Privacy Policy

Home / Privacy Policy
Foreword

Recron (Malaysia) Sdn. Bhd, (Recron) is committed to safeguard & protect data of individuals and ensures that they continue to trust Recron with their personal data or information. We believe that when our customers, employees, and other key stakeholders entrust us with their personal information, we owe it to them to safeguard it and to use it wisely and in a judicious manner. Ensuring and safeguarding data privacy is the right thing to do.

  • Recron has adopted a personal data protection policy that identifies the organization's objectives for data protection. This policy articulates the definition of personal information and underlines the importance of the data elements that fall under the definition.
  • The data shall be collected by fair and lawful means, with the knowledge of the provider of information.
  • Implicit or explicit consent has been and will continue to be obtained from the provider of information with respect to the collection, use, and disclosure of personal information received.
  • We will provide notice about our policies and procedures which identifies the purposes for which personal information is collected, used, retained, and disclosed.
  • An inventory of elements has been created that are important from the data protection perspective, and which are subject to the requirement of this policy.
  • We ensure that the provider of information is giving access to his/her information gathered and stored in our systems and is also enabled to modify the data provided by him/her.
  • Recron limits the use of personal information to the purposes for which the individual has provided consent. We will retain personal information for only as long as necessary to fulfil the stated purposes or as required by law and thereafter appropriately dispose of such information.
  • Recron may potentially disclose personal information to third parties only for the purposes for which the individual has provided consent.
  • We shall maintain a comprehensive framework that is organized to achieve the end goals of data security and privacy. It includes security practices, standards, and policies with the objective of protecting personal information from unauthorized access and improper use and ensures periodic review of the same.
  • We will provide ongoing data protection training to the target audience and ensure that adequate level of understanding exists about requirements, applicable principles and their implications.

For further details, please refer to the detailed Recron Personal Data Protection Policy provided hereinafter.


Scope and purpose of this Policy:

At Recron (Malaysia) Sdn. Bhd (“Recron”), we respect the privacy of individual and are committed to take reasonable precautions to protect information consisting of Personal information and `Sensitive Personal Data or Information' (SPDI) (“Information”) of individuals and comply with all legal, regulatory and contractual obligations related to data protection & privacy. Recron has adopted the “Privacy by Default” principles in its approach to data protection & privacy i.e. protection & privacy of data and information is upheld first by default.

Recron (Malaysia) Sdn Bhd (“the Company” or “we” or “us”) is committed to comply with the following Principles as prescribed under the Personal Data Protection Act 2010:-

  • the General Principle;
  • the Notice and Choice Principle;
  • the Disclosure Principle;
  • the Security Principle;
  • the Retention Principle;
  • the Data Integrity Principle; and
  • the Access Principle

General Principle
  • We shall not process personal data (“PD”) unless the Data Subject (individual who is the owner of the personal data) has given consent to the processing.
  • However, we shall process PD about a Data Subject if the processing is necessary for :-
    • the performance of a contract;
    • taking of steps with a view to entering into a contract;
    • compliance with any legal obligation;
    • protecting the vital interests of the Data Subject;
    • administration of justice; or
    • the exercise of any functions.
  • Nature of Personal Data We Process:

    The personal data that we collect in relation to you may include but shall not be limited to the following: your name, copies and other details of your identity documents and proof of identification (for instance, NRIC number, passport number, driver’s license etc.), proof of address and other contact details (for instance, telephone/facsimile number, email address etc.), information concerning age, race, nationality, date of birth, occupation and position, types of service requested and personal interest (collectively “your personal data”). The above description of personal data is merely a general description of the various types of personal data that we collect.

    In other situations, there may be a need to collect more personal data depending upon the nature of transaction, business and so forth. We do not believe in collecting excessive personal data and what we collect are the essentials that are required to ensure the efficacy of business and transactions. You may choose whether or not to provide your personal data to us, including sensitive personal data. Sensitive personal data may include such things as information on physical or mental health or medical condition, political opinions, religious or other similar beliefs, commission or alleged commission of any offence.

  • Between us and suppliers, customers, employees and other individuals, the purpose of collecting, processing and storing the PD is to facilitate the identification, authorization, credential and approval of the commercial transaction and services to be undertaken, contemplated or being undertaken between us and the Data Subject or the company that the Data Subject is representing.

