Last Updated: 4th September 2020

Plus Studio & Marketing Communication Sdn. Bhd. Privacy Policy for Customers, Vendors and Suppliers (“Privacy Policy”)

Plus Studio & Marketing Communication Sdn. Bhd. together with its subsidiaries, affiliates, related and associated companies (hereinafter collectively referred to as “Plus Studio” and any reference to “we”, “us” and “our” shall include any member of the Plus Studio) respect your right to privacy. This Privacy Policy explains how we collect, handle and process your personal information in accordance with the Personal Data Protection Act 2010 of Malaysia and how you can exercise your privacy rights.

Our Privacy Policy applies to all users of Plus Studio’s websites (hereinafter referred to as “Site”) and services. If you have any questions or concerns about our use of your personal information, then please contact us at hello@plusstudio.com.my.

What personal data we collect

Personal Data” means any information about an individual (or in the case of a third party as authorised by such third party within or outside of Malaysia) from which that person can be identified, which may include, but is not limited to, your name, NRIC number, passport number, contact details, financial and banking account details, occupation, citizenship, information in audio and/or video format (including voice, video recording, closed-circuit television (“CCTV“) or security recording), images (including photographs) and location tracking/global positioning system (“GPS“) information. It does not include data where the identity has been removed (anonymous data).

How we collect your personal data

Former, existing or potential customer or consumer (“Customer”):

We collect your personal data from you or third parties such as our authorised agents, dealers or representatives, your legal representatives, agents, credit reference agencies and/or your employer in any manner in connection with any transaction, arrangements and/or enquiries made with us when you send us completed enquiry, application and/or registration forms via various means, including online and physical hardcopies. Your personal data may also be collected from cookies through the use of our Site.

Vendor, supplier, tenant, contractor or service provider (“Supplier”):

We collect your personal data from you or third parties such as your employer, authorised agents or credit reference agencies when you perform any transactions or conduct any arrangements with us, including in connection with the supply or proposed supply of products or services, when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies. Your personal data may also be collected from cookies through the use of our Site.

Why we collect it

Your personal data is collected and further processed by us as required or permitted by law and to give effect to your requested commercial transaction, including the following:

Customer:

  • to assess and process your request for our products and services;
  • to establish your identity and background;
  • to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
  • to administer and communicate with you in relation to our products, services and/or events;
  • to process any payments related to our products and services requested by you;
  • to conduct credit reference checks and establish your credit worthiness, where necessary, in providing you with the requested products and services;
  • for insurance purposes;
  • to apply for relevant travel visas in the event of overseas travelling;
  • to operate our premises in a manner which is physically safe, secure and befitting of health and safety requirements;
  • for internal investigations, compliance, audit or security purposes including without limitation for crime detection, prevention and prosecution;
  • to conduct research for internal marketing analysis and analysis of customer patterns and choices;
  • to better manage our business and your relationship with us;
  • to respond to your enquiries and to resolve any issues and disputes which may arise in connection with any dealings with us;
  • to protect or enforce our rights under any agreements which we are a party to;
  • to transfer or assign our rights, interests and obligations under any agreement entered into with us;
  • to comply with our legal and regulatory obligations in the conduct of its business including to meet any disclosure requirements of any law binding upon us;
  • to contact you and/or provide you with information regarding our products, services, upcoming events, promotions, advertising, marketing and commercial materials which may be of interest to you;
  • to ensure that the contents on our Site are presented in the most effective manner for you and for your computer and/or device; and
  • for any other purpose that is required and permitted by any laws, regulations and guidelines including the requirements of any governmental or regulatory authorities.

