Personal Data Protection Policy
At Universiti Tenaga Nasional (“UNITEN”), and our subsidiaries, we are committed to protecting your privacy in accordance with the Personal Data Protection Act 2010 of Malaysia (“PDPA”).
This Policy explains:
- the type of personal data we collect and how we collect it
- how we use your personal data
- the parties that we disclose the personal data to; and
- the choices we offer, including how to access and update your personal data.
Personal Data We May Collect from You
We may collect the following personal data about you:
- personal information to establish your identity and background such as your full name, passport or identity card number, nationality and religion
- contact information such as mailing address, telephone number, mobile phone number, fax number and email address
- payment information such as your debit or credit card information, including the name of cardholder, card number, mailing address, expiry date and other bank account details
- sensitive information such as your racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership. We do not generally collect sensitive information unless it is necessary due to exceptional circumstances to serve you better and meet your particular needs
- recording of your image via CCTV cameras installed at our campuses, branches or premises
- recording of your photograph during any of our corporate events, or third party events
- recording of calls placed by you to our customer services
- function or post when you commence a business relationship with us
- resume or CVs when you apply job with us
For general web browsing although no personal data is revealed to us, certain technical and statistical information is available to us via our internet service provider such as cookies, your IP address, the time, date and duration of your visit. If you provide us with any personal data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such personal data to us, you represent to us that you have obtained the consent of the third party to provide us with their personal data for the purposes as listed below.
How We Collect Your Personal Data
We may collect personal data either from you, from your authorized representatives, from third parties, or from publicly available sources which may include (but is not limited to):
- when you register for our services (for example when you submit an application form to become our customer)
- when you contact us in person, by a phone call or over the counter (for example when you contact us for any enquiries, complaints, comments or feedbacks, we may keep record of that correspondences)
- when you participate in any surveys, questionnaires, competitions, contests, offers, or promotions done internally or via an appointed third party
- when you commence a business relationship with us (for example, as a service provider, or business partner)
- when you visit any of our campuses, branches or premises
- when you attend any of our corporate events or third party open day
- when you visit or browse our websites
- when you apply job with us
- when you interact with us via social media or interactive applications including but not limited to Facebook, Twitter and Instagram
- when we collect information about you from third parties we dealt with or are connected with you (payment collector, credit reporting agencies or financial institutions)
- from such other sources where you have given your consent for the disclosure of personal data relating to you, and/or where otherwise lawfully permitted.
Use of Personal Data Collected
You agree that we may use your personal data where permitted by applicable law and for the following purposes:
- to verify your identity
- to manage and maintain your contract/agreement with us
- to notify you about benefits and changes to the services
- to provide and improve our services to you including fulfilling audit requirements and facilitating payments
- to carry out your instructions or to respond to any enquiries, complaints, comments or feedbacks that you have submit to us
- to protect or enforce our rights to recover any debt owing to us
- to compile information for analysis and in reports for relevant regulatory authorities
- to transfer or assign our rights, interests and obligations under any of your agreements with us
- to update, consolidate and improve the accuracy of our records
- to administer services, competitions, contests, offers, or promotions to you
- to produce data, reports and statistics which have been anonymised or aggregated in a manner that does not identify you as an individual
- to conduct research for analytical purposes including but not limited to data mining and analysis of your transactions with us
- to assess financial and insurance risks
- to conduct surveys, questionnaire, and provide you with information from us or which we feel may interest you, where you have consented to be contacted for such purposes
- to engage in business transactions in respect of services to be offered and provided to you
- to comply with any legal or regulatory obligations under the applicable laws, regulations, guidelines or codes of practice that applies to us
- for internal management of the services being provided to you
- to maintain records required for security, claims or other legal purposes
- to provide training for our staff
- to conduct marketing and information technology activities (for example, market research)
- to persons who have been identified as being you or your authorised representative(s) pursuant, for the purpose of the relevant transaction or enquiry or research or administrative or alumni or communication or for our corporate governance.
- to third parties with whom we have contracted to provide services to us (such as analysis on our behalf) for any of the purposes described above. Where we disclose your personal data to third parties we shall ensure that such data is used only to provide services to us
- for any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities.
With Whom We Share Your Personal Data
As a part of providing you with our services and the management or operation of the same, we may be required or need to disclose information about you to the following third parties:
- federal or state government
- law enforcement agencies
- government agencies
- our regulator
- companies or organisations that act as our agents, contractors, service providers or professional consultant
- companies or organisations that assist us in processing and/or otherwise fulfilling transactions and providing you with services that you have requested
- our business associates and other parties for purposes that are related to the purpose of collecting and using your personal data
- other parties in respect of whom you have given your express or implied consent
- any credit reporting agencies or in the event of default, any debt collection agencies subject to the permitted law applicable to us.
If Personal Data Provided by You Is Incomplete
Where indicated in our application or registration forms manually or electronically, it is obligatory to provide your personal data to us to enable us to process your application for our services. Should you fail to provide a complete and obligatory personal data, we may not be able to process your application or provide you with our services.
Your Rights to Access and Correct Your Personal Data
We can assist you to access and correct your personal data held by us. Where you wish to have access to your personal data in our possession, or where you are of the opinion that such personal data held by us is inaccurate, incomplete, misleading or not up-to-date, you may make a request to us via written request to us via our Compliance Officer at firstname.lastname@example.org.
How Long We Will Keep Your Personal Data
We will retain your personal data in compliance with this Policy and/or the terms and conditions of your agreement(s) with UNITEN or its subsidiaries for the duration of your relationship with us, for such period as may be necessary to protect the interests of UNITEN or its subsidiaries and/or its customers as may be deemed necessary, where otherwise required by the law and/or where required by UNITEN’s or its subsidiaries’ s relevant policies.
How We Protect and Safeguard Your Personal Data
We endeavour to take all reasonable steps to protect your personal data and keep your personal data secured. This includes following our security procedures (like checking your identity when you call us). Our site may link to other websites and we are not responsible for their data policies, procedures or their content.
Transfer of Your Personal Data Outside Malaysia
Any personal data, which you volunteer to us, will be treated with the highest standards of security strictly in accordance with the PDPA. It may be necessary for us to transfer your personal data outside Malaysia if any of our service providers or business partners are involved in providing part of a services are located in countries outside Malaysia. You consent to us transferring your personal data outside Malaysia in these instances. We shall take reasonable steps to ensure that any such service providers or business partners are contractually bound not to use your personal data for any reason other than to provide the services they are contracted by us to provide and to adequately safeguard your personal data.
By submitting your personal data, you consent to the use of that personal data as set out in this Policy. If we change our Policy, we will publish the amended version on this page. But you can email or write to us to ask for a copy. Continued use of the service will signify that you agree to any such changes.
Our Contact Details
UNITEN or its subsidiaries is committed to protecting your personal data. If you have questions or comments about UNITEN’s administration of personal data you may contact us at email@example.com or call us at +603-8921 2020.
If you have any questions, comments or suggestions regarding this Policy, we would be glad to hear from you. Please contact our TNB Data Protection Officer at firstname.lastname@example.org.