Personal Data Protection Notice
Version 1.0
Last Updated: December 18 2024 14:38:00
This Data Protection Notice (“Notice”) sets out the basis which Vox Eureka PLT (Malaysia), Voxeureka Pte. Ltd. (Singapore, Malaysia, or Indonesia as applicable), PT Nada Karya Nusantara (Indonesia), and Vertixal PLT (Malaysia) (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers and other individuals in accordance with the applicable Personal Data Protection laws in Malaysia (PDPA 2010), Singapore (PDPA 2012), and Indonesia (UU PDP 2022).
This Notice applies to personal data in our possession or under our control, including without limitation, personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes. Therefore, we have set out the below information about our processing of your personal data, your rights and how you can get in touch with us if you want to know more. Should you have any disagreements or concerns regarding this Notice, feel free to reach out as well.
We collect, use, process and disclose your Personal Data (as defined below) through the use of our websites, as well as products, features and other services globally, operated by us. This Notice also applies to users of our websites globally, including users of the website, features, products and services.
We may update this Data Protection Notice from time to time to reflect changes to our practices, legal or regulatory requirements. The latest version will always be published on our website, and the “Last Updated” date will be revised accordingly. We encourage you to review this Notice periodically to stay informed about how we are protecting your personal data. Where required by law, we will notify you of significant changes and obtain your consent where necessary.
Definitions
1. As used in this Notice:
“customer” means any individual person who has either (a) contacted us through any means regarding goods/services that we may provide, or (b) may or has actually entered into a contractual relationship with us, for the provision of goods/services or otherwise; and
“personal data” include information about you and means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
2. Here are some types of personal data that we may collect and process:
● Personal and contact details, such as:
(a) title;
(b) full name;
(c) contact details; and
(d) contact details history
● age
● date of birth,
● gender
● marital status
● photographs
● video recordings
● nationality
● passport /identity card copies
● employment information
● cookies/IP addresses
● other background information such as income data, financial records, tax records
● Details of third parties that you provide to us including without limitation to recipients of our products and/or services;
● Records of your contact with us such as where you get in touch via the phone number of our customer service centre and, if you get in touch with us online using our online services, details such as your mobile phone location data, IP address and MAC address;
● Any information about you through referrals from our affiliates and business associates whether in or outside Singapore, Malaysia, or Indonesia as applicable / Malaysia;
● Third party transactions such as where a person other than the account holder uses the service, information about that person and the transaction.
3. Other terms used in this Policy shall have the meanings given to them in the PDPA.
1. Notification
1.1. Notification to Customers
1.1.1. General Notification
Before collecting personal data, individuals are informed of the purpose of collection or how the data will be used, and any potential disclosures, unless there are exceptions that we can rely upon under the law. Customers are provided with clear and concise information about the company’s data protection policies at the point of collection, ensuring transparency and informed consent.
Some examples of the purposes for collection or use of personal data are as follows:
(a) performing obligations in connection with our provision of the goods and/or services requested by you;
(b) administering your relationship with us;
(c) verifying your identity;
(d) responding to queries, feedback and or complaints;
(e) processing payment;
(f) complying with any applicable laws;
(g) assisting with investigations conducted by any regulatory or law enforcement agency;
(h) any purpose for which you have provided us personal data;
(i) any other incidental business purposes related to or in connection with the above; and
(j) transmitting data to third parties (e.g. third party service providers, contractors, agents) whether in Singapore, Malaysia, or Indonesia as applicable or elsewhere, for any of the abovementioned purposes.
The purposes listed above may continue to apply even in situations where customers relationship with us has been terminated for a reasonable period thereafter (e.g. for a period to enable us to enforce our rights under a contract with the individual).
1.1.2. Disclosure
We generally do not disclose personal data without first obtaining a customer’s consent. Disclosure will then be only for the specific purpose that the customer has been informed about (subject to any exemptions under the law).
Notwithstanding the abovementioned, we may however disclose an individual’s personal data:
(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by the individual; or
(b) to third party service providers, contractors, agents and other parties we have engaged to perform any of the functions in connection with the above-mentioned purposes.
