Updated: 29 September 2022
This Policy is issued by Ever Higher Data Recovery Centre Sdn Bhd. The data processing activities of Ever Higher Data Recovery Centre Sdn Bhd the “Controller”, and the collected individually identifiable information, the “Personal Data”. The terms “EHDR“, “we” and “us” therefore refer to either Ever Higher Data Recovery Centre Pte Ltd or Ever Higher Data Recovery Centre Sdn Bhd, depending on where you live.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
SCOPE OF APPLICABILITY
This Policy is addressed to individuals inside and outside our organization with whom we hire and interact, including customers, personnel of corporate customers, corporate, and visitors to our websites, partners, suppliers, applicants for employment, and other users of our Services. This policy describes how we collect, use, disclose, transfer, store and otherwise process your personal data when you are using our data recovery services (hereinafter collectively referred to as : “Service” or “Services“).
PROCESSING OF PERSONAL DATA
1. Collection of Personal Data
- Data collected: When you contact us via email, telephone, or by any other means or when you provide us with your business card, when you interact with our Services, or when you submit a job application.
- Relationship data: Personal Data we obtain for the purpose of:
- Providing a Service to an individual, corporate, or personnel of corporate, partners, suppliers, visitors, or
- Internal usage related to employment.
- Website data: Personal Data obtain when you visit any of our websites or social channel, register, or use any features or resources available on or through a website.
- Content and advertising information: If you interact with any third-party content or advertising on a website or third-party plugins and cookies, we receive your Personal Data from the relevant third-party provider of that content or advertising.
- Third-party information: Personal Data collect or obtain from third parties (e.g. credit reference agencies or law enforcement agencies).
- Authentication information: Personal Data collect or obtain from registered individuals or personnel to verify the identity of non-registered individuals or personnel collecting data or devices on behalf of registered individuals or personnel.
2. Categories of Personal Data
- Personal information: Name
- Contact details: correspondence or shipping address, contact number, and email address
- Consent: records of consents that are given by correspondence (if applicable)
- Payment data: purchase information, pricing, invoice records, billing address; bank account number; cardholder or accountholder name; card or account security details.
- Views and feedback: reviews that you choose to send to us, or publicly post on social media platforms related to the Controller or Services
- Employment Application: Document and details summited from job applicants such as Professional experience, Certification, Qualifications, reference number, and other documents which required during application.
- Corporate information: Personnel who interact on behalf of a company; name, email address, contact number, company name.
- Compliance data: Information from fraud-prevention agencies, business directories, individuals we believe you have authorized to provide your personal details on your behalf, and similar data
PURPOSE OF PROCESSING PERSONAL DATA
- Provisioning Purposes- Process the assessment service, data recovery service acknowledgment, the process of invoice and payments, and respond to inquiries and requests from an individual or registered personnel.
- Service enhancement purposes- Develop new Products and Services, as well as personalize the services offer, perform market analysis, and improve user experience.
- Benefits purposes: Use of marketing and advertising to deliver including through voice, message, email, and digital advertising, to inform about skill improvement, information about products and services that might be interesting for individuals, rewards, promotion, share promotional benefits and loyalty programs which you may qualify for, provide updates, offers, and invitations to events.
- Security purposes- Authentication information, service, security issues, prevent and detect fraud or other crimes, ensure the safety and security of related storage medium.
- Regulation purposes- Meet legal, regulatory, and other requirements including aiding law enforcement, judicial, and other government agencies.
- Financial management purposes- Processing for the purpose of managing and operating the financial affairs of our business regards to sales, finance, corporate audit, and vendors
- Defence of legal claim- Management of legal claims; establishment of facts and claims, including collection, review, and production of documents, facts, evidence, and witness statements; exercise and defense of legal rights and claims, including formal legal proceedings.
