Personal Data Protection Notice

We comply with the Personal Data Protection Act 2010. This Personal Data Protection Notice ("Notice") informs you how we use your personal data based on the following guiding principles:

  • We use your personal data to provide you postal, courier and other transactional products and services which you request.
  • We aim to continuously improve our products and services for you and will use your personal data to help us achieve this.
  • We give you some control over the personal data we hold about you, including who is allowed to see it and how it is used.
  • We will not use your personal data to contact you for direct marketing purposes without your consent.
  • We will take reasonable care to safeguard your personal data through security policies and secure business processes

This Notice applies generally to all products and services provided by Pos Malaysia (consisting of Pos Malaysia Berhad and all its subsidiaries and related corporations including but not limited to PSH Express Sdn Bhd, Datapos (M) Sdn Bhd, Digicert Sdn Bhd, Pos Ar-Rahnu Sdn Bhd, Effivation Sdn Bhd, PSH Properties Sdn Bhd, PMB Properties Sdn Bhd, Real Riviera Sdn Bhd, Pos Malaysia & Services Holdings Berhad, PSH Capital Partners Sdn Bhd and PSH Venture Capital Sdn Bhd).

There may however be occasions where a different data protection notice will be applicable for a specific transaction, and we will notify you accordingly. Please read the terms of this Notice carefully before furnishing us with your personal data. By furnishing us with your personal data or by continuing to use our products or services, you are indicating to us that you agree and consent to the terms and conditions of this Notice.

In respect of personal data of any Third Party Individual (defined below), you warrant that you have obtained the relevant consent from the Third Party Individual to furnish his/her personal data to Pos Malaysia and for Pos Malaysia to process such personal data. You further warrant and undertake to furnish a copy of this

Notice to the Third Party Individual before providing Pos Malaysia with that Third Party Individual’s personal data.


How we collect your personal data

Directly from you.
We collect personal data that you provide to us when you use any of our products, services, and website(s) or when you deal with us. This includes information that you provide:

  • When you request for any services or purchase any products from us;
  • When you perform a transaction or contract with us;
  • When you fill in manual forms and submit them to us;
  • When you deal with us over the telephone, through email, through our website(s) or in person;
  • When you take part in our customer surveys, competitions and promotions;
  • When you use our services;
  • When you visit our premises; or
  • From correspondence you send to us including any enquiries or comments.

When you use our website.
We may collect some information automatically when you access our website(s) including:

  • Information about your use of our products and services, including your browser type, operating system, platform, IP address, cookies, language and region; and
  • Search queries you conducted on our website(s), pages and advertisements you viewed and links you clicked on while using our website(s).

From third parties.
We may ask third parties for personal data about you, for example, when we acquire third party marketing lists, or get authorisation for a payment you make using a credit or debit card, or to complete a credit or fraud check.

Corporate entities.
Where we transact or contract with a corporate entity, that corporate entity may provide us with your personal data in connection with a transaction or contract. That corporate entity is responsible for obtaining your consent for disclosure of your personal data to us.


What personal data we collect

In this Notice, personal data means data we hold about you from which your identity is apparent or can be reasonably determined. This includes:

  • Your identification information such as name, identification number, gender, ethnic origin, nationality, date of birth, age and marital status;
  • Your contact details such as address (residential, office or billing), telephone number(s), email address(es) and other contact details that you provide us from time to time;
  • Your employment details such as your employer’s name, your position in the company, job description, the company’s address(es), telephone number(s), your income range and professional credentials or qualifications;
  • Your payment details such as bank account number and credit or debit card details;
  • Transaction-related information, including sender’s and recipient’s identifying information and contact details as well as personal data of individuals given by corporate entities in connection with a transaction or contract;
  • Recording of telephone conversations;
  • Personal data of your spouse, dependents or other third parties (“Third Party Individual”); and
  • Additional information that you provide us when you transact or deal with us or when you visit us.


Why we collect your personal data

  • To provide you with products and services. Note that the personal data we require may vary between transactions;
  • To verify your identity and to minimize the risk of unauthorized access to your personal data when you deal with us;
  • To enhance and improve your experience with us generally. When you indicate your preferences by filling in our forms, through your use of our website(s) or when you contact or deal with us directly, we will use this personal data to personalize our products and services to better meet your needs;
  • To provide you with information or notifications about products and services that we or our agents, contractors, employees, associate companies, business partners or professional consultants of Pos Malaysia (“third party”) have selected and believe would be of interest to you (Please see the sections entitled “Who sees your data” and “Important information about opting- out”);
  • To prepare any statistics or analysis or internal reports for market research purposes;
  • To allow us to enforce our legal rights or to recover any debt owing by you to us;
  • To keep your personal data secure and minimize the risk of unauthorized access to your personal data by using some of your personal data to verify your identify when you use our website(s) and customer service helpdesk;
  • For security purposes when you visit our premises; and
  • To ensure compliance with applicable laws and regulations.


