2. What is Personal Data?
2.1 Pursuant to the PDPA, “Personal Data” refers to any information in respect of commercial transactions, that relates directly or indirectly to an individual who is identified or identifiable from that information which is in Crown’s possession and includes any sensitive personal data and expression of opinion about the individual.
2.2 In this respect, we may collect the following:
(a) your name, NRIC, passport or other identification number, telephone number(s), residential address, mailing address, email address;
(b) driver’s license details work experience and other qualification details;
(c) financial and banking information;
(d) photographs and video footage;
(e) any other personal data reasonably required in order for us to provide the services requested by you.
3. How and when does Crown collect Personal Data?
3.1 Crown collects personal data in a variety of ways in the course of conducting its businesses, including:
(a) in agreements it enters into with customers, suppliers, contractors and other personnel;
(b) when providing equipment and services and related information to customers, and administering customer accounts;
(c) when engaging suppliers, contractors and other personnel;
(d) when responding to questions regarding our products and our business;
(e) by interacting with people via our websites, email and telephone;
(f) when conducting trade promotions and competitions; and
(g) by security video surveillance at Crown sites;
(h) as applicable, publicly available or publicly accessible information;
3.3 Personal Data collected by Crown may be held in a variety of formats, including hard copy format and on Crown’s computer systems. If Crown receives Personal Data that Crown has not requested (unsolicited information) and Crown determines that Crown could not have collected that information under the PDPA, then Crown will destroy or de-identify the Personal Data if it is lawful and reasonable to do so.
4. How does Crown use Personal Data?
4.1 We may use your Personal Data for our business purposes, including the following purposes (“Purposes”):
(a) provide, maintain and improve the services provided by Crown;
(b) to understand your needs and preferences;
(c) responding to your queries or requests and providing customer service;
(d) matching any Personal Data held which relates to you for any of the purposes listed herein;
(e) verifying your identity for the purposes of providing our services to you;
(f) to manage and develop our business operations;
(g) to comply with any applicable laws or any request from any relevant governmental or regulatory authority;
(h) enforcing obligations owed to us;
(i) seeking professional advice, including legal advice;
(j) any other reasonable purposes in connection with the provision of the services or authorized by any applicable laws; or
(k) fulfilling any purpose directly related or ancillary to the above Purposes.
5. Disclosure of Personal Data
5.1 Crown respects the privacy of Personal Data and we will take reasonable steps to keep it strictly confidential.
5.2 Crown will disclose Personal Data to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected (e.g. disclosure to a customer for the purpose of delivering equipment ordered from Crown, or to allow Crown to perform its obligations under the agreement). Where such a disclosure is necessary, Crown will require that the third party undertake to treat the Personal Data in accordance with the applicable legislation.
5.3 Crown will only disclose Personal Data to third parties without the consent of the person to whom it relates if the disclosure is:
(a) necessary to protect or enforce Crown’s legal rights or interests or to defend any claims;
(b) necessary for the purpose of preventing or detecting a crime, or for the purpose of investigations;
(c) necessary to prevent or lessen a serious threat to a person’s health or safety;
(d) required or authorised by law; or
(e) permitted by another exception in the PDPA and local legislation.
5.4 Under no circumstances will Crown sell Personal Data without the consent of the person to whom it relates. Crown may disclose Personal Data to overseas recipients and such disclosure will be made pursuant to the provisions of the PDPA;
6. Information Security
6.1 Crown will take all reasonable steps as required under applicable laws, regulations and standards to ensure that all Personal Data held by Crown is secure from any loss, misuse, modification, accidental or unauthorised access, disclosure, alteration or destruction. However, Crown does not guarantee that Personal Data cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
6.2 Should your Personal Data be transferred, held or collected by a third party authorised by Crown, we will ensure that such third party will provide similar and sufficient guarantees in protecting your Personal Data.
6.3 Crown will take reasonable steps to destroy or permanently de-identify Personal Data if it is no longer needed for the purposes for which Crown is authorised to use it.
7. Accessing Personal Data
7.1 A person may request to access Personal Data about them held by Crown. Such a request can be made by contacting Crown via our contact details provided under the “Contact Crown” heading below.
7.2 Crown will grant a person access to their Personal Data within the timeframe provided under applicable laws and regulations, subject to the circumstances of the request.
7.3 A request to access Personal Data may be rejected if:
(a) providing access would disclose confidential commercial information;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) providing access would prejudice Crown’s legal rights;
(e) such access to Personal Data regulated by another law; or
(f) there are other legal grounds under the PDPA to deny the request.
7.4 Should Crown refuse your request, Crown will provide you with written notice of the refusal and our grounds of refusal within a reasonable timeframe.
7.5 Crown may charge a fee for reasonable costs incurred in giving access to an individual’s Personal Data. Such costs may be as prescribed under applicable laws and regulations. The fee (if any) will be disclosed prior to it being levied.
8. Correcting Personal Data
8.1 Crown will take reasonable steps to ensure the accuracy and completeness of the Personal Data we hold. However, if a person believes that any Personal Data that we hold about them is inaccurate or out of date, then they should contact Crown via our contact details provided under the “Contact Crown” heading below. Crown will process your request within a reasonable timeframe and manner in accordance with the PDPA. Should Crown deny your request for correction, Crown will provide you with a notice in writing of our reasons for the refusal.
9. Additional information regarding Credit Information
9.2 The types of credit information that Crown collects and uses for the purpose of assessing an application for commercial credit typically include:
(a) names, addresses and other contact details of accountholders and guarantors (both prospective and current);
(b) bank account details;
(c) driver’s licence details;
(d) financial information;
(e) information on the assets held by an individual.
9.3 Such information is collected from the relevant individual and from credit reporting bodies, as well as from publicly available information. Crown uses the information collected to create an internal credit assessment report.
9.4 Crown discloses credit information to credit reporting bodies:
(a) to obtain a credit report from the credit reporting body; and
(b) for the purposes of lodging a default listing against the individual.
9.5 When lodging a default listing we may do this ourselves or by our agents.
10. Google Analytics
10.2 You may opt out of Google Analytics by using the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB Most browsers are initially set to accept Cookies. However, you have the ability to modify the usage of or disable Cookies if you wish, generally through changing your internet software browsing settings.
Note: if Cookies are disabled, it may mean that you experience reduced functionality or you may be prevented from using elements of the Crown website altogether.
11. Withdrawal of consent
11.1 You may at any time via written notice in our “Contact Crown” heading below, communicate to Crown your intention to withdraw your consent to our usage, storage or collection of your Personal Data. We will respond to your request within a reasonable timeframe. Should you withdraw your consent, it may not be possible for Crown to perform our services and our contractual obligations to you. Notwithstanding this, Crown may use, store or collect your Personal Data if authorised or required to under applicable laws.
12. Transfer of Personal Data to places outside Malaysia
13. Promotions and Direct marketing
13.1 In certain circumstances, Crown may use Personal Data for promotional or direct marketing purposes. However, a person may at any time via written notice request Crown to cease or not to use their Personal Data for sending direct marketing material to that person. Such a request can be made by contacting Crown via our contact details provided under the “Contact Crown” heading below. There is no fee for making such a request.
14. Contact Crown
Crown Privacy Officer
No.9, Persiaran Pasak Bumi Section U8,
Bukit Jelutong, Selangor 40150
Telephone: (603) 5033 8500
14.2 Crown deals with complaints via our internal data privacy complaint process, under which a Crown contact officer will be allocated to assess your complaint and respond to you within a reasonable timeframe. Crown takes all complaints seriously and any further action after our initial response to you will vary depending on the nature of your complaint.