Hiap Huat Portal Solutions Sdn. Bhd. (“Company”) intends to fully comply with the requirements of the Malaysian Personal Data Protection Act 2010 (“PDPA”). In doing so, the Company will ensure compliance by its staff to the strictest standards of security and confidentiality in respect of all personal data submitted by users via www.auto360.my and its sub-domains (collectively, “Sites”) and the Company will not release such personal data to any person without the prior consent of the relevant user(s) of the Sites (whether registered or not) (“User(s)”) except to the authorised persons listed under Paragraph 3 below.
1. Purpose of Collection of Personal Data
In the course of using the Sites, Users may disclose or be asked to provide their personal data. In order to have the benefit of and enjoy various services offered by the Sites, it may be necessary for Users to provide the Company with their personal data. Although Users are not obliged to provide all information as requested in the Sites, the Company will not be able to render certain services on the Sites in the event that Users fail to do so.
The Company’s purposes for collection of personal data on the Sites include but are not limited to the following:
(a) for the daily operation of the services provided to Users;
(b) to provide Users with a platform and forum for posting photos, sharing and discussing their insights in respect of services or products related to automobile industry;
(c) to identify Users who have posted advertisements, materials, messages, photos, views or comments or such other information (collectively “Information”) on the Sites;
(d) to identify Users who have viewed the Information posted on the Sites;
(e) to process any payments related to your requested service;
(f) to provide Users with marketing and promotional materials for their enjoyment of benefits as members of the Sites (for further details, please refer to Paragraph 4 with the heading “Subscription of Newsletter/Promotional Materials/Marketing Materials” below);
(g) to identify Users who have enjoyed their benefits as members of the Sites by receiving and using marketing and promotional materials;
(h) to allow members of the Sites to enjoy their benefits as members by enrolling for special events hosted by the Company and/or its affiliates;
(i) to design and provide products and services to Users;
(j) for other purposes relating to the provision of services offered by the Company and marketing, invitations to special events and/or promotions of the Company, its affiliates and/or their respective clients;
(k) to compile aggregate statistics about the Users and to analyse the Sites and service usage for the Company’s internal use;
(l) for internal investigations, audit or security purposes; and
(m) to comply with legal and regulatory requirements.
If the Company requires the use of Users’ personal data for a purpose other than those set out above, the Company may request the Users’ consent to the same. If the User is a minor, the consent should be given by his/her parent or guardian.
2. Collection of Personal Data
The personal data of a User collected by the Company may include but is not limited to his/her name, log-in identity and password, national registration identity card number, passport number, address, email address, phone number, age, sex, date of birth, country of residence, nationality and other information that is/are not otherwise publicly available. Occasionally, the Company may also collect additional personal data from a User in connection with contests, surveys, or special offers.
The Company collects personal data by using the following methods, including:
(a) directly from Users when the Users submit their personal data to the Company vide registration as User at the Sites, subscribe to our publications and periodicals or respond to our marketing materials; and/or
(b) from third parties the Company deals with or connected to the User and from such other sources where the User has given consent for the disclosure of the personal data and/or from other methods that are lawfully permitted.
3. Disclosure or Transfer of Data
The Company will only disclose and/or transfer Users’ personal data to the Company’s personnel and staff for the purpose of providing services to Users. However, the Company may also disclose and/or transfer such data to third parties under the following circumstances:
(a) where the information and/or data is disclosed and/or transferred to any third party suppliers or external service providers who have been duly authorised by the Company to use such information and/or data and who will facilitate the services on the Sites, under a duty of confidentiality;
(b) where the information and/or data is disclosed and/or transferred to any agents, affiliates or associates of the Company who have been duly authorised by the Company to use such information and/or data;
(c) where the Company needs to protect and defend its rights;
(d) where the Company considers necessary to do so in order to comply with the applicable laws and regulations, including without limitation compliance with a judicial proceeding, court order, or legal process served on the Sites; and
(e) where the Company deems necessary in order to maintain and improve the services on the Sites.
