SCOPE AND PURPOSE

This policy applies to the processing of customer personal data by the APPROVED GROUP INTERNATIONAL (referred to as “AGI“ or “we”).

The purpose of this policy is to provide our current, former and potential customers (jointly referred to as “customers” or you) with a general understanding of:

  • The circumstances under which we collect and process your personal data;
  • The types of personal data we collect;
  • The reasons for collecting your personal data; and
  • How we handle your personal data.

 

COMMITMENT

The processing of your personal data forms an important part of our provision of products and services to you. We appreciate the trust you place in us when providing us with your personal data, and consider your privacy an essential part of the services we offer.

In order to safeguard your personal data while increasing the customer value and offering enhanced and safer driving experiences, we adhere to the following five general principles. 

 

FREEDOM OF CHOICE

Your personal data belongs to you. We strive not to make any assumptions regarding your privacy preferences and aim to design our services so that you can choose whether to share your personal data with us.

 

BALANCE OF INTERESTS

Where the processing of your personal data is necessary for the pursuit of a legitimate interest, and where this interest outweighs the need to protect your privacy, we may process certain personal data without obtaining your express consent. For more information, see the “Consent” section below.

We will assess whether such a legitimate interest exists based on the potential benefits to (including the safety of) our customers and the general public.

 

PROPORTIONALITY

AGI endeavours to only process customer personal data that is adequate, relevant and not excessive in relation to the purpose for which it has been collected.

We aim to anonymize your personal data when a function or service can be achieved with anonymized data. If we combine anonymized or non-personal data with your personal data, it will be treated as personal data for as long as it remains combined.

 

TRANSPARENCY

On request, AGI will provide customers with further information regarding our processing of your personal data, which may include excerpts from internal directives and guidelines.

 

LEGAL COMPLIANCE

It is AGI’ policy to comply with the applicable laws, rules and regulations governing privacy and data protection in each and every country where we operate. Where necessary, we will adjust our processing of your personal data as described in this policy to ensure legal compliance.

 

HELPFUL DEFINITIONS

The following terms, used throughout this policy, have the meanings set out in EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Accordingly:

“Data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

“Data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; and

“Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

 

DATA COLLECTION

You may provide us with information about you or your business when utilizing AGI services in or outside a business or in other contacts with AGI, for example through our websites or through customer services. Such data (“Customer-provided personal data”) may include:

  • Your contact information (name, address, telephone number, email address, etc.);
  • Demographic information (age, marital status, household composition, etc.);
  • Business information (business registration number, date of purchase, service history, etc.);
  • Location data generated by your activities (navigation assistance, search queries, location sharing, etc.); and
  • Data pertaining to your purchase and use of our products and services (customer preferences and settings, purchase history, etc.).

 

NOTICE

Where reasonably practical or as required by applicable law, we will, in collecting or registering your personal data, provide you with (i) specific information as to the purposes of the processing of your personal data, (ii) the identity of the data controller, (iii) the identities of any third parties to whom the data may be disclosed and (iv) other information which may be necessary to ensure that you are able to safeguard your rights.

 

CONSENT

Where reasonably practical or as required by applicable law, we will obtain your consent prior to collecting or using your personal data. The request for your consent will be clear and provide you with a reasonable basis with which to make your decision. Your consent could always be revoked, for example by terminating a particular service or contacting AGI at the address indicated in the “Information and Access” section below.

Data Use

The personal data which AGI collects about you and the business will be used:

  • To provide you with products and services, including to verify your eligibility for certain purchases and services as well as to offer you enhanced offers and experiences;
  • To inform you of updates to, or changes in, our products and services, including but not limited to changes to our terms and conditions and policies;
  • To inform you of new products, services and events;
  • To provide business support and services (warranty service, recall information, etc.);
  • For product development purposes, for example to improve business performance, quality and safety;
  • To evaluate and improve our offering to and communication with customers; and
  • To comply with legal requirements.
  • For most processing acts, you are able to opt out of our use of your personal data by updating your preferences, terminating a particular service, revoking your consent to the processing by contacting AGI at the address indicated in the “Information and Access” section below or as otherwise instructed by us. However, and unless otherwise follows from applicable law, you may generally not opt out of the processing of your personal data:
  • In relation to certain acts of collection and further processing of your Business-recorded data (see the “Consent” section above);
  • Which we perform in order to send you important notices, such as changes to our terms and conditions and policies or in case of product recalls; and
  • Which we perform in order to comply with our legal obligations.

