Privacy Policy

1. Introduction

This is the privacy policy (“Privacy Policy”) of Omesti Berhad (which includes all its subsidiaries, related and/or associated companies) (“Company”, “we”, “us”, or “our”).

To process, administer and/or manage your relationship with us, we will necessarily need to collect, use, disclose and/or process your personal data. This Privacy Policy applies to personal data about you (our customers, directors, shareholders, vendors, distributors, suppliers, contractors, service providers, business partners, etc) and/or individuals provided by you, possessed by us or that we obtain about you, whether now or in the future.

We will only process your personal data in accordance with the Personal Data Protection Act 2010 and applicable regulations, guidelines, and orders (collectively, the “PDPA”) as well as this Privacy Policy.

If you are a corporate entity/an organisation, references to “you” and “your” shall also include your employees, representatives and agents.

The PDPA requires us to inform you of your rights and the purposes of processing, and to obtain your consent. We are committed to protecting and safeguarding your personal data.

By providing your personal data to us and/or continuing access to our website (“Site”), you declare that you have read and understood this Privacy Policy and agree to our processing as set out herein.

We reserve the right to modify, update and/or amend this Privacy Policy from time to time with reasonable prior notice. We will notify you of any amendments via the Site or other appropriate means. Any amendments are effective upon notice to you.

By continuing to communicate with us, use our services, purchase our products and/or access the Site after being notified of any amendments, you are deemed to have agreed to and accepted those amendments.

It is necessary for us to collect and process your personal data. If you do not provide such data, or do not consent to this Privacy Policy or amendments, we may not be able to render all services to you and you may be required to terminate your relevant agreement with us and/or stop accessing or using the Site.

2. Collection of Personal Data

“Personal data” means any information in our possession or control that relates directly or indirectly to an individual to the extent that the individual can be identified or is identifiable from that and other information in our possession (e.g., name, address, telephone number, NRIC No, date of birth, email address, etc.). The types of personal data collected depend on the purpose of collection.

We may “process” your personal data by collecting, recording, holding, storing, using and/or disclosing it.

Your personal data may be collected from you during your dealings with us in any way or manner including pursuant to transactions and/or communications made from/with us. We may also collect personal data from meetings, events, seminars, conferences, talks, road shows, customer satisfaction surveys organised and/or sponsored by us, as well as from publicly available sources.

In addition, we may receive, store and process your personal data provided or made available by third parties, credit reference bodies, regulatory and law enforcement authorities, for reasons including delivery of our products and/or services, performance of agreements and/or compliance with legal and regulatory obligations.

3. Purpose of Acquiring and Processing Your Personal Data

The personal data provided by you or collected by us from you or other sources may be processed for the following purposes (collectively, the “Purposes”):

• to assess, process and provide products, services and/or facilities to you, including membership/loyalty programmes (if any);
• to facilitate, process, administer, manage and/or maintain your relationship with us;
• to consider and/or process your application/transaction with us;
• to respond to your enquiries or complaints or resolve any issues and disputes;
• to administer and process any payments related to products, services and/or facilities requested by you;
• to facilitate your participation in, and our administration of, events including meetings, seminars, conferences, talks, road shows, contests, promotions or campaigns;
• to conduct credit reference checks and establish your credit worthiness, where necessary;
• to carry out due diligence or other monitoring or screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures;
• to administer and give effect to your commercial transactions with us;
• to process any payments related to your commercial transactions with us;
• to provide you with information and/or updates on our products, services, upcoming promotions and/or events organised by us and selected third parties via appropriate communication channels;
• to send you seasonal greetings, gifts, newsletters from time to time;
• to send you invitations to membership programmes, events, promotions and product launches as well as conferences, talks and seminars;
• to monitor, review and improve our events and promotions, products and/or services;
• to process and analyse your personal data either individually or collectively;
• to conduct market research or surveys, internal marketing analysis, customer profiling, planning and statistical and trend analysis;
• to share personal data with auditors for internal audit and reporting purposes;
• to share personal data pursuant to any agreement or document which you have entered with us for purposes of seeking legal and/or financial advice and/or commencing legal action;
• to share personal data with a third party necessary for the preparation of legal documents or contracts to be entered by you;
• to share personal data with our business partners to jointly develop products and/or services or launch marketing campaigns;
• to share personal data with insurance companies, where necessary;
• to share personal data with financial institutions, where necessary;
• to communicate with you and to maintain and improve customer relationship;
• to maintain and update internal record keeping, files and contact lists;
• to detect, investigate and prevent any fraudulent, prohibited or illegal activity or misconduct;
• to enable us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
• to transfer or assign our rights, interests and obligations under any agreements entered into with us;
• to meet any applicable legal or regulatory requirements and to make disclosures under applicable law or requests from authorities;
• to enforce or defend rights and to comply with obligations under applicable laws and regulations;
• for direct marketing purposes via appropriate channels;
• for internal administrative, audit, risk management and security purposes;
• for registration for a user account with us;
• for storage and hosting back-up (including disaster recovery) of your personal data, whether within or outside Malaysia; and/or
• for other purposes required to operate, maintain and better manage our business and your relationship with us.

