PERSONAL DATA PROTECTION NOTICE

A. INTRODUCTION

SMFL Leasing (Malaysia) Sdn Bhd (Company No. 411449-X) and SMFL Hire Purchase (Malaysia) Sdn Bhd (Company No. 715689-U) (“SMFL”, “we”, “us” or “our”), respect and are committed to protecting your privacy. In line with the Personal Data Protection Act 2010 (“PDPA”), which regulated the processing of Personal Data in commercial transactions, we have formulated this Personal Data Protection Notice (“Notice”) to describe the manner in which we collect, use and process Personal Data which we obtain about you, either directly form you or through various means, which include but without limitation to:-

(i) the provision of your Personal Data to us through our website at http://www.smfl-global.com/malaysia/en/index.html (“Website”) and/or emails;

(ii) through our written or verbal communication with you, including through documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you;

(iii) through our communication, interaction and contact with you through other means, including that taking place at events, road shows, seminars, conferences and talks, either hosted by us or otherwise;

(iv) from relevant third parties, such as supplier, credit bureau, credit reference agency, credit reporting agency, rating agency, agency approved by Bank Negara Malaysia (“BNM”) or the Association of Hire Purchase Companies of Malaysia, insurance company, financial mediation bureau, General Insurance Association of Malaysia, Life Insurance Association of Malaysia, guarantor, security party, your employer, any regulatory agency; and

(v) from information available in the public domain.

For the purposes of this Notice, “Personal Data” means information in respect of commercial transactions which relates directly or indirectly to an individual as defined under the PDPA, including any sensitive Personal Data.

If you are reading this Notice on behalf of a company, business organisation or legal entity which maintains a commercial relationship with us, this Notice is intended to be addressed to the individual corporate officers (which may include but is not limited to authorised persons, authorised signatories, company secretaries, directors, shareholders and obligors of the company, business organisation or legal entity) (collectively, “Individuals”) and “you” shall be construed accordingly to include such Individuals.

The Personal Data which we collect and process about you may include but is not limited to the following:-

(i) general data: name, gender, date of birth, citizenship, marital status, identity card number, passport number, race, ethnic origin, medical details, employment history, information in audio and/or video format (including voice, voice recording, closed-circuit television (“CCTV”) footage and security recording), images (including photographs), religious beliefs, education background, language proficiency, salary records, performance evaluations, references, background reports, employee identification number, attendance records, training records and other personally identifiable information;

(ii) contact details: correspondence address, phone number, email address, emergency contact information and next-of-kin information;

(iii) financial information: bank account details, income tax records, information on financial standing, creditworthiness and results of credit checks; and

(iv) any such information as we deem necessary or appropriate from time to time in connection with your commercial relationship with us.

B. PURPOSES OF COLLECTION AND PROCESSING

Your Personal Data is collected and processed by us for purposes which are either directly or indirectly related to your commercial relationship with us, including but not limited to the following:-

(i) to assess, manage, maintain and process your accounts with SMFL;

(ii) to manage our relationship with you and to communicate with you as our new, existing, former or prospective customer;

(iii) to address queries and/or respond to your requests and/or comments;

(iv) to conduct credit checks and to assess, verify and monitor your background, financial standing and creditworthiness;

(v) to administer and communicate with you in relation to our accounts and other relevant payments, including but not limited to outstanding payments, etc.;

(vi) to provide you with on-going information on services offered by us, for example, by sending you brochures, pamphlets, newsletter, periodicals and promotional materials on such programmes and services which you may be interested into and contacting you with regards to such programmes, services or upcoming events in relation thereto;

(vii) to administer, engage and give effect to the commercial transaction;

(viii) to process any payment for charges and taxes related to the commercial transaction;

(ix) to determine eligibility and suitability for recruitment and selection, including the verification of references and qualifications;

(x) to administer and process pay and employee benefits (such as medical, pension and other benefits);

(xi) to administer and process employee work-related claims;

(xii) to establish and administer training and/or development requirements;

