This Policy applies to all operations and business units of Kärchem. To the extent any operations or business unit of Kärchem already has a data protection policy in place, this Policy shall supersede and replace any such policy.
Legal Services Department is responsible for the administration of this Policy and monitoring enterprise wide compliance
- PERSONAL DATA PROTECTION PRINCIPLES
3.1 General Principle
3.1.1 Kärchem will only process Personal Data in the manner set out below:
a) Processing of Personal Data will be for a lawful purpose directly related to the activity of Kärchem;
b) Processing of Personal Data must be necessary for or directly related to that purpose;
c) the Personal Data is adequate but not excessive in relation to that purpose; and
d) the Consent of the Data Subject must be obtained.
3.1.2 Kärchem is not responsible to obtain the Consent of the Data Subject where the Processing Personal Data is necessary:
a) for the performance of a contract to which the Data Subject is a party;
b) at the request of the Data Subject with a view to entering into a contract with the Data Subject;
c) for compliance with any legal obligation to which Kärchem is subject, other than an obligation imposed by a contract;
d) to protect the vital interests of the Data Subject;
e) for the administration of justice; or
f) for the exercise of any functions conferred on any person by or under any law.
3.1.3 Kärchem will only process Sensitive Personal Data:
a) with the consent of the Data Subject;
b) where Processing is necessary for any of the following purposes:
- for the performance of any right or obligation which is conferred or imposed by law on Kärchem in connection with employment;
- in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;
- for medical purposes;
- any legal proceedings;
- obtaining legal advice;
- establishing, exercising or defending legal rights;
- administration of justice;
- exercise of the functions conferred on any person by or under any written law;
- for any other purposes as the Minister thinks fit; or
- the information contained in the Personal Data has been made public as a result of steps deliberately taken by the Data Subject.
3.1.4 The Data Subject may withdraw his/her consent at any time and may attach any condition or limitation he/she believes to be appropriate.
3.1.5 It is Kärchem policy that Personal Data must be processed fairly and lawfully. Kärchem is responsible for collecting Personal Data only for specific, lawful, explicit and legitimate purposes, and for further processing of Personal Data consistent with those purposes.
3.1.6 It is Kärchem policy that Personal Data is adequate, relevant and not excessive to the purpose for which they are collected or further processed. Kärchem is responsible for making every reasonable effort to maintain such data accurately, provide reasonable means to correct, delete, or rectify any inaccurate data, and store such data for periods no longer than is necessary.
3.2 Notice and Choice Principle
3.2.1 Kärchem will inform the Data Subject of the following by email in a written notice as soon as practical:
a) that the Personal Data is being processed;
b) a description of the Personal Data;
c) the purpose of the collection of the Personal Data;
d) the source of the Personal Data;
e) the right of the Data Subject to request access and correction of the Personal Data;
f) classes of third parties to whom the Personal Data is / may be disclosed;
g) the choice and means of limiting the processing of Personal Data;
h) whether the supply of the Personal Data is obligatory or voluntary; and
i) the consequences of the Data Subject’s failure to supply the Personal Data.
3.3 Disclosure Principle
3.3.1 Kärchem will only disclose Personal Data:
a) to comply with any government agency notification requirements; and/or
b) for the purpose for which the Personal Data is processed.
3.3.2 Kärchem will not disclose the Personal Data for other purpose and to third parties unless with the Consent of the Data Subject.
3.4 Security Principle
3.4.1 Kärchem is responsible for taking prudent steps to safeguard the confidentiality and security of all Personal Data, including appropriate procedural, organizational and technical steps to protect personal data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with Kärchem instructions and incorporating Kärchem own data protection standards as a minimum.
3.4.2 Kärchem has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite Kärchem best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of Kärchem ability, access to Data Subject’s Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such information.
3.4.3 You are responsible for keeping the given password as confidential. We ask you not to share a password with anyone.
3.5 Retention Principle
3.5.1 Kärchem shall take all reasonable steps to ensure that:
a) Personal Data are retained only for so long as the information is necessary to comply with a Data Subject’s request or until that Data Subject request that the information be deleted according to Kärchem; and
b) the Personal Data is destroyed or permanently deleted, where possible, after the purpose is served.
c) The data that we collect from you will be transferred to, and stored at Germany and Ireland, a destination outside Malaysia Area.
d) It may also be processed by staff operating outside Malaysia Area who work for us or for one of our suppliers for a lawful purpose directly related to the activity of Kärchem.