You agree and consent to us using and processing your personal data for the Purposes as identified in this Privacy Policy. If you do not consent to one or more of the Purposes, please notify us at the contact details below. We will seek your separate consent for any other purposes not stated above. We may also collect personal data from sources other than yourself for one or more of the above Purposes.

4. Consequences of Not Consenting to This Privacy Policy

The collection of your personal data by us may be mandatory or voluntary depending on the Purposes. Where it is mandatory and you fail or choose not to provide such data, or do not consent to this Privacy Policy, we will not be able to provide our products and/or services or otherwise deal with you, if at all.

5. Disclosure of Your Personal Data

We will not sell, rent, transfer or disclose any of your personal data to any third party without your consent. However, we may disclose your personal data to the following third parties, for one or more of the Purposes:

• the Company’s group of companies including subsidiaries, related and/or associated companies;
• your immediate family members and/or emergency contact person;
• successors in title to us;
• persons under a duty of confidentiality engaged to discharge obligations to you;
• any party in relation to legal proceedings or prospective legal proceedings;
• our auditors, consultants, lawyers, accountants or other advisers on a strictly confidential basis;
• any party nominated or appointed by us for establishing and maintaining a common database where we have a legitimate common interest;
• data centres and/or servers located within or outside Malaysia; storage facility and records management providers;
• payment channels including banks and financial institutions;
• government agencies, law enforcement agencies, courts, tribunals, regulatory/professional bodies, ministries, and/or statutory agencies or bodies in any jurisdiction, if required or authorised to do so;
• our business partners, third party product and/or service providers, suppliers, vendors, distributors, contractors or agents on a need-to-know basis;
• our customers on a need-to-know basis;
• insurance companies and financial institutions for purposes of obtaining insurance or credit facilities, if necessary;
• financial institutions, merchants and credit card organisations in connection with your commercial transactions;
• the general public when you become a winner in a contest or participate in our events by publishing your name, photographs and other personal data without compensation for advertising and publicity purposes;
• any third party (and its advisers/representatives) in connection with any proposed or actual reorganization, merger, sale, consolidation, acquisition, joint venture, assignment, transfer, funding exercise or asset sale relating to any portion of the Company; and/or
• any other person reasonably requiring the same in order for us to operate and maintain our business or carry out the activities set out in the Purposes or as instructed by you.

6. Accuracy of Your Personal Data

We take it that all personal data provided by you is accurate and complete, and that none of it is misleading or out of date. You will promptly update us in the event of any change to your personal data.

7. Your Rights

To the extent permitted by law, you have the right to request access to, a copy of, or the update/correction of your personal data held by us. We may charge a small fee (as permitted by the PDPA) to cover administration costs. We may rely on statutory exemptions and/or exceptions to collect, use and disclose your personal data and/or refuse your request for access or correction.

You have the right at any time to request us to limit the processing and use of your personal data (e.g., to stop sending you marketing and promotional materials or contacting you for marketing purposes).