Supplier:

  • to assess and process your credit account application;
  • to assess your credit worthiness and conduct credit reference checks;
  • to administer and give effect to your commercial transaction (such as tender award, contract for service, tenancy agreement);
  • to process any payments related to your commercial transaction;
  • for insurance purposes;
  • for internal investigations, compliance, audit or security purposes (including without limitation for crime detection, prevention and prosecution);
  • to better manage our business and your relationship with us;
  • to respond to your enquiries and to resolve any issues and disputes which may arise in connection with any dealings with us;
  • to protect or enforce our rights under any agreements that we are a party to;
  • to transfer or assign our rights, interests and obligations under any agreement entered into with us;
  • to comply with our legal and regulatory obligations in the conduct of its business including to meet any disclosure requirements of any law binding upon us;
  • to contact you and/or provide you with information regarding our products, services, upcoming events, promotions, advertising, marketing and commercial materials which may be of interest to you;
  • to ensure that the contents on our Site are presented in the most effective manner for your and for your computer and/or device.

Where we collect it

We may collect your Personal Data, for example, when you perform these actions, including but not limited to:

  • visit or use our Site, applications or social media channels,
  • purchase and use our products, services, web-based tools, mobile applications, systems,
  • subscribe to our newsletters,
  • provide to us your goods or services,
  • contact us via any communication tools,
  • join our events, and
  • participate in our contests, promotions and surveys or otherwise interact with us.

Your Personal Data will be collected from the following sources when you interact with our Sites:

Comments

When you leave a comment on our Site, we collect the data shown in the comment form, your IP address and the browser user agent string to help spam detection.

Video, image, audio or document (“Media”)

If you upload media to our Site, you should avoid uploading media with embedded location data (EXIF GPS) included. Visitors to the Site may download and extract any location data available from media on the Site.

Contact forms

If you leave us any message through the contact forms on our Site, we will use the information you provided, including but not limited to, your name, email, contact number, company details and website, to use the information provided in the contact forms to further contact you in order to provide the relevant products and/or services.

Registration

When you register for an account on our Site, you will have to complete registration and verification processes, which include providing us your Personal Data. You are solely responsible for the security of your login credentials and other account details (“Site Account Details”) on our Site and must not disclose your Site Account Details to anyone. If your Site Account Details have been compromised, you may reset your password via the corresponding Site. Alternatively, you may have your account deactivated by contacting us via the email provided above and we will remove your account on the selected Site for you.

Cookies

Cookies are text files containing small amounts of information downloaded to your computer or mobile device when you visit our Site. Cookies are then sent back to the originating site on each subsequent visit, or to another site that recognises that cookie. Cookies allow a site to recognise a user’s device. It also helps you navigate pages on a site, it remembers your preferences and generally improves your user experience. Cookies help ensure that the advertisements you see online are more relevant to you and your interests.

Sometimes we use web beacons or other technologies for similar purposes which are possibly included in marketing e-mail messages or our newsletters to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device but may work in conjunction with cookies to monitor site activity.

Refusal of cookies

When you use our Site, you agree that we can place cookies on your device as explained below. To remove existing cookies or block future cookies from your device, you can do so via your browser settings. When you review your browser settings or options, you can identify the cookies by the inclusion of “Plus Studio” in the name.

Remember that blocking or deleting cookies will impact your user experience as parts of the site may no longer work. Unless you modified your browser settings to block cookies, our system will issue cookies as soon you visit our Site, even if you have previously deleted our cookies.

Turning off cookies will also prevent any web beacons from tracking your user activity on our Site. The web beacon will still account for an anonymous visit but your unique information will not be recorded.

Embedded content from other websites

Certain articles on this Site may include embedded content including but not limited to videos, audio clips, images and articles. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

When you visit or interact with our Site, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

Specifically, the information we collect automatically may include but not limited to information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location), third party web pages accessed throughout your interaction with our Site and other technical information. We may also collect information about how your device has interacted with our Site, including the pages accessed, links clicked or content accessed.

Collecting this information enables us to better understand the visitors who come to our Site or interact with us, where they come from, and what content and functionality are of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Site to our visitors and users.

Some of this information may be collected using cookies, Google Analytics, and similar tracking technology.