Furthermore, we may disclose an individual’s personal data:
(c) to our group/related/affiliated companies;
(d) companies providing services pertaining to insurance and/or reinsurance to us, and associations of insurance companies;
(e) our agents, contractors or third party service providers (eg. telecommunications, business process outsourcing, mail processing, email support, call centres, IT support, data processing, payment assistance, payroll processing, training, market research, storage);
(f) professional advisers (eg. our legal advisers, auditors, bankers); and
(g) the authorities (eg. regulators, law enforcement agencies).
We may process your personal data in a country other than the one in which you reside. To the extent we transfer your personal data, we will use appropriate safeguards and comply with the laws of the country to which your personal data is transferred.
1.1.3. Updates on Data Protection Policies
Changes to data protection policies are communicated through legal documentation, the company website, and direct communication with affected customers. Updates are also provided via letters and email notifications.
1.1.4. Granular Consent Management
Before collecting certain types of personal data, we will provide customers with detailed options to specify their consent for different types of data processing activities. For example, customers can separately consent to:
● Receiving marketing communications via email or SMS.
● Sharing data with third-party vendors for personalized advertising.
Consent can be withdrawn for any individual activity at any time.
1.1.5. Express Consent for Sensitive Data
● In circumstances where personal data collected includes sensitive information, such as health data, financial records, racial or ethnic origin, or religious beliefs, we will obtain express written consent from the individual before processing such data.
● We will also provide a clear explanation regarding the use of this sensitive data, and the security measures implemented to protect it. Any use of such data beyond its original purpose will require renewed consent from the individual.
1.2. Automated Monitoring and Surveillance
1.2.1. Notification of Monitoring
Customers are informed if any form of automated monitoring is in place, such as call recordings for training or security purposes, monitoring of internet use, or closed-circuit television camera (CCTV) surveillance on premises.
1.2.2. Awareness Measures
Prominent notifications are displayed to notify persons of CCTV surveillance to ensure awareness of monitoring activities. Automated or manual phone messages inform callers that their calls may be recorded and the purpose of such recording.
1.2.3. Cookies and Tracking Technology
We use the following types of cookies and by continuing to use our website, you accept the uses of cookies as stated below:
• Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into our secure website. They may also provide authentication, site security and help localise the language based on the geography of your visit.
• Performance cookies: These allow us to recognise and calculate the number of visitors to our website and to see how visitors move around our website when they are surfing it (such as google analytics cookies). This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking. They include, for example, IP addresses and unique IDs. These are also used to understand, improve and research products and services, including when you access our Website and/or Apps from a computer or mobile device. For example, we may use cookies to understand how you are using site features, and segmenting audiences for feature testing. We may use these technologies and the information we receive to improve and understand how you use websites, apps, products, services and ads.
• Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region, log in by pre-filling fields). We may also use cookies and similar technologies to help us provide you and others with social plug-ins and other customised content and experiences, such as making suggestions to you and others.
• Contextual Advertising: These cookies and pixels are used to deliver relevant ads, track email marketing or ad campaign performance and efficiency. For example, we and our marketing partners may rely on information gleaned through these cookies to serve you ads that may be interesting to you on other websites. Similarly, our partners may use a cookie, attribution service or another similar technology to determine whether we’ve served an ad and how it performed or provide us with information about how you interact with them.
1.2.4. Automated Decision-Making and Profiling
In certain instances, we may process personal data for the purpose of automated decision-making, including profiling (eg. decisions related to loan assessments, credit scoring, or targeted marketing). Where such decisions have significant effects on customers, the company will ensure that customers are informed of the use of automated decision-making and profiling. Furthermore, customers will be given the right to:
● Request additional information on how the decision was made
● Seek human intervention in the decision-making process
● Object to the profiling or automated decisions where these impact their rights or interests
2. Consent
2.1. General Requirement for Informed Consent
2.1.1. Obtaining Consent
Clear and informed consent is obtained before collecting, using, or disclosing personal data, preferably in writing. If verbal consent is obtained, it is documented internally for record-keeping.