You also have the right, by notice in writing, to inform us of your withdrawal (in full or in part) of consent, subject to legal restrictions, contractual conditions and a reasonable duration of time for the withdrawal to be effected. Depending on the extent of withdrawal, we may not be able to continue with our existing relationship or the contract may have to be terminated.

8. Retention of Your Personal Data

Personal data provided to us is retained for as long as the purposes for which it was collected continue; thereafter it is destroyed or anonymised in accordance with our retention policy unless longer retention is required to meet operational, legal, regulatory, tax or accounting requirements.

9. Security of Your Personal Data

We are committed to ensuring that your personal data is stored securely. Where practicable, we implement appropriate technical, physical, electronic and procedural security measures in accordance with applicable laws, regulations and industry standards to protect your personal data from loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction. We will make reasonable updates to our security measures from time to time and ensure authorised third parties only use your personal data for the Purposes set out in this Privacy Policy.

Please be aware that communications over the Internet, such as emails/webmails are not secure unless encrypted. Communications may be routed through a number of countries before delivery. We cannot and do not accept responsibility for any unauthorised access or interception or loss of personal data that is beyond our reasonable control.

10. Personal Data from Minors and Other Individuals

Where you provide personal data about family members, spouse, dependents, directors, shareholders, employees, representatives, agents and/or other individuals, you confirm that you have explained that their personal data will be provided to and processed by us and that you have obtained their consent in accordance with this Privacy Policy.

In respect of minors (individuals under 18 years of age) or individuals not legally competent to give consent, you confirm that you are the parent or guardian or person who has parental responsibility over them or the person appointed by court to manage their affairs or that they have appointed you to act for them, to consent on their behalf to the processing of their personal data in accordance with this Privacy Policy.

11. Transfer of Your Personal Data Outside of Malaysia

Our IT storage facilities and servers may be located in other jurisdictions outside Malaysia. Your personal data may be stored on servers outside Malaysia and/or disclosed or transferred to entities located outside Malaysia or where you access the Site from countries outside Malaysia. These foreign entities may be established in countries that might not offer a level of data protection equivalent to Malaysia. You expressly consent to us transferring your personal data outside of Malaysia for such purposes. We will take reasonable steps to ensure such third parties adequately protect the confidentiality and privacy of your personal data and use it only for the Purposes.

12. Website

External Links

• If any part of the Site links you to other websites, those websites do not operate under this Privacy Policy and we do not accept responsibility or liability arising from those websites.
• If you subscribe to an application, content or a product from our strategic partner and you subsequently provide your personal data directly to that third party, that personal data will be subject to that third party’s privacy/personal data protection policy and not to this Privacy Policy.
• We recommend that you read and understand the privacy/personal data protection statements/policies posted on those websites before submitting your personal data to them.

Cookies

• We employ an industry-standard technology called “cookies”. Cookies may be used to save your preferences and track your visits to the Site. Third-party advertising networks may issue their separate cookies when serving advertisements.
• The type of anonymous click stream data collected through cookies may include your IP address, browser software, date and time of visit, and whether your requests were met successfully. Such information is not personal data and you cannot be identified from it. It is used only to manage and create a better user experience, analyse traffic, and identify areas for improvement on the Site.
• Most browsers are initially set up to accept cookies. If you prefer, you can reset your browser to notify you when you receive a cookie, or to refuse cookies. Certain features on the Site may not function properly if you do not accept cookies.

13. Contact Details

If you have any questions about this Privacy Policy, further queries, or would like to make a complaint or data access/correction request in respect of your personal data, contact:

Personal Data Protection Officer
Address: Ho Hup Tower - Aurora Place, 02-07-01 - Level 7,
Plaza Bukit Jalil 1, Persiaran Jalil 1,
Bandar Bukit Jalil, 57000 Kuala Lumpur,
Tel: +603 9779 1700
Fax: +603 9779 1701/2
Email Address: pdpa@omesti.com

In accordance with Section 7(3) of the PDPA, this Privacy Policy is provided in both English and Bahasa Malaysia. In the event of any inconsistencies or discrepancies between the English version and the Bahasa Malaysia version, the English version shall prevail.

Click here for Bahasa Malaysia

[OM-PP-WEBOM-V1-120315]