  • We shall ensure the PD collected is not excessive for the intended purpose.

  • We shall not use the PD for any other purpose except as stated above


Notice and Choice Principle

  • We shall inform the Data Subject in writing that PD is being processed, the purposes for the collection and whether the PD will be disclosed to third party.

  • For Data Subjects that have provided us with PD earlier, we shall deem that the Data Subjects have consented to us processing the PD in accordance with this policy.

  • We do not and will not own any of the PD obtained and by forwarding the PD to us, Data Subject does not confer any ownership rights of the PD to us.

  • The Data Subject may choose not to consent or withdraw the prior consent given at any time by notice in writing to us addressed to the Data Protection Officer, Ms Lim Ai Nee , HR- Melaka, Ms Yong Kong Ling, HR-Nilai and Ms Sanjeeviya, HR- Kuala Lumpur under Compliance Officer- Head-HR Recron

  • Any refusal or withdrawal of consent may jeopardize the business and services to be undertaken, contemplated or being undertaken between us and the Data Subject or the company or entity that the Data Subject is representing.

  • We shall by written notice inform you whether it is obligatory or voluntary for you to supply the personal data.


Disclosure Principle

  • We may disclose the PD to our companies within our group of companies, including those to be incorporated in the future and during all company activities and functions. We treat the confidentiality of your personal data very seriously, which is of utmost importance to us. Personal Data provided shall be kept confidential. However, in certain circumstances, it would be necessary for us to provide or disclose your personal data for the purposes as stated above to the following categories of persons (whether within or outside Malaysia) and where we do so, we would merely disclose data that is necessary for the purpose of such disclosure: within Group of Companies including all related companies, subsidiaries, holding companies and associated companies; anybody or person to whom the Company is compelled or required to do so under any laws or in response to any competent or government, state, provincial, local government, statutory or municipal authority, industry regulators, agency or body; law enforcement authorities; such sub-contractors or third party service or product providers (an example would be auditors, lawyers, company secretaries, service providers, events and training organisers, telecommunications companies, cloud computing or data backup service providers and other advisers).

  • We may disclose the PD to third party if required to do so provided that the third party receiving the PD secures the PD with an appropriate level of security.


Security Principle

  • We shall take practical steps to protect the PD from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

  • The personal data you provide will be collected, held on computer and/or in manual files, used, disclosed and otherwise processed by the Company and/or the Group for the following purposes: our internal record keeping, maintenance and updating of any information database(s); to communicate with you; meeting or complying with any legal, regulatory or statutory requirements and to make disclosure under the requirements of any applicable law, legislation, rule, ruling, regulation, direction, court order, by-law, guideline, circular, code (collectively “laws”) applicable to us or any member companies of the Group; research, benchmarking and statistical analysis; and/or other reasons that are required or permitted under the Personal Data Protection Act 2010 or other applicable laws. Other than the above, we do not collect personal data for any other reasons


Retention Principle

  • We shall not keep the PD longer than is necessary for the fulfilment of our obligations and business needs, at least 7 years.

  • We shall destroy or permanently delete all PD if no longer required.


Data Integrity Principle

  • We are required to take reasonable steps to ensure that the PD is accurate, complete, not misleading and kept up-to-date.

  • As such, it is important for Data Subject to provide voluntary, accurate, complete, not misleading and up to date PD to us.


Access Principle , Data Protection Officer and Compliance Officer:

  • Data Subject may access and correct any PD at any time by requesting in writing to the Data Protection Officer as under:

    Name Designation Contact Number Email ID
    Ms Sanjeeviya HR Business Partner - Kuala Lumpur +60 320316000 hr.kl@recron.com
    Ms Yong Kong Ling HR Business Partner - Nilai +60 67992855
    Ms Lim Ai Nee HR Business Partner - Melaka +60 63511190 hr.ml@recron.com

  • We shall comply with the Data Subject’s request unless it is expressly prohibited by law.


Language

  • In the event of any inconsistency between the English version and Bahasa Malaysia version of this Policy, the English version shall prevail over the Bahasa Malaysia version.