A. INTRODUCTION & BACKGROUND FACTS THAT YOU SHOULD KNOW

This Personal Data Protection Policy explains the information that MyHero Technology Sdn Bhd (MHTSB) collects when you use its services, how that information is used, with whom it may be shared and your privacy choices when you utilise its Services.

We take your privacy seriously and we will only collect, record, hold, store, use and/or process your personal data or information as outlined below. We appreciate and thank for your precious time in going through our Personal Data Protection Policy (to be referred as “the PDPP”) for a better engagement with MHTSB.

MHTSB is a company incorporated in Malaysia under registration number 201401012572 (1088652-D) and having its business address at 58, Jalan Sultan Ahmad Shah, Georgetown, 10050 Pulau Pinang and registered address at 347-V, Tingkat Pemancar, Gelugor, 11700 Pulau Pinang.

1. We strongly believe that data protection is a matter of mutual trust and your privacy is important to us. We shall therefore only process your name and other information which relates to you in the manner set out in the PDPP including but not limited to the existing legislation, sub-regulations, policies and/or regulatory guidelines (whichever is applicable).

2. We will only collect data or information where it is necessary for us to do so. We will only collect data or information if it is relevant to our dealings or transactions with you. We will only keep your data or information for as long as we are either required to do so by law or as is relevant for the purposes for which it was collected.

3. We are committed to protecting all personal data or information kept by us and providing you with the highest levels of customer service within our capabilities. We therefore hereby set out a number of personal data protection principles concerning the exercise and/or process of your personal data or information.

For the purpose of this PDPP, the definition of some salient terms including but not limited to the following:

I. “Personal Data”

means any personal data or information that has been provided to MHTSB or made available to MHTSB, it shall be deemed that MHTSB has been given consent to collect and process the customer’s personal data which is in the possession, control and management of the authorised entity governing the operation and management of the premises, e.g. name, identity card or passport number, address, contact number, copies and details of identification documents, contact details, bank account number, employment history, credit and references check, marital status, health status, commission or alleged commission of offence, personal financial and social security detail that relates directly or indirectly to an individual to the extent that the individual can be identified or is identifiable from such information.

II. “Sensitive Personal Data”

means and including but not limited to the personal data or information relating to your physical or mental health condition, political opinions, religious beliefs or other beliefs of a similar nature, commission or alleged commission of any offence or any other personal data determined by existing legislation; and

III.“Third Party”

means an individual, incorporated or unincorporated entity who is not a party to a contract or a transaction with MHTSB but excluding MHTSB’s authorised agents, contractors, sub-contractors and professional advisors or representatives.

4.You hereby consent that we may collect, record, hold, store, use and/or otherwise process your personal data and sensitive personal data. This consent shall remain applicable until we receive a written revocation of consent from you.

5.We reserve the right at our sole discretion at any time to refuse to provide or immediately suspend and/or terminate, any or all of our services to you in the event you refuse to grant, withdraw, revoke the consent and/or limit the processing of your data referred to in Clause 4.

6.MHTSB hereby expressly reserves the right to amend, alter or change any portion of this PDPP. We will announce such amendments, alterations or changes through an official notice that will be addressed to you.

B. SCOPE OF THE PERSONAL DATA PROTECTION POLICY

7. This PDPP applies to all operations and business units of MHTSB. We are responsible for the customer’s access and correction of personal data or information, notice and choice process to limit processing of personal data or information. We are also responsible for monitoring the administration of this PDPP and its compliance.

8.This PDPP is effective upon the execution and signing of the Personal Data Protection Consent Form with MHTSB.

C. SCOPE OF THE PERSONAL DATA PROTECTION PRINCIPLES IN THE PDPP

9.GENERAL PRINCIPLE

9.1 MHTSB will use, process, record, hold, store, share and disclose (“the Process”) the Personal Data with your consent during your course of dealing with us in any manner, among others, for the following purposes:

1. in all matters pertaining to the contract entered or to be entered into between you and us;
2. for the purposes of processing your application, request and/or queries;
3. for the purposes of providing you with our services;
4. for the purposes of internal control and risk management;
5. to conduct analysis and evaluation of our services in order to assist us to improve our services;
6. monitoring compliance with the agreement in paragraph (a) and our rules and policies for the time being in force and any other applicable laws;
7. complying with the compliance and disclosure requirements of any and all governmental and/or quasigovernment departments, agencies, regulatory and/or statutory bodies;
8. complying with any legal obligation binding on us under any law, rule, regulation, by-law, order, guideline, directive, policy and such other requirements in force and as amended from time to time;
9. enforcing our rights under the agreement in paragraph (a) and our rules and policies for the time being in force or any other applicable laws to defend our rights;
10. for the purposes of record-keeping in the ordinary course of our business;
11. for the purposes of circulating, transmitting and/or delivering to you, by any means (including emails, short messaging services, regular mails and other means), promotional materials (including products, services, new launches, upcoming events, promotions, advertisements, marketing and commercial materials) relating to our services; and
12. for any purposes relating to or in connection with our business.