2.1.2. Consent for Third-Party Data
When clients provide third-party personal data (e.g., data about family members or business associates), they must ensure that consent has been obtained from the customers involved, unless there are exceptions that we can rely upon under the law.
2.1.3. Marketing Communications
Opt-Out Mechanism: We provide clear options for customers to opt out of marketing communications at any time.
Third-Party Data Sharing: We disclose if personal data will be shared with third-party vendors for marketing purposes, and obtain the customer’s consent for this purpose.
2.1.4. Consent for Call Recording
We inform customers that their calls may be recorded for quality assurance or training purposes, obtaining consent in advance.
2.2. Deemed Consent
2.2.1. Voluntary Provision of Data
Customers are deemed to have consented when they voluntarily provide their data for specific purposes, such as submitting a job application or engaging in preliminary discussions for services.
2.2.2. Consent via Third Parties
Deemed consent also applies when data is shared by a third party under lawful circumstances, such as client referrals or introductions by other business entities.
2.2.3. Usage of Personal Data in situations of deemed consent
In situations of deemed consent, we may collect or use personal data, or disclose existing personal data for any reasonable purposes, even if they differ from the primary purpose which it had originally collected pursuant to our earlier notifications. In situations of deemed consent, we may, where feasible, provide the client a reasonable period to opt-out.
2.2.4. Sharing of information between group/related/affiliated entities
We will inform clients about the structure of our group companies and the manner in which we may share information between group/related/affiliated companies.
2.3. Exemptions to Consent Requirement
The following and all other exemptions under applicable laws permit us to collect, use or disclose personal data without obtaining prior consent from customers. This list is non-exhaustive.
2.3.1. Publicly Available Data
Consent is not required for the use of publicly available data, such as information from public directories, unless the data was obtained unlawfully or the individual has expressly stated that they do not wish their data to be used.
2.3.2. Situations of Interest
Personal data can be collected, used, or disclosed without consent in situations clearly in the individual’s interest, such as emergencies or compliance with legal obligations, unless there are exceptions that we can rely upon under the law. Generally, these situations arise where consent cannot be obtained in a timely manner or the individual would not reasonably be expected to withhold consent.
2.3.3. Evaluative purposes
Evaluative purposes mean
(a) for the purpose of determining the suitability, eligibility or qualifications of the individual to whom the data relates:
(i) for employment or appointment to office;
(ii) for promotion in employment or office or for continuance in employment or office;
(iii) for removal from employment or office; or
(iv) for the awarding of contracts, awards or other similar benefits; or
(b) for the purpose of determining whether any contract, award or other similar benefit should be continued, modified or cancelled.
2.3.4. Investigations or legal proceedings
These circumstances arise when such data collection, use and/or disclosure is necessary for any investigation or proceedings, if it is reasonable to expect that seeking the consent of the individual would compromise the availability or the accuracy of the personal data.
2.3.5. Public agencies
When the disclosure is to a public agency and such disclosure is necessary in the public interest
2.3.6. AML/CFT
In relation to clients, prospective clients and any other relevant persons (such as their representatives or connected persons), for the purposes of complying with our anti-money-laundering and countering-the-financing-of-terrorism (“AML/CFT”) obligations, such as in the course of our performing client due diligence, we may, directly or indirectly collect, use, and disclose personal data without the respective individual’s consent.
3. Purpose Limitation
3.1. Specific and Legitimate Purposes
3.1.1. Purpose of Collection
Personal data is collected only for specific, legitimate purposes that are communicated to the customers. If the data needs to be used for a different purpose, additional consent is obtained unless there are exceptions that we can rely upon under the law.
3.1.2. Parental Consent for Minors
We will obtain explicit parental consent before collecting personal data from minors under the age of 18.
3.1.3. Purpose of collection of Information Unique to Our Industry
Amongst other things, our company specializes in providing public relations, digital marketing, advertising, social media marketing, and influencer marketing services. As part of our operations, we collect and process limited personal data for media relations, service delivery and marketing purposes, in compliance with applicable laws and regulations.
