1. Introduction

Personal Data Protection Notice of TA Group (“TA PDPN”) is applicable to TA Enterprise Berhad and its subsidiaries (“TA Group, we, us or our”) and in line with the Personal Data Protection Policy of TA Group (“TA PDPP”). We are committed to keep confidential of your personal data in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”) and any modifications thereof.

Personal Data Protection Notice of TA Group (“TA PDPN”) is applicable to TA Enterprise Berhad and its subsidiaries (“TA Group, we, us or our”) and in line with the Personal Data Protection Policy of TA Group (“TA PDPP”). We are committed to keep confidential of your personal data in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”) and any modifications thereof.

In providing our services or products or for the specified purpose in our commercial transaction, we collect personal data of individuals as mentioned in section 3 below.

We reserve the right to update or revise TA PDPN at any time and make available the current TA PDPN on our websites. Please check our websites from time to time if there is any update on TA PDPN. In the event of any inconsistency between the English version and the Bahasa Malaysia version of this notice, the English version shall prevail over the Bahasa Malaysia version.

2. Objectives

TA PDPN is to comply with the requirements of PDPA and including but not limited to:

  1. Communicate TA PDPN to our customers and relevant individuals.
  2. Types of Personal Data we collect, how we collect and use.
  3. Rights of Data Subject.
  4. Data Security.
  5. Availability of our business contact of the Data Protection Officer and contact details to our customer and the public.
  6. Receive and Respond to Complaints.

3. Personal Data

Personal data is any information of the data subject or third party related to the data subject collected in respect of commercial transactions. This information is collected from various sources, including but not limited to the information provided directly by data subject to us, information from third parties/authorised representatives, interaction/communication with our Help Desk/Customer Service Officers/Sales Officers/Online reservation chat/Social media platforms/Emails/Contact Us forms on our websites, download and use of our mobile device applications, use of/access to our website, register details on our websites, visit to our office premises, response to our market survey and information in the public domain.

Types of personal data/information which may be collected includes, but not limited to:

  1. Name and appropriate identification of the data subject such as MyKad/Passport/Driver’s licence number.
  2. Contact details which include physical address, postal address, email address, username, password, telephone numbers, emergency contact details and beneficiaries.
  3. Name, age, gender and contact details of spouse, dependent and next of kin.
  4. Information relating to commercial transaction such as purchases history, health/safety-related information, membership, travel and competition entries.
  5. Employment details such as resume, job position, location of office, employment contract/duration, performance/disciplinary record, income level, details of referee and education/qualification.
  6. Relevant information of directors and personnel within TA Group.
  7. Relevant information of shareholders and investors of companies within TA Group.
  8. Medical information such as medical history, health insurance and medication.
  9. Background and criminal information, includes any past breaches of or convictions under any law.
  10. Financial information such as bank account and credit/debit card details.
  11. Biometric information such as fingerprints and facial recognition data.
  12. Information obtained via communication methods such as email, text messages and other communication platform.
  13. Images information including photographs in audio or video format, CCTV and security recording.
  14. Online activity and information from device such as identifiers, account login information, bot website/app usage, mobile/web network activity, IP address, cookies, tracking data and social media information.
  15. Information on individual preferences, characteristics, behaviours, intelligence and skills.

4. Minors and Sensitive Personal Data

Personal data of children under the age of eighteen (18) years old shall only be collected with the consent of their parents or guardians. We do not knowingly collect personal data from minors and shall delete the relevant information if we ascertain that such information was collected without the consent of the parent or guardian.

Sensitive personal data shall not be shared or disclosed to any third party unless the data subject has given an express written consent.

5. Consent Not Required

We may process the personal data of the data subject without consent in the following circumstances:

  1. In response to an emergency that could threaten life, safety or health of an individual or another individual.
  2. Consent cannot be obtained timely and is necessary for any purpose which is clearly in data subject’s interest.
  3. Necessary for investigation or proceeding.
  4. Personal data which is publicly available.
  5. Any other circumstances as allowed in PDPA.

