SmartCore Digital Sdn. Bhd. is committed to protecting the privacy of personal data that it processes. The purpose of this policy is to establish the roles and responsibilities of senior management, employees, and staff in respect of processing personal data, and to outline the measures that the Company (SCD) takes to protect personal data.
Roles and Responsibilities
Senior Management: The senior management of the Company is responsible for ensuring that this policy is implemented effectively throughout the organization. They will designate a Data Protection Officer (DPO) who will oversee the compliance with the policy.Data Protection Officer/Committee: The DPO/Committee will be responsible for monitoring compliance with this policy, providing training to staff on the handling of personal data, conducting audits, and responding to data subject requests. The DPO/Committee will also act as the main point of contact for data protection issues and liaise with regulatory authorities as necessary.
Employees and Staff: All employees and staff have a duty to comply with this policy and any other policies and procedures that relate to personal data. They should ensure that personal data is processed lawfully, fairly, and in a transparent manner.
Processing and Handling of Personal Data
The Company will only process personal data for specific purposes and will ensure that personal data is adequate, relevant, and not excessive. The Company will also take reasonable steps to ensure that personal data is accurate and kept up to date.
Customer Data: Customer data will be collected and processed for the purposes of providing services to customers. This data will be kept confidential and only disclosed to third parties where it is necessary for the provision of the services.Employee Data: Employee data will be collected and processed for the purposes of employment, such as payroll and human resources. This data will be kept confidential and only disclosed to third parties where it is necessary for the provision of employment benefits.
Third Parties’ Data: Third parties’ data will only be collected and processed where it is necessary for the provision of services. The Company will take reasonable steps to ensure that third parties’ data is accurate and kept up to date.
Technical and Organizational Security Measures
The Company will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures will include but are not limited to, firewalls, antivirus software, access controls, and staff training.
Handling Transfers of Personal Data to Third Parties
The Company will only transfer personal data to third parties where it is necessary for the provision of services, and where the third party is subject to data protection laws that are equivalent to or stronger than those in Malaysia. The Company will ensure that appropriate safeguards are in place to protect personal data when it is transferred outside Malaysia.
Responding to Data Subjects’ Rights
Data subjects have the right to access and correct their personal data. The Company will respond to data subject requests promptly and within the timeframes set out in the applicable data protection laws. The DPO/Committee will be responsible for handling data subject requests.
Data Storage Periods
Personal data will only be kept for as long as it is necessary to achieve the purposes for which it was collected. The Company will review its data retention policies regularly and delete personal data that is no longer required.
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
The Company is committed to complying with the applicable data protection laws in Malaysia and protecting the privacy of personal data. This policy sets out the measures that the Company takes to ensure that personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organizational measures are in place to protect personal data from unauthorized access, disclosure, alteration, or destruction.