Types of personal data that we may collect include:
– Identity Data: Journalist contacts (names, emails, phone numbers, affiliations) provided to us, and participant details for contests.
– Media Content: Photographs, videos, and recordings of talents engaged for marketing campaigns.
– Contact Data: Customer data when they join contests we organize, or other contact lists utilised for our professional services.
The purposes for collecting, using, or disclosing this data include:
– Enhancing media relations and conducting marketing campaigns.
– Managing promotional activities, such as contests
– Supporting the creation and distribution of marketing materials (e.g., advertisements, social media content).
– Communicating with media contacts.
– Organizing and executing marketing/promotional campaigns for clients.
– Managing client projects and providing tailored services.
A further elaboration of the use of personal data are as follows:
1. Business Development and Client Engagement
1.1 To respond to inquiries and requests for services.
1.2 To provide proposals, quotations, and service agreements.
1.3 To customize and recommend services based on client preferences and industry trends.
1.4 To perform any other activities necessary to establish, manage, or grow client relationships.
2. Campaign Planning and Execution
2.1 To develop marketing strategies tailored to client objectives.
2.2 To analyze audience demographics and behavior for targeted campaigns.
2.3 To create customer personas for precise campaign targeting.
2.4 To curate content and messaging based on customer preferences.
2.5 To manage email marketing campaigns, including personalization of email content.
2.6 To test and optimize advertisements using A/B testing of audience profiles.
2.7 To support any other activities related to the planning, execution, and optimization of marketing campaigns.
3. Public Relations and Media Relations
3.1 To identify media contacts and manage outreach to journalists.
3.2 To distribute press releases and manage media lists.
3.3 To track media coverage and analyze campaign performance.
3.4 To perform any other functions necessary for effective public and media relations.
4. Influencer Marketing
4.1 To identify and vet influencers based on audience alignment.
4.2 To negotiate and manage contracts with influencers.
4.3 To track influencer campaign performance and deliverables.
4.4 To undertake any additional activities required to execute and manage influencer collaborations.
5. Social Media Management
5.1 To monitor social media platforms for brand mentions and audience engagement.
5.2 To schedule and publish posts tailored to audience insights.
5.3 To analyze follower demographics for optimized posting.
5.4 To manage social media contests and gather participant data.
5.5 To carry out any other activities necessary for managing and optimizing social media presence.
6. Advertising and Retargeting
6.1 To create custom audience segments for advertisements.
6.2 To track user engagement with ads and optimize based on performance metrics.
6.3 To retarget ads to individuals who have interacted with previous campaigns.
6.4 To personalize advertisements using cookies and user behavior data.
6.5 To engage in any other activities required for effective advertising and retargeting efforts.
7. Analytics and Reporting
7.1 To monitor and evaluate campaign performance using analytics tools.
7.2 To create detailed reports for clients showing ROI and engagement metrics.
7.3 To assess market trends and consumer behavior for future campaign planning.
7.4 To undertake any additional analysis or reporting activities to support data-driven decision-making.
8. Customer Relationship Management
8.1 To maintain databases of clients, partners, and collaborators.
8.2 To manage contracts and service agreements.
8.3 To send personalized updates and newsletters.
8.4 To perform any other functions required to enhance and maintain customer relationships.
9. Compliance and Risk Management
9.1 To comply with applicable data protection and advertising laws.
9.2 To prevent unauthorized access, fraud, or abuse of services.
9.3 To ensure contractual compliance with influencers, media, and partners.
9.4 To conduct any other activities required to mitigate risks and ensure legal and regulatory compliance.
10. Financial Administration
10.1 To process invoices, payments, and refunds.
10.2 To maintain financial records and manage budgets.
10.3 To assess client profitability and billing accuracy.
10.4 To carry out any additional activities necessary for financial and administrative purposes.
11. Internal Training and Improvement
11.1 To use aggregated data for staff training and skills enhancement.
11.2 To improve service offerings based on data-driven insights.
11.3 To conduct internal audits and quality assurance checks.
11.4 To perform any other functions aimed at improving internal processes and service quality.
12. Legal and Administrative Purposes
12.1 To respond to legal claims and regulatory inquiries.
12.2 To retain records required under applicable regulations.