9.2 OMHTSB does not sell, share or trade your Personal Data collected or processed with any unauthorised third party(ies), unless consented by you or expressly specified herein;

9.3 You hereby consent that we may collect, record, hold, store, use and/or otherwise process your information including but not limited to your:

A.Name;

B.Email address;

C.Residential address;

D.Date of birth;

E.Gender;

F.Religious belief;

G.Contact number;

H.Identification number;

I.Photo;

G.Bank accounts;

K.Credit and reference check

9.4 The Personal Data that we collect from you will be used and shared within our group of entities and to authorised third party for one or any of the following purposes:

A. to conduct credit checks and/or litigation checks on you;

B.to obtain any information relating to your credit intelligence, profile and other credit information;

C.to obtain and verify any information about you as we in our sole discretion shall deem fit, including for the purpose of complying with anti-money laundering laws;

D.to disclose any information and data relating to you to the Central Bank of Malaysia, any governmental or regulatory agency or authority, any credit bureau, any credit reporting agency, and any other person to whom disclosure is permitted and/or required by law;

E.to process, manage and/or verify your actual identity;

F.to protect and/or enforce parties’ legal rights including but not limited to initiating or defending any legal proceeding;

G.to detect, investigate or prevent any fraudulent or illegal activities or misuse for illegal purpose and/or purposes or intention that violates the legislation or any governmental policies;

H.to transfer, assign and/or validate the parties’ rights, interests and/or obligations under any contractual agreement entered between us; and

I.for MHTSB’s internal administrative work purposes.

10. NOTICE AND CHOICE PRINCIPLE

10.1 Please be informed that MHTSB will process your Personal Data for the following reasons and subject to your choice but possible limitation of services, may disclose the Personal Data to:

A.individuals, companies, organisations or entities for the performance of MHTSB’s contract of providing any services to you;

B.individuals, companies, organisations or entities for compliance with any legal and/or regulatory obligations to which MHTSB is subject, in addition to any obligation imposed under MHTSB’s contract with you;

C.regulatory bodies or other government authorities in compliance with requirements or compulsions under any legislation or orders or towards the detection, assistance, investigation or prevention of any criminal or illegal activities;

D.any parties involved in or related to a legal proceeding in the courts of law in Malaysia and for the purposes of such proceedings;

E.protects MHTSB’s vital interests;

F.for the administration of justice and/or facilitating the legal or justice system in Malaysia;

G. for the exercise of any functions, responsibilities or obligations conferred on any person by or under any legislation, law and order of courts of law in Malaysia.

10.2 MHTSB may transfer your personal data to third parties both in Malaysia and overseas providing outsourcing data storage or data processing services for MHTSB.

10.3 Any customer who has provided your personal data prior to this PDPP may inform MHTSB using the contact details set out below to know what types of Personal Data have been processed and the purpose of the processing.

10.4 Save in accordance with this PDPP and except as permitted or required under any enactment, law, regulations, statute or code, MHTSB will not use or disclose the Personal Data without prior written consent.

10.5 You will be given the opportunity to ‘opt-out’ of having your Personal Data used for purposes not directly related to the services of MHTSB at the point where we ask for information. Please take note that should you decide to ‘opt-out’, we may not be able to provide you with certain services and your subscription.