(xiii) to conduct performance evaluations and salary, bonus and other reviews;

(xiv) to determine performance requirements, monitor and address work performance issues;

(xv) to plan, implement and process promotions, succession planning, restructuring and transfers;

(xvi) to gather evidence on potential, alleged or suspected misconduct;

(xvii) to process resignation, termination or retirement;

(xviii) to establish a contact point in the event of an emergency;

(xix) to provide references on your behalf when you request us to do so;

(xx) to satisfy security, health and safety concerns involving you as our employee;

(xxi) to conduct internal business, risk management, cross-selling, marketing analysis, profiling activities, audit and security or internal investigations;

(xxii) for research purposes including historical and statistical purposes and analysis;

(xxiii) to comply with our legal, regulatory and/or governmental obligations in the conduct of our business;

(xxiv) to satisfy requirements of applicable laws and/or to abide by court orders;

(xxv) to obtain feedback in relation to the programmes and/or services offered by us;

(xxvi) for the planning and implementation of any corporate proposals, such as sale of business, sale of assets, mergers and acquisitions;

(xxvii) for the purposes of enforcing or defending our legal rights and/or obtaining legal advice;

(xxviii) for our internal records management or administrative purposes; and

(xxix) for any other purposes that are incidental or ancillary to or in furtherance to the above purposes.

Such Personal Data provided may be voluntarily given by you. However, if you do not provide your Personal Data or as a result of the withdrawal of your consent to our processing of your Personal Data in accordance with Section E below, we may not be able to communicate with you, process your accounts and/or provide you with information and/or services which you may require.

C. DISCLOSURE AND TRANSFERS OUTSIDE MALAYSIA

We may disclose your Personal Data to the following categories of third parties (who may be located within our outside Malaysia) for any of the purposes as set out in Section B above:-

(i) relevant government departments, agencies, statutory authorities and industry regulators, such as the Road Transport Department Malaysia (Jabatan Pengangkutan Jalan Malaysia), PUSPAKOM Sdn Bhd, Employee Provident Fund (“EPF”), Social Security Organisation (“SOCSO”), Inland Revenue Board of Malaysia (“LHDN”) and Malaysian Immigration Department (including the agencies appointed by the Malaysian Immigration Department);

(ii) foreign government departments, government agencies or authorities, such as the foreign embassies;

(iii) any of our related corporations and affiliates, including those established in the future or our business partners;

(iv) third parties vendors, contractors, agents and other third party service providers engaged by us to provide related services or products in connection with our business, such as contractors, event organisers, banks, insurance agencies or insurers, repossession agents, debt collection agents, electronic fund transfer facilitators, partners and printing companies;

(v) credit bureau, credit reference agency, credit reporting agency, rating agency, agency approved by BNM or the Association of Finance Companies of Malaysia or the Association of Hire Purchase Companies of Malaysia;

(vi) other third parties such as prospective employers;

(vii) governmental, legal and/or regulatory authorities in order to comply with legal or regulatory requirements, including any requirements relating to disclosures;

(viii) any other third party as may be required by applicable laws or court orders;

(ix) our auditors, legal advisers, consultants and other financial or professional advisers; and

(x) the general public by publishing your images, photographs, voice and video recording for publicity purposes (without payment or compensation).

Your Personal Data may also be transferred to locations outside Malaysia and may be stored in any server located within Malaysia or outside Malaysia, for any of the purposes as set out in Section B above.

If we are contacted by any organisation or institution, including banks and advocates and solicitors to verify your employment with us and your Personal Data thereto for commercial purposes, you consent to us verifying and disclosing the same.

D. RIGHT TO REQUEST ACCESS AND CORRECTION AND TO LIMIT PROCESSING

You may at any time submit to us any inquiries and/or complaints and/or request to make corrections or to limit our processing of your Personal Data by contacting our Personal Data Protection Officer by email at PDPO@smfl.com.my or by phone at +603-27100170 or by fax at +603-27100177 or by registered mail to be addressed to the Personal Data Protection Officer at Suite 16D, Level 16, Vista Tower, The Intermark No. 348, Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia. In general and subject to certain exemptions, you are also entitled as an individual under the PDPA, to request access to the Personal Data, including requesting for copies of the same, for which we may impose upon you the payment of a prescribed fee. Any data access requests can be made by contacting our Personal Data Protection Officer accordingly.