12.3 To ensure lawful transfer of data in cases of mergers or acquisitions.
12.4 To conduct any other activities necessary to address legal, administrative, or operational requirements.
13. Customer Feedback and Improvement
13.1 To collect and analyze customer feedback on services.
13.2 To conduct surveys or focus groups for service improvement.
13.3 To monitor customer satisfaction through Net Promoter Score (NPS) and other metrics.
13.4 To engage in any other activities designed to gather insights and improve service delivery.
Safeguards and data handling practices include:
– Transmission Practices: Files containing personal data are transmitted via email and cloud systems (Box.com) with password protection or encryption in place.
Storage Practices: Data is securely stored on a cloud service provider with access limited to the working team on a specific client project and the clients themselves.
– Access Controls: Electronic restrictions such as password protection, encryption, and Two-Factor Authentication (2FA) are implemented.
Data Retention and Handover:
We do not retain personal data indefinitely. All collected data is typically handed over to the client after the completion of projects or campaigns, unless our management deems it necessary to retain the data for verification/follow on liaison work. We may also retain certain data for internal legal / tax compliance, in line with our data protection policies. Please refer to the retention policy clauses accordingly.
Cross-Border Data Transmission:
Personal data is typically transmitted to Malaysia, Singapore, Malaysia, or Indonesia as applicable, and Indonesia and other countries where our business partners/service providers are situated, for operational purposes, in compliance with relevant laws and safeguarding standards, in line with our policy.
3.2. Prohibited Activities
3.2.1. Unsolicited Marketing
We generally do not engage in unsolicited marketing activities, such as cold calling, email spamming, or mass text messaging, unless the individual has consented or there are exceptions that we can rely upon under the law. We will at all times ensure we specifically comply with all laws pertaining to do-not-call (DNC) registers.
3.3. Business Contact Information
3.3.1. Usage of Business Information
Business contact information, such as names, job titles, and business email addresses, is not subject to data protection rules and can be used freely for business purposes, such as client communications.
3.4. Legitimate Interests Exception
3.4.1. Legitimate interests exception explained
In line with the legitimate interests exception, we will collect, use or disclose personal data for the following purposes:
● Fraud detection and prevention;
● Detection and prevention of misuse of services;
● Network analysis to prevent fraud and financial crime, and perform credit analysis; and
● Collection and use of personal data on company-issued devices to prevent data loss.
4. Protection Obligation
4.1. Security Measures
4.1.1. Administrative Measures
Employees are required to sign confidentiality agreements and adhere to strict policies regarding data access and usage. Annual training sessions are conducted to reinforce data protection awareness and understanding of the company’s policies and legal obligations.
We minimise collection of personal data as much as possible.
4.1.2. Physical Measures
Personal data stored physically is secured in locked cabinets accessible only to authorized personnel. Access to sensitive areas is restricted to authorized employees, and all visitors are logged and accompanied at all times.
4.1.3. Technical Measures
Information systems are protected by strong passwords, encryption, and secure network protocols. Sensitive data is segmented and access is limited to authorized users based on roles. Regular antivirus and anti-phishing software updates are performed to prevent unauthorized access and ensure system integrity. Where necessary, we will employ data anonymisation techniques.
4.1.4. General disclaimer to data subjects
Customers are made aware, however, that no method of transmission over the internet or otherwise, or method of electronic storage is completely secure.
Whilst data security cannot be guaranteed, we strive to protect the security of data and are constantly reviewing and enhancing our information security measures.
4.2. Data Intermediaries
4.2.1. Handling by Third Parties
Third-party service providers who handle personal data on our behalf are required to adhere to our data protection standards equivalent to ours. These may be ensured by way of contracts of engagement or we may assess the suitability of third parties based on other generally accepted industry practices.
4.2.2. Encryption Standards for Data Transfers
We ensure that when personal data is transferred to third parties, especially across borders, it is encrypted in accordance with AES-256 encryption standards. This encryption applies both to data at rest and during transmission. Third-party vendors involved in such transfers are required to implement encryption and security protocols equivalent to acceptable industry standards.