1. LEGAL JUSTIFICATION
|Purposes||Data Involve||Legal Basic|
|Provisioning Purposes||Personal Information, contact details, consent, payment data, corporate information||– The processing of Personal Data is voluntary. If you do not provide Personal Data, the use of Services may be different.|
|Service enhancement purposes||Personal Information, contact details, corporate information||Legitimate Interest Justification|
|Benefits Purposes||Personal Information, contact details||Consent Justification|
|Security purposes||Legitimate interest Justification|
|Regulation purposes||Personal Information, contact details, consent, payment data, corporate information, compliance data||Legal Obligation Justification|
|Financial management Purposes||Personal Information, contact details, payment data, corporate information||Legitimate Interest Justification|
|Defence of Legal Claim||Personal Information, contact details, consent, payment data, corporate information, compliance data||Legal Obligation Justification|
DISCLOSURE OF PERSONAL DATA
We disclose your Personal Data to other controllers to fulfil our contractual obligations towards an individual or legitimate business purposes in accordance with consent or applicable law. In addition, we disclose your Personal Data to:
- Individual or personnel of corporate, and where appropriate, your appointed representatives, or if we are providing Services to your employee, your employer;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers, and other outside professional advisors to the controller, subject to binding contractual obligations of confidentiality;
- third party Processors (such as payment services providers, channel and retail partners, shipping/courier companies; technology suppliers, customer satisfaction survey providers, operators of “live-chat” services;
- any relevant party, regulatory body, governmental authority, law enforcement agency, or court, to the extent necessary for the establishment, exercise, or defense of legal rights, or any relevant party for the purposes of prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal penalties;
- any relevant third party acquirer(s) or successors in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation), but only in accordance with the applicable law; and
TRANSFER OF PERSONAL DATA
Data may transfer within the controller, and to third parties, as noted in Section 5 above, in connection with the purposes set out in this Policy. Data might transfer outside of the country with Individual consent or request.
RETENTION OF PERSONAL DATA
Your Data processed for the purposes hereunder will be saved only to the extent necessary based on request or legal process requirements. If a judicial or disciplinary action is initiated, Your Data may be saved until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.
In principle, we will retain Your Data if required or permitted by applicable law. It will remove Personal Data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.
PROTECTION OF PERSONAL DATA
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In particular;
- We regularly review practices regarding personal data collection, storage, and processing to prevent unauthorized access to or tampering with our various systems and your personal data.
- Only allow EHDR employees and personnel of authorized service companies to access such personal data on a need-to-know basis, in order to process such personal data or provide relevant services to you. These employees and external personnel are subject to strict contractual confidentiality obligations. If they fail to perform these obligations, they may be held liable, and/or their relationship with EHDR may be terminated.
- We carefully select our business partners and service providers and ensure that they are sufficiently bound to protect personal data and will be subject to privacy audits and assessments.
- We conduct security and privacy protection training, testing, and other activities to enhance employee awareness of and proficiency in personal data protection.
- We do not encourage data to be transferred using an online network or the internet accept it requested. Although we will implement all reasonable measures to protect your Personal Data, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to us or to individuals using the internet – any such transmission is at your own risk.
YOUR STATUTORY RIGHT
Subject to applicable laws, individuals may have specific rights regarding their own personal data including the following rights below:
- The right to access- You may request access to the personal data we hold about you and information about its processing by contacting us using the “Contact Us” section.
- The right to rectification- If you find that the personal data, we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications and request the completion of your personal data where appropriate.
- The right of erasure- You have the right to request us to erase your personal data
- The right of processing restriction- You have the right to request the restriction of processing of your Personal Data, the respective data will be marked and may only be processed by us for certain purposes.
- The right to object- You have the right to object, on grounds relating to your situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data.
- The right of data portability- You have the right to receive the Personal Data concerning you, which you have provided to us in a structured, commonly used, and machine-readable format and you have the right to transmit that Personal Data to another controller.
If you wish to make a request, you can submit it through “Contact Us”.
In case of complaints, you also have the right to lodge a complaint with the competent supervisory authority, in the member state of your habitual residence or alleged infringement of the PDPC.
THIRD PARTY WEBSITES OR SOCIAL MEDIA
EHDR Services may contain links to third-party websites and services. You can choose whether to access websites or accept products and services provided by third parties such as Facebook, Instagram, LinkedIn, TikTok, and others, where you can view marketing or promotional information published by EHDR.
We do not control third-party privacy and data protection policies and do not accept any responsibility or liability for such policies. At the same time, such third parties are not bound by this Privacy Notice. Therefore, before submitting personal data to third parties, we strongly recommend that you refer to the privacy protection practices of such third parties.
The controllers in respect of whom this policy is issued are as follows:
|Country||Corporate Name||Registered Address|
|Singapore||Ever Higher Data Recovery Centre Pte Ltd||EPL Building #02-02, 1100 Lower Delta Road, 169206 Singapore|
|Malaysia||Ever Higher Data Recovery Centre Sdn Bhd||H-02-03, Komersil Southkey Mozek|
Persiaran Southkey 1, Kota Southkey
80150 Johor Bahru, Johor
D-11-05, Menara Suezcap 1 KL Gateway, Gerbang Kerinchi Lestari No 2, Jalan Kerinchi 59200 Kuala Lumpur
If you have questions or concerns regarding our Privacy Notice or practices, please submit your request email@example.com or you can also contact our data protection officer at:
H-02-03, Komersil Southkey Mozek
Persiaran Southkey 1, Kota Southkey
80150 Johor Bahru, Johor