re near to provide, personalize and improve our services, including ads, for you and others. With your permission, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelorometers and compasses. The collection of your geolocation may occur in the background even when you are not using the services if the permission you gave us expressly permits such location.
- 2.9 We may collect information about your computer, including your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers and to generate insights. We may use information about member statistics, trafﬁc patterns for the purposes of our business activities, including sales, marketing, mergers, acquisitions and bankruptcies.
- 2.10 We may disclose your personal information if we are under a duty to disclose or share such data in order to comply with any legal obligation, or to protect the rights, property, or safety of Carsome, our users, or others. This includes, but not limited to, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- 2.11 The collection of your Personal Data by us may be mandatory or voluntary in nature depending on the Purposes for which your Personal Data is collected. Where it is obligatory for you to provide us with your Personal Data, and you fail or choose not to provide us with such data, or do not consent to the above or this Policy, we will not be able to provide products and/or services or otherwise deal with you.
- 3.1 In relation to our use of your Personal Data for the Purposes, we may need to disclose your Personal Data to:
- a. Between Carsome and our related corporations and affiliates either in Malaysia or overseas;
- b. your immediate family members and/or emergency contact person as may be notified to us from time to time;
- c. successors in title to us;
- d. any person under a duty of confidentiality which we have engaged to discharge our obligations to you, to whom has undertaken to keep your Personal Data confidential;
- e. any party in relation to legal proceedings or prospective legal proceedings;
- f. our auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with our business on a strictly confidential basis, appointed by us to provide services to us;
- g. any party nominated or appointed by us either solely or jointly with other service providers, for purpose of establishing and maintaining a common database where we have a legitimate common interest;
- h. data centres and/or servers located within or outside Malaysia for data storage purposes or otherwise;
- i. payment channels including but not limited to financial institutions for purpose of assessing, verifying, effectuating and facilitating payment of any amount due to us in connection with your purchase of our products and/or services;
- j. government agencies, law enforcement agencies, courts, tribunals, regulatory bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any jurisdiction, if required or authorised to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities;
- k. our joint venture/business partners, third-party product and/or service providers, suppliers, vendors, contractors, data processors or agents, that provide related products and/or services in connection with our business, or discharge or perform one or more of the above Purposes and other purposes required to operate and maintain our business, including but not limited to call centres, telecommunication companies, logistics companies, information technology companies and data centres; insurance companies for the purpose of applying and obtaining insurance policy(ies), if necessary;
- l. financial institutions for the purpose of applying and obtaining credit facility(ies), if necessary;
- m. financial institutions, merchants and credit card organisations in connection with your commercial transactions with us;
- n. the general public when you become a winner in a contest by publishing your name, photographs and other Personal Data without compensation for advertising and publicity purposes;
- o. to third-party credit reporting or employment agencies as part of the recruitment and selection process and/or otherwise in connection with your application for employment with us;
- p. in the event of a potential, proposed or actual sale/disposal of any of our business or interest, merger, acquisition, consolidation, re-organisation, funding exercise or asset sale relating to us, or in the event of winding-up (“Transaction”), your Personal Data may be required to be disclosed or transferred to a third party as a result of or in connection with, the Transactions; and
- q. any other party whom you authorize us to disclose your Personal Data to.
- 3.2 You hereby acknowledge that such disclosure and transfer may occur and permit us to disclose and transfer your Personal Data to such third party and its advisors/representatives and/or any other person reasonably requiring the same in order for us to operate and maintain our business or carry out the activities set out in the Purposes.
We aim to keep all Personal Data as accurate, complete, not misleading, up-to-date and reliable as possible. Therefore, the accuracy of your Personal Data depends to a large extent on the information you provide. As such, it is a condition of us providing the products, services and/or facilities to you that you:
- a. warrant and declare that all your Personal Data submitted or to be submitted to us are accurate, not misleading, updated and complete in all respects for purposes of acquiring or using the relevant products, services and/or facilities, and you have not withheld any Personal Data which may be material in any respect and that we are authorised to assume the accuracy and up-to-dateness of the Personal Data given by you when processing such Personal Data); and
- b. promptly update us as and when such Personal Data provided earlier to us becomes inaccurate, incomplete, misleading, outdated or changes in any way whatsoever by contacting us at the contact details below.