4. Subscription of Newsletter/Promotional Materials/Marketing Materials
The Company and its affiliates may from time to time send newsletters, promotional materials and marketing materials to the Users based on the personal data that they have provided to the Company. The Company may use Users’ data in direct marketing and the Company requires the Users’ consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
(a) the name, contact details, age, sex, date of birth, country of residence, nationality of Users held by the Company from time to time may be used by the Company and/or its authorised personnel or staff in direct marketing;
(b) the following classes of services, products and subjects may be marketed:
(i) automotive or other means of transportation which may be deemed related products and services;
(ii) travelling related products and services;
(iii) special events hosted by the Company and/or its affiliates for Users, including but not limited to courses, workshops, and competitions;
(iv) reward, loyalty or privileges programmes and related products and services;
(v) special offers including coupons, discounts, group purchase offers and promotional campaigns;
(vi) products and services offered by the Company’s affiliates and advertisers (the names of such affiliates and advertisers can be found in the relevant advertisements and/or promotional or marketing materials for the relevant products and services, as the case may be); and
(vii) donations and contributions for charitable and/or non-profit making purposes;
(c) The above products, services and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
(i) the Company’s affiliates;
(ii) third party service providers providing the products, services and subjects listed in Paragraph (b) above; and
(iii) charitable or non-profit marking organisations.
Suitable measures are implemented to make available to such Users the options to “opt-out” of receiving such materials. In this regard, Users may choose to sign up or unsubscribe for such materials by logging into the user account maintenance webpage, or clicking on the automatic link appearing in each newsletter/message, or contact the PDPA Compliance Officer at 03-6274 2460 or email to firstname.lastname@example.org.
Any User is entitled to request access to or make amendments to his/her own personal data kept with the Company by contacting the PDPA Compliance Officer at the contact details provided in Paragraph 12 below.
In the event any User wishes to access or amend his/her personal data, the Company may request him/her to provide personal details in order to verify and confirm his/her identity.
Further, the Company reserve the rights to charge a nominal fee permitted by law for the processing of any data access request to defray the Company’s administration cost.
Notwithstanding the fact that the Users may withdraw their consent given to the Company earlier, the Company may keep the Users personal data and process the Users personal data in circumstances which are permitted by the law or as required under contractual obligations.
The Company will respond to a Users’ requests within 21 days from the date of request and a notice will be issued to the User in the event the Company fails to accede to the request.
6. Cookies and Log Files
The Company does not collect any personally identifiable information from any Users whilst they visit and browse the Sites, save and except where such information of the Users is expressly requested. When Users access the Sites, the Company records their visits only and do not collect their personal data. The Sites’ server software will also record the domain name server address and track the pages the Users visit and store such information in “cookies”, and gather and store information like internet protocol (“IP”) addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data in log files.
The Company does not link the information and data automatically collected in the above manner to any personally identifiable information. The Company generally uses such automatically collected information and data to estimate the audience size of the Sites, gauge the popularity of various parts of the Sites, track Users’ movements and number of entries in the Company’s promotional activities and special events, measure Users’ traffic patterns and administer the Sites. Such automatically collected data will not be disclosed save and except in accordance with Paragraph 3 with the heading “Disclosure or Transfer of Data”.
7. Links to Other Websites
The Sites may provide links to other websites which are not owned or controlled by the Company. Personal data from Users may be collected on these other websites when Users visit such websites and make use of the services provided therein. Where and when Users decide to click on any advertisement or hyperlink on the Sites which grants Users access to another website, the Users’ personal data may not be protected in these other websites.
The security of Users’ personal data is important to the Company. The Company will always try its best to ensure that Users’ personal data will be protected against unauthorised access. The Company has implemented appropriate electronic and managerial measures in order to safeguard, protect and secure Users’ personal data.
The Company uses third party payment gateway service providers to facilitate electronic transactions on the Sites. Regarding sensitive data provided by Users, such as credit card number for completing any electronic transactions, the web browser and third party payment gateway communicate such information using secure socket layer technology (SSL).
The Company follows generally accepted industry standards to protect the personal data submitted by Users to the Sites, both during transmission and once the Company receives it. However, no method of transmission over the Internet, or method of electronic storage, is entirely secure. Therefore, while the Company carries out reasonable measures to protect Users’ personal data against unauthorised access, the Company cannot guarantee its absolute security.
9. Retention of Personal Data
Once the Company has obtained a User’s personal data, it will be maintained securely in the Company’s system. Subject to the provisions in PDPA, the personal data of Users will be retained by the Company for a period of 7 years even after deactivation of the relevant service unless the User requests the Company in writing to erase his/her own personal data from the Company's database or to terminate his/her membership of the Sites.
12. Contact Us
HIAP HUAT PORTAL SOLUTIONS SDN BHD
No. 46, Jalan E1/2,
Taman Ehsan Industrial Park,
Selangor Darul Ehsan,
Tel: 03 - 6274 2460
Fax: 03 - 6272 2584
Attention: PDPA Compliance Officer