Who sees your personal data

Your personal data may be used by all the companies within Pos Malaysia and DRB HICOM Berhad’s related group of companies. Who sees your personal data depends on the context in which you provided it and the purpose for which it is being used (Please see the section entitled “Why we collect your personal data”).

Your personal data may be disclosed or transferred to a third party. This may include outsourcing any of our business operations or functions to any third party within or outside Malaysia. We may do this for the following reasons:

  • To provide you with our products and services or perform a contract with you. Some of our products and services are provided in conjunction or collaboration with certain third parties, and we will need to disclose your personal data to them to provide you with the products and services. We may also share your personal data with certain third parties who have been engaged to perform our business functions;
  • To provide you with information or notifications about our products and services that we or third parties have selected and believe would be of interest to you. If you have given your consent by choosing not to opt out when filling in our manual forms, using our website(s) or when you contact or deal with us directly, we may share some of your personal data with carefully selected third parties so that they can provide you with information about products and services that may be of interest to you;
  • We may share your personal data with third parties (including the police and other law enforcement agencies) when we believe it is necessary to comply with the law or protect our or another person’s rights, property or safety. This includes exchanging data with third parties to protect against fraud and to reduce payment risks or disclosure of personal data to the police and other law enforcement authorities in connection with the prevention and detection of crime;
  • We may share your personal data with regulatory bodies and agencies to ensure compliance with applicable laws and regulations; or
  • If we sell or buy any business or assets, we may disclose your personal data to the potential seller or buyer of such business or assets.

We will only deal with third parties whom we trust will act in your best interest and will treat your personal data with similar security controls that we apply ourselves.


Where we store and process your personal data

We generally store and process your personal data within Malaysia. However, the personal data that we collect about you may be processed in, transferred to, or stored at a destination outside of Malaysia. By filling in our manual forms, using our website(s) or when you contact or deal with us directly, you agree to this processing, transfer or storage outside Malaysia. We will take reasonable steps to ensure that your personal data is treated securely and in accordance with this Notice even when your personal data is processed in, transferred to, or stored at a destination outside Malaysia.


How long we keep your personal data

This depends on the context in which you provided your personal data and the purposes for which we use it. Your personal data will be retained for as long as it is reasonably necessary for such purpose (Please see the section entitled “Why we collect your personal data”), or for such period as may be necessary to protect our legal interest.

We will keep your personal data:

  • For as long as it is reasonably necessary for us to provide you with our products and services you have purchased or requested, or for the performance of a contract with you;
  • For marketing purposes to provide you with information about products and services that we or our third party business partners have selected and believe would be of interest to you until you choose to opt-out from allowing us to process your personal data for marketing purposes (Please see the sections entitled “Your rights to access and correct personal data” and “Important information about opting-out”);
  • We may keep records of any transactions you enter with us for up to 7 years so that we can respond to any complaints or disputes which may arise. Where the records are the subject of legal investigations or proceedings, we will keep the personal data for longer periods; and
  • We will keep your personal data for as long as it is required to comply with the law.


Your rights to access and correct personal data

In relation to our manual forms, you may access, correct or update your personal data by filling in the Personal Data Access Request Form or Personal Data Correction Form. These forms are available at www.pos.com.my or if you contact our Corporate Compliance Department (please see the section entitled “Enquiries”) and we will endeavour to comply with your instructions within 21 days of receiving your completed form and the prescribed processing fee.

In relation to personal data provided to us through our website(s), you can access the information at the [‘Edit Your Profile’] page (if any) or contacting our Corporate Compliance Department. You can also use this profile page to change or delete this information including the consent you have given us (Please see the section below entitled “Important information about opting-out”) and we encourage you to do so in order to ensure that the personal data we hold about you is up-to-date. Your personal data can be deleted from the website(s)'s database by accessing the option for 'My profile' once you have logged on to the website(s). Here you can select to delete your account and cancel your registration with us. This however will not delete your personal data that: (i) was not collected through our website(s); (ii) which we need to continue to hold for the purposes specified above under the section entitled “How long do we keep your personal data”; or (iii) is on third party database not under our control.

In relation to personal data provided to us to use through our website(s), you can fill in the relevant forms which are available online on our website(s) to request for access or to correct your personal data.