- 5.1 Subject to the exceptions provided under the PDPA, you have the right to request for access to, for a copy of, to update or correct, your Personal Data held by us. We may charge a small fee (such amount as permitted by the PDPA) to cover the administration costs involved in processing your request to access your Personal Data.
- 5.2 In respect of your right to access and/or correct your Personal Data, we have the right to refuse your request to access and/or correct your Personal Data for the reasons permitted under the law, such as where the expense of providing access to you is disproportionate to the risks to your privacy, or where the rights of others may also be violated, amongst other reasons.
- 5.3 You have the right at any time to request us to limit the processing and use of your Personal Data (for example, requesting us to stop sending you any marketing and promotional materials or contacting you for marketing purposes).
- 5.4 In addition, you also have the right, by notice in writing, to inform us on your withdrawal (in full or in part) of your consent given previously to us subject to any applicable legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal of consent to be affected. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean that we will not be able to continue with your existing relationship with us and/or the contract that you have with us will have to be terminated.
Any of your Personal Data provided to us is retained for as long as the Purposes for which the Personal Data was collected continues. Your Personal Data will be destroyed from our records and system in accordance with our retention policy in the event your Personal Data is no longer required for the said purposes unless its further retention is required to satisfy a longer retention period to meet our operational, legal, regulatory, tax or accounting requirements.
- 7.1 We are committed to ensuring that your Personal Data is stored securely. In order to prevent unauthorised access, disclosure or other similar risks, we endeavour, where practicable, to implement appropriate technical, physical, electronic and procedural security measures in accordance with the applicable laws and regulations and industry standard to safeguard against and prevent the unauthorised or unlawful processing of your Personal Data, and the destruction of, or accidental loss, damage to, alteration of, unauthorised disclosure of or access to your Personal Data.
- 7.2 We will make reasonable updates to its security measures from time to time and ensure the authorised third parties only use your Personal Data for the Purposes set out in this Policy.
- 7.3 The Internet is not a secure medium. However, we will put in place various security procedures with regard to the Site and your electronic communications with us. All our employees, joint venture/business partners, agents, contractors, vendors, suppliers, data processors, third-party product and/or service providers, who have access to, and are associated with the processing of your Personal Data, are obliged to respect the confidentiality of your Personal Data.
- 7.4 Please be aware that communications over the Internet, such as emails/webmails are not secure unless they have been encrypted. Your communications may be routed through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.
- 7.5 The association of our services with social media sites makes available certain features which, when used by you, may result in information being made available from your accounts with those social media sites to our Company. Such information which we collect about you shall constitute public information that is available in the general domain because such information was made publicly available by those social media sites. Should you prefer that we do not collect your information from the social media sites, please (i) do not use the features or links that associates our services with the social media sites; and (ii) adjust the settings in your accounts with the social media sites to prevent the sharing of your information with our Website. Please note that our Company cannot control nor is our Company howsoever responsible for the sharing of your information by the social media sites with third parties (such as Carsome).
- 7.6 We cannot and do not accept responsibility for any unauthorised access or interception or loss of Personal Data that is beyond our reasonable control.
8. TRANSFER OUTSIDE OF MALAYSIA
Our information technology storage facilities and servers may be located in other jurisdictions outside of Malaysia. This may include, but not limited to, instances where your Personal Data may be stored on servers located outside Malaysia. In addition, your Personal Data may be disclosed or transferred to entities located outside Malaysia or where you access the Site from countries outside Malaysia. Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that offered in Malaysia under the laws of Malaysia. You hereby expressly consent to us transferring your Personal Data outside of Malaysia for such purposes. We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of Malaysia shall not use your Personal Data other than for that part of the Purposes and to adequately protect the confidentiality and privacy of your Personal Data.
9. EXTERNAL LINKS
- 9.1 If any part of the Site links you to other websites, those websites do not operate under this Policy and we do not accept any responsibility or liability arising from those websites.
- 9.2 Likewise, if you subscribe to an application, content or a product from our strategic partner and you subsequently provide your Personal Data directly to that third party, that Personal Data will be subject to that third party’s privacy/personal data protection policy (if they have such a policy) and not to this Policy.