Where personal data is transferred to jurisdictions with lower data protection standards, we will take additional measures, such as encryption, anonymization, or contractual clauses, to ensure data security.
4.2.3. Cross-Border Data Transfer Documentation
The company ensures that when personal data is transferred outside of Singapore, Malaysia, or Indonesia as applicable, the recipient country has equivalent data protection standards. Where necessary, additional safeguards such as encryption or contractual clauses are implemented. All cross-border transfers are documented and reviewed to ensure compliance with data protection laws.
4.3. Data Access and System Security
4.3.1. Access Control
Role-based access control is implemented to limit access to personal data based on employee roles and responsibilities. Data access is monitored and audited regularly to ensure compliance with internal policies and legal requirements.
5. Accuracy Obligation
5.1. Ensuring Data Accuracy
5.1.1. Data Verification
Personal data provided directly by customers is presumed to be accurate unless there is reason to believe otherwise. Customers are encouraged to provide updated information as needed, by informing our Data Protection Officer (“DPO”) by email.
5.2. Correction Requests
5.2.1. Request Handling
Customers can request corrections to their data if they believe it is inaccurate or incomplete. The request is verified, and the data is updated if necessary. If a correction request is denied, the data is annotated with the requested changes and the reason for refusal.
6. Retention Limitation
6.1. Data Retention Notice
6.1.1. Retention Guidelines
Personal data is retained only for as long as reasonably necessary to fulfill the purposes for which it was collected or to comply with legal requirements. Once no longer needed, data is securely deleted or anonymized, unless there are exceptions that we can rely upon under the law.
6.1.2. Legal Obligations
Certain regulations, such as AML/CFT laws, the Companies Act, and tax laws, require us to retain personal data for up to seven years (following termination of our business relationship or completion of the relevant client transaction) or more. This includes client records, accounting documents, and business transaction records. This Notice is also subject to our archiving and records retention policies.
6.2. Annual Data Review and Disposal
6.2.1. Disposal Process
At the end of each financial year, the DPO reviews all personal data to identify records that should no longer be retained. Data that no longer serves the original purpose and is not subject to any legal retention requirements is securely destroyed or anonymized.
6.2.2. Documentation of Disposal
All disposal actions are documented to ensure transparency and accountability. The disposal records include details of the data destroyed, the method of destruction, and the date of disposal.
6.3. Special Retention Circumstances
6.3.1. Extended Retention
In special cases, such as ongoing investigations, legal disputes, or AML/CFT compliance, data may be retained beyond the usual retention period. The DPO maintains a list of data that must be preserved due to these circumstances and notifies management of any extended retention requirements.
6.3.2. Post-Retention Procedures
Once the reason for extended retention is no longer applicable, the data is reviewed again and securely disposed of if it is no longer required for legal or business purposes.
6.4. Data Retention During Business Asset Transactions
6.4.1. Transfer and Disposal
During business transactions involving the sale or transfer of assets, personal data of employees, clients, or shareholders collected for the transaction is either securely transferred to the new owner or destroyed if the transaction does not proceed.
6.5. Data Retention Policy for Communications
6.5.1. Call logs and message records
Call logs and message records will be retained for 5 years in order to meet our compliance obligations.
6.6. Deceased Individuals
6.6.1. General treatment of data of deceased individuals
In the case of individuals who have passed away, for a period of ten (10) years, we will continue to ensure rights pertaining to non-disclosure and protection of his/her personal data shall still apply. The deceased individual’s rights may be exercised by his/her personal representative or nearest relative.
7. Transfer Limitation
7.1. Data Transfers to Third Parties
7.1.1. Safeguarding Data Transfers
Personal data is only transferred to third parties when necessary for business operations and under strict safeguards, such as confidentiality agreements, unless there are exceptions that we can rely upon under the law. All third-party recipients are required to adhere to data protection standards equivalent to ours.