You can request details of all the personal data that we hold about you, by contacting our Corporate Compliance Department. Our Corporate Compliance Department will send you the Personal Data Access Request Form and/or Personal Data Correction Form which you should complete and return to them.

The charges for personal data access services are as follows:

  • Personal Data Access Request for your personal data with a copy - RM 10
  • Personal Data Access Request for your personal data without a copy - RM 2
  • Personal Data Access Request for your sensitive personal data with a copy - RM 30
  • Personal Data Access Request for your sensitive personal data without a copy - RM 5

These charges may be revised from time to time.

The contact details of the Corporate Compliance Department are set out in the section entitled “Enquiries” below. Your right to access your personal data is not absolute, and may be limited by the Personal Data Protection Act 2010.


Important information about opting-out

The personal data that we ask you to provide may either be mandatory or optional, and may differ depending on the particular product or service. Mandatory personal data is information required for the processing of the transaction, or provision of products and services, or performance of a contract. Optional personal data is information you voluntarily provide to us, which we may process during the transaction or to provide you with other products and services. Fields requiring mandatory personal data will be indicated in our manual forms and registration forms on our website(s).

If you choose not to furnish any mandatory personal data requested or wish to withdraw your consent or significantly limit the processing of your personal data, you agree that (notwithstanding any agreement between you and us) we shall be entitled to cease the provision of any products or services to you without incurring any liability whatsoever for any losses which you may suffer as a result of such cessation.

By not ticking a clearly displayed "opt-out" box, we will assume we have your implied consent to process your personal data pursuant to the terms of this Notice and to receive information about products and services that we or our third party business partners have selected and believe would be of interest to you until you choose to opt-out from allowing us to process your personal data entirely or to limit the processing of your personal data for marketing purposes.

You may choose to limit the processing of personal data or withdraw your consent to process your personal data by any one of the following means:

  • Sending us a written notification to the contact details provided in the section entitled “Enquiries”;
  • Ticking the “opt-out” box in our manual forms for our products and/or services;
  • Filling in our “Opt-out” card; or
  • Editing your profile on our website(s) (if any).

We will endeavour to comply with your request within 21 days / as soon as we are reasonably able to do so.

In relation to our website(s), you may withdraw or add your consent at any time through the “Edit your profile” page (if any) or by contacting our Corporate Compliance Department. When you choose to withdraw your consent by choosing to opt-out in our website(s), this would apply only to your personal data stored in our website(s)'s database. It would not apply to personal data which you have provided to a business in Pos Malaysia through another channel other than our website(s) or if your personal data has been passed to third parties with your consent.

In relation to links to other sites found on our website(s), please note that personal data provided to these third parties are not under our control and responsibility and you may need to contact them directly if you wish to withdraw your consent for their continued use of your personal data.

Please note that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 21 days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you opt-out from receiving marketing or promotional materials, we may still contact you for other purposes in relation to the products and services you transacted with us.


Websites

In relation to our website(s), some of the information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person’s web browser in their computer that can be retrieved through the website. Such information, for example, may be a user’s password that is stored to avoid having to retype it during subsequent visits to a site. Should you wish to disable these cookies, you may do so by changing the setting on your browser.

Note that personal data transmitted electronically will not be 100% secure. We will not be liable for any breach of security unless we have been negligent.

Our website(s) may also contain links to other sites controlled by a third party. Please note that we are not responsible for the privacy practices of such other sites. We are not responsible for how these other companies or organizations collect, use, disclose, or secure the information that you provide them. This Notice applies solely to information collected by website(s) maintained by Pos Malaysia. If you choose to access a third party site linked to our website(s), you do so at your own risk and subject to any terms of service or privacy policy (if any) associated with such third party websites.

Where Pos Malaysia is processing your personal data on behalf of another person or entity, the processing of your information would depend on the privacy practices of that person or entity. This would not be under our control or responsibility. You should contact them directly on the processing of your personal data.


Revisions to the Notice

Our Notice may be revised from time to time and if there is any revision, it will be posted on our website(s) and/or other means of communication deemed suitable by us.


Enquiries

If you have any enquiries or complaints concerning this Notice, please contact our Corporate Compliance Department at:

Pos Malaysia Berhad
Corporate Compliance Department
Tingkat 8, Ibu Pejabat Pos
Kompleks Dayabumi
50670 Kuala Lumpur

Attn: Personal Data Protection Compliance Officer
Tel: 03 – 2267 2040
Email address: pdpapos@pos.com.my

This Notice is made available in the national and English languages. In the event of any discrepancies, the English language version of the Notice shall prevail.


This Personal Data Protection Notice was last updated on: 7 January 2015