- 9.3 We recommend you to read and understand the privacy/personal data protection statement/policy posted on those other websites in order to understand their procedures for collecting, processing, using and disclosing personal data and before submitting your Personal Data to those websites.
10. MINORS UNDER EIGHTEEN
- 10.1 Unless otherwise stated, our services, our content, our updates, our events, our promotions and products are not directed to persons who may be defined as minors under applicable law. As such, if you are below 18, please terminate all access to our services immediately. We reserve the right (but not the obligation) to demand at any time evidence for our review to verify that you are above 18 years of age.
- 10.2 If we learn that we have collected the personal data of a minor under 18 years of age, or we reasonably suspect that you are under 18 years of age and you are unable to prove otherwise, we will take reasonable steps to delete your Personal Data with us and no refunds of any kind shall be provided to you.
- 10.3 Unless otherwise stated, we do not knowingly collect Personal Data from minors. However, through the internet, we are not able to ascertain on our end whether individuals are minors. It is thus the responsibility of parents or guardians to ensure that their minors do not access our Website, use our services, email us, or provide us with Personal Data without parental/their guardian’s consent. If a parent or guardian becomes aware that his or her minor has accessed our Website or our services or provided us with Personal Data without his/her consent, he or she should contact our Data Protection Officer.
11. COOKIES AND OTHER DATA COLLECTION TECHNOLOGIES
- 11.1 We employ an industry standard technology called “cookies”. The cookie is a small piece of information stored on the hard drive of your computer or device for record-keeping purposes and is used by us to track your visits to the Site. Cookies may be used to save your preferences for your ease and convenience when using the Site. Third party advertising networks may issue their separate cookies to your hard drive when serving advertisements.
- 11.2 The type of anonymous clickstream data collected by us through the cookies may include your Internet Protocol address, web browser software, date and time of visit to the Site, and whether your requests (including search requests and clicking on links to parts of the Site) were met with success. All such information collected through cookies is not Personal Data and you cannot be identified from this information. Such information is only used for the purpose of managing and creating a better user experience and to identify areas for improvement on the Site.
- Web Beacons
- 11.4 Carsome (and in some cases our advertisers and third-party providers) keep track of how many users are accessing particular pages within our website, we may place a small file, called a web beacon, on some of our pages.
- 11.5 Carsome reserves the right to place a web beacon in the emails we send to you. When you open one of our emails or click on links within these emails, we track this click-through data to help us determine their interest in particular topics and measure the effectiveness of our communications with you generally. If you do not wish to be reached out to in this way, you should not open these emails or click text or graphic links in the emails.
- Information about your Computer or Device
- 11.6 The web server of Carsome (and/or any web server operated by our service provider(s) on our behalf) automatically collects and may store limited information about your computer configuration when you visit or use our website, including but not limited to:
- a. The type of browser software you have,
- b. The operating system you are running,
- c. The resolution of your computer monitor,
- d. Your IP address. (This is a numerical address that is used by computers connected to the Internet to identify a computer so that data (such as the web pages you want to view) can be transmitted. We also use IP address information for systems administration (including fraud detection and prevention) and troubleshooting purposes.
- 11.7 Carsome may also collect information about the website you were visiting before you came to any of our websites and the website he or she visited after they left our websites.
- Combined Technology Information
- 11.8 Cookies, beacons, information collected about your computer or device, and other data collection technologies ("Data Technologies") may be used individually or in combination in order to provide and/or administer our services, to help us understand user-behaviour, to monitor website's performance, optimize ads and measure advertising performance.
- Website Analytics
- 11.9 Carsome may collect, or have a third party collect on our behalf, data on how visitors use and navigate through the Website, such as the number of users who visit various pages within the Website, what they click on, whether they scroll up or down on particular pages, fill out forms, etc. We use this information to improve the Website and learn about users, and may disclose it to our partners and affiliates (including, among others, the members of Carsome’s corporate family), or to third parties.
In the event you have any questions about this Policy, have any further queries, or would like to make a complaint, data access, correction request in respect of your Personal Data, you may contact our Compliance Officer at <[email protected]>.
13.GOVERNING LAW AND JURISDICTION
Dated: July 12, 2022