3.6 Data Integrity Principle
Kärchem will ensure that the Personal Data is accurate, complete, not misleading and kept up-to-date, having regard to the purpose the data was collected and further processed.
3.7 Access Principle
3.7.1 Kärchem recognizes the right of Data Subjects to obtain without constraint at reasonable intervals and without excessive delay or expense:
a) confirmation concerning whether Kärchem, any representative or agent is holding or processing Personal Data relating to him or her;
b) information on the purpose(s) of the processing, the categories of data concerned, and the recipients or categories of recipients;
c) information in an intelligible form concerning the data relating to him or her being processed and the source of such data; and
d) information, as appropriate, concerning the logic underlying the data processing.
3.7.2 Further, Kärchem recognizes the Data Subject’s right to require, as appropriate, the correction, erasure or blocking of data whenever the processing of such data does not comply with applicable laws and regulations. Kärchem will alert, to the extent practicable, third parties to whom the Personal Data has been disclosed of any such correction, erasure or blocking.
3.7.3 A Data subject will be entitled to access his/her Personal Data that is being used by Kärchem by making a request in writing which will be complied within 21 days from date of receipt of such request.
- DATA COLLECTION, TRANSFER & PROCESSING
4.1 Kärchem is responsible for collecting, processing and transferring Personal Data in compliance with the PDP Act. Only in very limited and rare circumstances, will Kärchem disclose Personal Data to healthcare professionals, e.g. where the data subject’s health and well-being would otherwise be adversely affected and the Data Subject is unable to give formal consent.
4.2 It is Kärchem policy that except as allowed or required by the PDP Act, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, health or sex life or alleged commission of any offense not be processed and the collection and storage of such Sensitive Personal Data be particularly safeguarded. The Processing of the Sensitive Personal Data by Kärchem will be in the manner set out in Clause 3.1.3 of this Policy.
4.3 For Personal Data obtained directly from the Data Subject, Kärcher is responsible for informing the Data Subject of the identity of those controlling the Personal Data, the purpose for which the Personal Data is being collected and processed and any further information the Data Subject may need for fair processing. This same standard applies to Personal Data not obtained directly from the Data Subject, except as allowed by law for statistical purposes.
4.4 Kärchem is responsible for informing the Data Subject prior to any initial transfer or Processing of Personal Data for direct marketing purposes and, upon request, for blocking such action.
4.5 It is Kärchem policy not to transfer Personal Data to any entity, individual, or organization, particularly entities within third countries without adequate data protections, which does not meet the standards established by this policy without ensuring that:
4.5.1 the Data Subject has given his/her unambiguous consent;
4.5.2 the transfers are needed for the performance of a contract between the Data Subject and the third party or to implement a pre-contractual commitment made at the request of the Data Subject;
4.5.3 the transfers are needed for the conclusion or performance of a contract concluded in the interest of the Data Subject with a third party;
4.5.4 the transfers are needed to protect the vital interests of the Data Subject; or
4.5.5 the transfers are made from a register established pursuant to laws and regulations as being open
for consultation by members of the general public or by any person who can demonstrate a legitimate interest.
traffic analysis and anonymous demographic profiling so that Kärchem may improve its services.
5.2 Kärchem may use so called web beacons (or “pixel tags”) in connection with some websites. However, Kärchem do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve Kärchem services. Web beacons do not typically collect any other information than what Data Subject browser provides Kärchem with as a standard part of any internet communication. If Data Subject turn off cookies, the web beacon will no longer be able to track Data Subject specific activity. The web beacon may, however, continue to collect information of visits from Data Subject’s IP-address, but such information will no longer be unique.
* Kärchem reserves the right to change any portion of this Personal Data Protection Policy. Kärchem will announce such changes through its dedicated webpage www.karchem.com.my/my
* Kärcher is committed to protecting the Personal Data of any Data Subject. If you have questions or comments about Kärchem administration of Personal Data, please contact us at firstname.lastname@example.org or 03-61881011. You may also use the following address to communicate any concerns you may have regarding compliance with this Policy.