E. YOUR CONSENT

In any event that you do not approve or accept the terms of our use of your Personal Data in any of the ways which we have detailed out in this Notice, you may inform us by contacting our Personal Data Protection Officer, whose contact details are as specified above. For example, if you do not wish for us to provide you with information and/or to market our programmes and services to you, you may exercise your right to opt-out by contacting our Personal Data Protection Officer accordingly.

We will continue to handle and process your Personal Data in accordance with this Notice unless we hear otherwise from you.

If we do not receive any notification from you within a period of thirty (30) days from the date of our mailing of this Notice, we shall presume that you have approved our collection, use and processing of your Personal Data in accordance with this Notice. However, you may at any point withdraw your consent by way of written notice to our Personal Data Protection Officer. Please note however that withdrawal of consent given, whether in full or in part, shall only be effective after lapse of a reasonable time period in order to allow for such withdrawal to be processed, and shall be subject to any legal restriction and/or contractual conditions as may be applicable.

To the extent that you wilfully and voluntarily disclose to us any personal information, whether or not failing within the definition of Personal Data above, of any individual, we shall assume, without independent verification, that you have obtained consent of such individual for the disclosure as well as the processing of their personal information in accordance with the terms of this Notice.

F. CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA

We are committed in maintaining the security of your Personal Data and have taken reasonable steps and measure to prevent unauthorised access, disclosure, loss or theft of information in both physical and electronic environment.

We employ reasonable security measures and technologies, such as password protection, encryption, physical locks etc., to ensure the confidentiality and security of your Personal Data. We have also taken appropriate measures to provide employees who handle and process your Personal Data with appropriate training and awareness programmes to ensure that they are fully aware of their responsibilities with regards to data protection. Where we have chosen to employ third party processors to manage our systems and data or to provide such third party processors with such data, such third party processors have been required by us to be bound by contractual undertakings which include giving sufficient guarantees in respect of the technical and organisational security measures governing their processing of such Personal Data.

The transmission of Personal Data via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted via the Website or any other electronic channel. Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

G. REVISION, AMENDMENTS AND CONFLICT

We may revise, update, modify or amend the terms of this Notice at any time without prior notice to you, by placing the updated version of it on the Website. By continuing to use our Website and continuing your relationship with us without any written objection following such revision, modification or amendment of this Notice, you are deemed to accept such revisions, modifications or amendments. You are advised to check this Notice on a regular basis from time to time.

This Notice is issued in both English and Bahasa Malaysia. In the event of any inconsistency between the English version and the Bahasa Malaysia version, the terms of the English version shall prevail.

H. INTERNET PROTOCOL (IP) ADDRESS, USE OF COOKIES AND EXTERNAL LINKS

We use cookies on this Website. Cookies are unique identifiers placed on your computer or other device by a web server, which contains information that can later be read by the server that issued the cookie to you. The information collected (including but not limited to your IP addresses, domain names, browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed and durations of visit) will be used for compiling aggregate statistics on how our visitors reach and access our Website to help us understand how we can improve your experience on it. Such data shall only be used for website enhancement and optimisation purposes. The cookies also enable our Website to remember you and your preference and tailor the Website for your needs accordingly. Most web-browsers are customarily set up to accept cookies. If you do not want to receive cookies, you can disable this function in your browser settings. However, by doing so, you may not be able to fully enjoy the benefits of our Website and certain features may not be in proper working order.

The Website may contain hyperlinks to websites and external resources maintained by external parties. Such websites and external resources may not operate under the privacy terms and conditions of this Notice. You are advised to check the privacy terms and conditions of those website and external resources to understand their policies on collection, usage and processing of your Personal Data.

Updated on: 17 November 2017