7.1.2. Verification of Third-Party Standards
Before transferring data to any third party, especially those outside Singapore, Malaysia, or Indonesia as applicable, we verify that they have adequate data protection measures in place. This includes reviewing their data protection policies, contractual obligations, and security practices.
8. Your Rights To Access and Correction and Other Rights
8.1. Right to Access
8.1.1. Access Requests
Customers can submit written requests to access their personal data held by us. The DPO will verify the identity of the requester and provide the data as soon as reasonably practicable. We endeavour to do so within thirty (30) days, unless exceptions that we can rely upon under the law apply. If additional time is needed, the requester is informed of the reason and the expected completion date. A reasonable fee can be charged for such requests. We will inform the individual of such fees before processing the request.
We will provide the application with the following:
(a) information on the personal data in our possession or controlled by us; and
(b) information on how we have or may have used or disclosed such data within 1 year of the date of such request.
8.1.2. Mandatory Denial of Access
Access requests will be denied if providing the data could:
● Threaten the safety or health of another individual
● Reveal personal data about another individual without their consent
● Be contrary to national security or public interest
● Data pertaining to ongoing prosecution / investigations
● Other legitimate reasons for denial
If access is denied, customers are informed of the reasons unless exceptions under the law apply.
8.1.3. Discretionary Denial of Access
We may at our discretion deny access to the data in the following circumstances:
● Opinion data pertaining to prospective, current or past customers which we retain for evaluation purposes
● Data that reveals commercial information that harms our commercial competitive position
● Opinion data pertaining to prospective, current or past employees (eg. suitability for positions or promotions)
● Any other opinion data that we retain for evaluation purposes
8.2. Correction Requests
8.2.1. Data Amendment
Customers can request corrections to their personal data if they believe it is inaccurate or incomplete. We verify the request and update the data if necessary. If a correction request is refused, we annotate the data to reflect the requested changes and the reason for refusal.
8.2.2. Notification of Corrections
After correcting the data, we inform every organization to which the data has been disclosed within the past year, unless it is impracticable or involves disproportionate effort.
8.3. Withdrawal of Consent
8.3.1. Withdrawal Process
Customers can withdraw consent for the collection, use, or disclosure of their personal data at any time by submitting a written notice conveyed by email, to our DPO. Upon receiving the notice, within reasonable period, we will inform the individual of the potential consequences of the withdrawal, such as the impact on service provision or employment (i.e. cessation of provision of products and/or services, or termination of employment). Within reasonable period, we will cease using or disclosing the data as soon as reasonably practicable, unless retention is required for legal obligations or legitimate business purposes. The period depends on the complexity of the case. In general we try to process the request within thirty (30) days.
8.3.2. Notification to Third Parties
Third parties who have been provided with the individual’s personal data are notified to cease using or disclosing the data, unless exceptions that we can rely upon under the law apply.
8.4. Consequences of Withdrawal
8.4.1. Service Impact
Withdrawal of consent may limit or prevent the provision of certain services. The individual is informed of these limitations before the withdrawal is processed.
8.4.2. Employment Impact
For employees, withdrawing consent may result in changes to job responsibilities, limitations in processing payroll, or even termination of employment if the data is essential for the employment relationship.
8.5. Your Rights In Summary
Pertaining to rights relating to us using your personal data, you have the rights to:
8.5.1 complain to a data protection authority or another independent regulator about how we’re using it;
8.5.2 limit or withdraw your consent to us using your personal data for direct marketing or other processing for the purposes set out above;
8.5.3 limit or withdraw any part of your consent you have previously given for the processing of your personal data, however such action may prevent us from performing our obligations to you;
8.5.4 request that we correct anything that’s inaccurate or outdated, or complete any incomplete personal data; and
8.5.5 request a copy of your personal data (we have the right to charge a reasonable fee to complete this request).
9. Contact Us
9.1. Contact Information
You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:
Name of DPO : Jonathan Tan Kok Yoon
Contact No. : +6531581836
Email Address : voxeureka@dpoguard.com
10. Effect
10.1. Application of Notice
This Notice applies in conjunction with all other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.