6. Purposes and Disclosure

We may use the personal data provided for the following purposes:

  1. To discharge our duties and obligations under relevant law, regulation, directive or guideline by any regulatory authority or regulatory body.
  2. To process requested products and services by data subject.
  3. To establish and verify the identity and background of data subject.
  4. To conduct credit reference checks and establish creditworthiness.
  5. To enable us to discharge its contractual obligations.
  6. To process payments related to commercial transaction.
  7. To meet health and safety requirements in ensuring our premises is safe and secure.
  8. To communicate and administer events, activities, road shows, promotions and campaigns relating to our products and services.
  9. To monitor and improve our events, products and services.
  10. To send seasonal greetings and invitations.
  11. To enable the resolution of enquiries or complaints.
  12. To create directories or databases.
  13. For corporate exercise such as annual general meeting and dividend payment.
  14. To conduct due diligence in accordance with our internal policies.
  15. To assist in internal investigations, audit and security purposes.
  16. To detect/prevent/investigate fraudulent or illegal activities.
  17. To conduct research and internal analysis on customer patterns and choices/preferences for developing and improving our events, programs, products and services.
  18. To process application for employment and human resource administration such as payroll processing, performance evaluation, training and development, health and safety of the employees.
  19. To administer our customer loyalty reward program.
  20. For any other purpose that is incidental or ancillary or in furtherance of the above purposes.

In addition to the above purposes and subject to relevant laws, the data subject consents and authorises us to disclose the information to:

  1. Our parent company, subsidiaries, related and associated companies.
  2. Our licensees, co-organisers of events, business partners and service providers engaged by us to perform the required purposes.
  3. Any other authorised person to act on behalf as notified by the data subject.
  4. Bursa Malaysia, the Securities Commission Malaysia, Bank Negara Malaysia, the Royal Malaysian Police, the Malaysian Anti-Corruption Commission, the Companies Commission of Malaysia, the Registrar of Societies and other supervisory, governmental or relevant authorities.
  5. Any other stock or derivatives exchange, clearing house, securities depository authorised by the relevant laws.
  6. Financial institutions, credit card organisations, electronic-wallet operators/payment service providers and merchants in relation to the commercial transaction.
  7. The public at large by publishing the same in accordance with the relevant rules or when the data subject is the winner in our contest.
  8. Auditors, professional firms or entities.
  9. Relevant parties when disclosure is necessary to prevent/detect/investigate a crime.
  10. Any other person we acted in the reasonable belief it is lawfully to disclose.

Notwithstanding that any such persons maybe outside Malaysia, for any of the above purposes or any other purpose for which the personal data was to be disclosed at the time of its collection or any other purpose directly related to any of the above purposes or where such disclosure is required or authorised by law or by the order of a court.

7. Transfer of Personal Data Outside Malaysia

We may be required to transfer personal data outside Malaysia to fulfil the purposes/disclosures in section 6 above and shall take necessary steps for any third parties to be contractually bound in protecting those personal data which may only be processed under our instruction.

8. Rights of Data Subject

Rights to Access and Correct

Data Subject may access or request for correction of their personal data by emailing to the appropriate email address below:

No. Company Name / Department Email Address
1 Indo Aman Bina Sdn Bhd dpo.iab@ta.com.my
2 Orchard Park Sdn Bhd dpo.op@ta.com.my
3 Factor Synergy Sdn Bhd dpo.fs@ta.com.my
4 TA First Credit Sdn Bhd dpo.tafc@ta.com.my
5 TA Securities Holdings Bhd kl@ta.com.my
6 TA Investment Management Bhd investor.taim@ta.com.my
7 TA Futures Sdn Bhd wysam@ta.com.my
8 Human Resource Department dpo.hr@ta.com.my
9 Other Companies / Departments DPO@ta.com.my

In accordance with the PDPA:

  1. We may charge a fee for processing your request for access; and
  2. We may refuse to comply with your request for access or correction.

Withdrawal

Data subjects may also withdraw their consent granted to us earlier in processing their personal data or stop processing their personal data for direct marketing purpose. Reasonable written withdrawal notice shall be given to us and email to the appropriate email address as provided above. The appropriate TA personnel shall inform the requester of the result/consequence if such request is formalised.

Upon withdrawal, we shall cease to process the personal data of the requester.

Response Time

We shall respond to all written requests within a reasonable time frame in accordance with relevant requirements of PDPA.

By providing to us with your personal data, you hereby consent to the processing of your personal data in accordance with all of the foregoing. Should there be any changes to any of your personal data, you shall notify us immediately.