11. DISCLOSURE PRINCIPLE

11.1 MHTSB will only disclose the Personal Data to comply with any government agency notification requirements and/or for the purpose for which the Personal Data is processed where you have consented to disclosure;

11.2 Despite the above, MHTSB may still disclose some of your Personal Data to the following third parties for legitimate purposes, such as:

A. our affiliates and associated companies (whether in Malaysia or other jurisdictions);

B. our assignee;

C. any person to whom we are under an obligation to make disclosure under law, rule, regulation, by-law, order, guideline, directive, Notice;

D.any court and/or officer of the court;

E. our banks;

F. any individual or entity that under a duty of maintaining confidentiality to whom has undertaken such duty to keep your Personal Data in confidential engaged by us;

G. professional advisers appointed or engaged by us including but not limited to lawyers, auditors, accountants and others;

H. data centres or servers situated outside Malaysia to process or store the Personal Data where you hereby expressly consent to us to transfer your Personal Data out of the country(ies) other than Malaysia which might not provide or offer the same or better level of data protection measures or standards;

I. insurance company(ies) to apply and obtain insurance policy(ies), if any.

SECURITY PRINCIPLE

12.1 MHTSB is responsible for taking prudent steps to safeguard the confidentiality and security of all Personal Data, including appropriate procedural, organisational and technical steps to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with MHTSB’s instructions and incorporating MHTSB’s own data protection standards as a minimum effort;

12.2 We will place or procure various reasonable security measures to safeguard all Personal Data that has been collected or processed by us within our reasonable and commercial capacity as the internet / online or cloud-based transmission is not a 100% secured medium of communication;

12.3 MHTSB ensures that all information collected and processed will be safely and securely stored. We protect your Personal Data by:

A. allowing access to Personal Data via passwords;

B. securely destroying your Personal Data when it is no longer needed for our record retention purposes pursuant to this PDPP.

12.4 MHTSB does not accept responsibility or liability for any unauthorised access, loss, unlawful interceptions, hacking activities, installation or download of prohibited or unwanted software including but not limited to spyware, malware or virus which caused the loss of the Personal Data transmitted to or from MHTSB after performance or procurement of such reasonable security procedures that are within the commercial capacity of MHTSB.

RETENTION PRINCIPLE

MHTSB in executing its responsibilities with respect to the confidentiality of Personal Data, MHTSB will employ a number of safeguards, appropriate to the sensitivity of the information, to protect Personal Data against loss or theft, as well as unauthorised access, disclosure, copying, use or modification. Such safeguards will include physical measures, organisational measures and technological measures, for example locked filing cabinets, restricted access to offices, security clearances and limiting access on a “need to know” basis and use of passwords and encryption. Procedures for implementing these measures will be communicated to all MHTSB’s employees and third parties to ensure compliance with this principle.

DATA INTEGRITY PRINCIPLE

14.1 MHTSB strives to maintain complete, current and accurate information about its customers. Any inaccurate information that is brought to MHTSB’s attention will be corrected as quickly as possible after notification. Procedures will be maintained to ensure that any reported inaccuracies are promptly and effectively handled, and that customers’ information remains as accurate, current and complete as possible;

14.2 You are obliged to provide your Personal Data to MHTSB. Failure to provide a complete and correct information to MHTSB may affect the offers and services to be provided in consequential.

14.3 We may take reasonable steps to ensure that the information or the Personal Data provided by you is accurate, complete and not misleading and that such Personal Data is kept up-to-date and meanwhile, you are also responsible to do the same.

ACCESS PRINCIPLE

15.1 Any person dealing with MHTSB can have access to his or her Personal Data that MHTSB has in its possession or control and may request that his or her Personal Data be amended for purposes of accuracy and completeness subject to such written request or notification be provided to MHTSB;

15.2 Under such circumstances, you may request to access or request for a copy of your Personal Data that held by us or to request to update or rectify the accuracy of your Personal Data which may subject to a minimal administrative fee to cover the costs involved in processing your request to access to your Personal Data;

15.3 You may request access to and correction of, your personal data by contacting us at the method provided in Clause 17. However, we may refuse your data access request in accordance with the PDPA.

SENSITIVE PERSONAL DATA

16.1 Save except stated herein, MHTSB does not collect and process any Sensitive Personal Data in its ordinary course of business.

16.2 MHTSB may process Sensitive Personal Data without your consent only in limited circumstances as permitted by law, if any.

CONTACT METHOD

We are committed to protect the Personal Data of all customers. If you have any questions in relation to this PDPP and/or wish to withdraw your consent, access or modify the Personal Data that we have collected or processed or complaints pertaining to this PDPP, please contact us with the following method and we will respond to such request promptly or within three (3) working days:

17.1 email to: [email protected] attention to MHTSB’s Personal Data Compliance Officer

PREVAILING LANGUAGE

In the event of any inconsistencies, errors, mistakes or discrepancies between the English version and other translated versions of this PDPP whether done by MHTSB or other unknown third party(ies), the English version shall prevail.