Google Analytics

This feature sends page view’s events (and potentially video play events) over to Google Analytics for consumption. Please refer to the appropriate Google Analytics documentation for the specific type of data it collects.

How long we retain your data

We will retain your Personal Data only for as long as it is reasonably necessary in the circumstances and in compliance with our legislative and regulatory requirements.

The appropriate retention period of your Personal Data is determined by these criteria:

  • How long is the data needed to provide you with our products or services or to operate our business?
  • Do you have an account with us? In this case, we will keep your data while your account is active or for as long as needed to provide the services to you.
  • Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation, or protection against a possible claim.

What rights you have over your data

As much as we do our best to protect your Personal Data, please be reminded that it is your responsibility to ensure, to the best of your knowledge, that the data you provide us with, are accurate, complete and up-to-date.

Kindly contact us via the email address provided above if you would like to:

  • review, change or delete the data you have supplied us with (to the extent we are not otherwise permitted or required to keep such data);
  • object to certain data processing operations (e.g. opt out from marketing communications);
  • receive a copy of your data (in a common machine-readable format, to the extent it is required by applicable law); or
  • reach us for any enquiries pertaining to the usage, management and protection of your Personal Data.

This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Data Breach and Response Plan

We take your Personal Data seriously. All of our staff are trained on this Privacy Policy including the mitigation plan in case of data breach or leakage via an in-house seminar and online training on an annual basis, and completion of this training is compulsory. Data breaches may be caused by employees, parties external to the organisation, or computer system errors as defined, but limited to, below:

  • Human error including loss of computing devices, data storage devices, or paper records containing personal data, disclosing data to a wrong recipient, handling data in an unauthorised way, unauthorised access or disclosure of personal data by employees, improper disposal of devices containing personal data;
  • Malicious activities including hacking incidents / illegal access to databases containing personal data, hacking to access unauthorised data via the Site, theft of computing devices, data storage devices, or paper records containing personal data, scams that trick our staff into disclosing personal data of individuals; and/or
  • Computer system error including errors or bugs in any of our Site or failure of cloud services, cloud computing or cloud storage security / authentication / authorization systems.

All our staff have an obligation to report actual or potential data protection compliance failures. Should there be any case of data breach, we will:

  • Cease access to that resource of where the data breach occurs as soon as possible,
  • Investigate the failure and take remedial steps if necessary,
  • Keep our suppliers, vendors, clients, Site users, or any affected individuals informed of the data breach within 24 hours,
  • Notify our Board of Directors of any confirmed or suspected data breach immediately on the extent of the data breach, type and volume of data involved, cause or suspected cause of the breach, if the breach has been rectified or the rectification strategies, and/or other information available:
    • Cheah Teng Teng (tengteng@plusstudio.com.my)
    • Yap Yee Mei (yeemei@plusstudio.com.my)

However, we do not have to notify any individuals of whom anonymised data is breached if the data controller has implemented pseudo-anonymisation techniques like encryption along with adequate technical and organisational protection measures to the personal data affected by the data breach.

Our response plan to the data breach includes:

  • Confirm and contain the breach by shutting down or terminating any service of the compromised system to prevent further access to the system and data leakage, recovering the data loss, reset login credentials if they have been compromised or remove any accounts that have been compromised, and isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.
  • Assess risks and impact to gauge the extent of the data breach.
  • Report the incident to the affected individuals informed on the consequences and advise them on preventive measures to mitigate the data breach impact.
  • All staff to review the incident, evaluate the response and recovery to prevent similar breaches from occurring.

Everyone must observe this data breach and response plan in this Privacy Policy. We will review and monitor data breach and response plan to ensure it is effective, relevant, and adhered to. Failing to comply with any part of this Privacy Policy may lead to disciplinary action under our procedures which may result in dismissal.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to notify you via our Site or by such other means of communication we deem suitable, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.