9. Websites

  1. a) Cookies

    Our website uses cookies to monitor browsing preferences and help user analyse data about webpage traffic in order to make website improvements and for statistical analysis purposes. A cookie does not give us access to user computer or any information about user, other than the data user choose to share with us.

    Most internet browsers allow user to turn off cookies. Should user do so, the user may not be able to experience all the features of our website.

  2. b) IP Addresses

    When user visit our website, our server may record his/her IP address together with the date, time and duration of the visit. We may use this information to compile statistical data on the use of this website to track how users navigate through the website. We may do this to evaluate and improve our site to have better products and services for our customers.

  3. c) Third Party Websites

    Our website may contain links to third party sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage user to consult the privacy notices of those sites.

    TA Group is not responsible for any information that is submitted to or collected by these third parties.

Transmission of information via the internet is not completely secure and therefore, we cannot guarantee the security of personal data transmitted on our websites.

10. Social Network Application

If user uses any of our social network applications, pages or plugins or user use one of our products or services that allow interaction with social networks, we may receive information relating to user social network accounts. For instance:

  1. If user log-in to one of our websites or services using user social network account, we may receive basic details from user social network profile. The basic details we receive may depend on user social network account privacy settings. They might include user social network ID, name, profile picture, gender and locale. We may also receive additional information from user profile if user give us permission to access it.
  2. If user click on a 'like', '+1' or 'tweet' or similar button in one of our websites or services, we may record the fact that user have done so. In addition, the content that user is viewing may be posted to user social network profile or feed. We may receive information about further interactions with this posted content (for example, if user contacts click on a link in the posted content), which we may associate with the details that we store about the user.
  3. If user 'like', '+1' or similar one of our pages on a social network site, we may receive information about user social network profile, depending on user social network account privacy settings.

For more information and details about how user can control access to their social network profile, user should view the privacy policy and other guidance available on their social network’s website.

11. Data Security

We take appropriate and commercially reasonable technical, physical, and administrative measures to protect personal data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access in accordance with applicable laws. These processes and systems include:

  1. Limiting access to the information and using identity and access management technologies to control access to systems on which information is processed and stored.
  2. Putting in place physical, electronic and procedural safeguards in line with industry standards.
  3. Requiring all TA employees to complete training about information security.
  4. Monitoring and regularly reviewing our practise against our own policies and against industry best practice.
  5. Third party appointed by us for processing the personal data is bounded to meet the relevant requirements of PDPA and acceptable security measures are implemented to protect the confidentiality of the personal data.

12. Data Protection Officer

The Data Protection Officer (DPO) serving as a point of contact for data protection general issues/complaints can be contacted at:

The Data Protection Officer
TA Enterprise Berhad
Level 34, Menara TA One
22, Jalan P. Ramlee
50250 Kuala Lumpur

Email: DPO@ta.com.my

13. Handling Complaints

When a complaint relating to personal data is received, the DPO/TA Personnel shall notify the respective HOD (Head of Department) and/or employee. Appropriate TA personnel/HOD or DPO shall acknowledge and reply formally to the complainant.

14. Breach of Data

Data may be breached for reasons such as malicious attacks/activities (illegal access, hacking, theft), error in computer system (errors in database, software, websites) and human errors (misplaced laptops/storage device, email personal data to incorrect recipient, errors in printing personal data).

The employee involved must report to the respective HOD and DPO immediately. The HOD and DPO shall discuss and recommend to the relevant Management, if required, on the next best option/step to take in limiting the damage. The risk and impact assessment may be conducted for improvement.

If criminal activity is involved/suspected, the Management shall consider reporting the breach to the police. DPO shall notify affected parties and/or PDP Commissioner of the breach.

15. Retention

We shall retain personal data for as long as necessary to fulfil the purposes for which it was collected or until a period otherwise permitted by relevant law or in defending legal claims.

16. Disposal

We take reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed unless otherwise permitted by relevant law or in defending legal claims to retain the relevant personal data.

All papers/documents with personal data must be shredded before sending for recycling and all electronic files containing personal data must be deleted from TA’s IT devices before disposal.

17. Review

This PDP Notice shall be reviewed periodically and we reserve the right to amend and update at any time