SCOPE AND PURPOSE
This policy applies to the processing of customer personal data by the APPROVED GROUP INTERNATIONAL (referred to as “AGI“ or “we”).
The purpose of this policy is to provide our current, former and potential customers (jointly referred to as “customers” or you) with a general understanding of:
The processing of your personal data forms an important part of our provision of products and services to you. We appreciate the trust you place in us when providing us with your personal data, and consider your privacy an essential part of the services we offer.
In order to safeguard your personal data while increasing the customer value and offering enhanced and safer driving experiences, we adhere to the following five general principles.
FREEDOM OF CHOICE
Your personal data belongs to you. We strive not to make any assumptions regarding your privacy preferences and aim to design our services so that you can choose whether to share your personal data with us.
BALANCE OF INTERESTS
Where the processing of your personal data is necessary for the pursuit of a legitimate interest, and where this interest outweighs the need to protect your privacy, we may process certain personal data without obtaining your express consent. For more information, see the “Consent” section below.
We will assess whether such a legitimate interest exists based on the potential benefits to (including the safety of) our customers and the general public.
AGI endeavours to only process customer personal data that is adequate, relevant and not excessive in relation to the purpose for which it has been collected.
We aim to anonymize your personal data when a function or service can be achieved with anonymized data. If we combine anonymized or non-personal data with your personal data, it will be treated as personal data for as long as it remains combined.
On request, AGI will provide customers with further information regarding our processing of your personal data, which may include excerpts from internal directives and guidelines.
It is AGI’ policy to comply with the applicable laws, rules and regulations governing privacy and data protection in each and every country where we operate. Where necessary, we will adjust our processing of your personal data as described in this policy to ensure legal compliance.
The following terms, used throughout this policy, have the meanings set out in EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Accordingly:
“Data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
“Data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; and
“Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
You may provide us with information about you or your business when utilizing AGI services in or outside a business or in other contacts with AGI, for example through our websites or through customer services. Such data (“Customer-provided personal data”) may include:
Where reasonably practical or as required by applicable law, we will, in collecting or registering your personal data, provide you with (i) specific information as to the purposes of the processing of your personal data, (ii) the identity of the data controller, (iii) the identities of any third parties to whom the data may be disclosed and (iv) other information which may be necessary to ensure that you are able to safeguard your rights.
Where reasonably practical or as required by applicable law, we will obtain your consent prior to collecting or using your personal data. The request for your consent will be clear and provide you with a reasonable basis with which to make your decision. Your consent could always be revoked, for example by terminating a particular service or contacting AGI at the address indicated in the “Information and Access” section below.
The personal data which AGI collects about you and the business will be used:
We will only retain your personal data for as long as it is necessary to fulfil the purposes outlined in this policy or the purposes of which you have otherwise been informed.
This means that once you have consented to our processing of your personal data, we will retain your data in accordance with the consent given and/or until you revoke your consent. If you have revoked your consent, we may nevertheless retain certain personal data for the period required in order for us to meet our legal obligations and defend ourselves in legal disputes. If we have not obtained your consent to the processing, the data will only be retained for as long as such a period of time as permitted by law.
Where we process your personal data, we strive to ensure that it is accurate and up-to-date. We will seek to erase or rectify personal data that is inaccurate or incomplete. For more information regarding your right to ensure the accuracy of your personal data held by us, please see the “Information and Access” section below.
INFORMATION AND ACCESS
As stated in the “Notice” section above, we may provide you with specific information concerning our processing of your personal data when collecting or registering such data.
Once per year you have the right to request, and receive free of charge, information on (i) what personal data relating to you we process, (ii) where the personal data is collected, (iii) the purpose of the processing, and (iv) with which recipients or categories of recipients the personal data is shared. Requests for such information must be made in writing and be personally signed by you, and include information on name, address and, preferably, your e-mail address. You also have the right to request that we correct, block or delete any incorrect data relating to you. Requests should be sent to: APPROVED GROUP INTERNATIONAL SDN BHD, Attention: The Data Protection Officer, address 6, Jalan DBP 3, Dolomite Business Park, 68100 Batu Caves, Selangor Darul Ehsan, Malaysia.
Your requests will be dealt with in a prompt and proper manner. Requests to delete personal data will be subject to any applicable legal requirements. Where the applicable law provides for an administrative fee for complying with such a request, such a fee may be charged by APPROVED GROUP INTERNATIONAL SDN BHD.
In addition, you may be able to access an overview of certain Customer-provided personal data held by AGI, and correct or update your information, by writing to our Data Protection Officer.
AGI strives to implement appropriate technical and organizational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
DISCLOSURES TO THIRD PARTIES
AGI may share your personal data:
When disclosing your personal data to third parties, or between AGI entities, we will assess whether the disclosure requires additional protective measures (for example, where a cross-border transfer of personal data may occur).
DATA PROCESSING ON OUR BEHALF
We restrict access to your personal data to AGIs’ employees and suppliers who need to use the information in order to process it on our behalf, and who are contractually required to keep your personal data secure and confidential. We aim to choose the option for data processing services that best safeguards the integrity of your personal data towards any third party.
We will not sell or trade your personal data with third parties unless we have your consent to do so.
We will not share your personal data with third parties for their marketing purposes, unless we have received your consent for such disclosures. If you have provided such consent, but wish to stop receiving marketing materials from a third party, please contact that third party directly.
We may provide you with information regarding new products, services, events or similar marketing activities. If you wish to unsubscribe to a particular e-mail newsletter or similar communication, please follow the instructions in the relevant communication. You may also write in to us to opt out of specific types of communication from AGI and to change previously submitted preferences.
WEBSITES AND COOKIES
We encourage you to review and consider the applicable statements and information when visiting our websites.
AGI reserves the right to amend this policy from time to time. The date of the last modification is stated at the end of this document. If we make any changes to this policy and to the way in which we use your personal data, we will provide an updated version of this policy.