 

RETENTION

We will only retain your personal data for as long as it is necessary to fulfil the purposes outlined in this policy or the purposes of which you have otherwise been informed.

This means that once you have consented to our processing of your personal data, we will retain your data in accordance with the consent given and/or until you revoke your consent. If you have revoked your consent, we may nevertheless retain certain personal data for the period required in order for us to meet our legal obligations and defend ourselves in legal disputes. If we have not obtained your consent to the processing, the data will only be retained for as long as such a period of time as permitted by law.

 

DATA QUALITY

Where we process your personal data, we strive to ensure that it is accurate and up-to-date. We will seek to erase or rectify personal data that is inaccurate or incomplete. For more information regarding your right to ensure the accuracy of your personal data held by us, please see the “Information and Access” section below.

 

INFORMATION AND ACCESS

As stated in the “Notice” section above, we may provide you with specific information concerning our processing of your personal data when collecting or registering such data.

Once per year you have the right to request, and receive free of charge, information on (i) what personal data relating to you we process, (ii) where the personal data is collected, (iii) the purpose of the processing, and (iv) with which recipients or categories of recipients the personal data is shared. Requests for such information must be made in writing and be personally signed by you, and include information on name, address and, preferably, your e-mail address. You also have the right to request that we correct, block or delete any incorrect data relating to you. Requests should be sent to: APPROVED GROUP INTERNATIONAL SDN BHD, Attention: The Data Protection Officer, address 6, Jalan DBP 3, Dolomite Business Park, 68100 Batu Caves, Selangor Darul Ehsan, Malaysia.

Your requests will be dealt with in a prompt and proper manner. Requests to delete personal data will be subject to any applicable legal requirements. Where the applicable law provides for an administrative fee for complying with such a request, such a fee may be charged by APPROVED GROUP INTERNATIONAL SDN BHD.

In addition, you may be able to access an overview of certain Customer-provided personal data held by AGI, and correct or update your information, by writing to our Data Protection Officer.

 

SECURITY

AGI strives to implement appropriate technical and organizational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

 

DISCLOSURES TO THIRD PARTIES

AGI may share your personal data:

  • Between AGI entities;
  • With AGI authorized representatives, for the purpose of distributing product and service offers and other communications to you;
  • With suppliers providing services to AGI in accordance with data processing agreements (as required by law);
  • With other business partners for the purpose of distributing product and service offers and other communications to you or for research and development purposes;
  • In connection with the sale or transfer of a AGIs’ entity or its assets;
  • As required by law, for example in connection with a government inquiry, dispute or other legal process or request; and
  • When we, in good faith, believe that disclosure is necessary in order to protect our rights, for example in order to investigate potential violations of our terms and conditions or to detect, prevent or disclose fraud or other security issues.
  • A AGIs’ entity being the data controller of your personal data will, as a general rule, only disclose your personal data to a third party if it has received your consent to do so. However, we may share your personal data without your consent, unless we consider your consent necessary in the individual case or your consent is required by law, in the following situations:
  • Business-recorded data which is processed for other purposes than ensuring or developing our products and services or in order to manage our legal obligations;
  • Transfers of your personal data between AGI entities;
  • Transfers of your personal data to suppliers providing services to AGI internally;
  • Situations in which disclosure is required by law, and
  • Situations in which disclosure is necessary for the purpose of a legitimate interest pursued by AGI (for example in order to protect our legal rights, as described above).

When disclosing your personal data to third parties, or between AGI entities, we will assess whether the disclosure requires additional protective measures (for example, where a cross-border transfer of personal data may occur).

 

DATA PROCESSING ON OUR BEHALF

We restrict access to your personal data to AGIs’ employees and suppliers who need to use the information in order to process it on our behalf, and who are contractually required to keep your personal data secure and confidential. We aim to choose the option for data processing services that best safeguards the integrity of your personal data towards any third party.

 

MARKETING

We will not sell or trade your personal data with third parties unless we have your consent to do so.

We will not share your personal data with third parties for their marketing purposes, unless we have received your consent for such disclosures. If you have provided such consent, but wish to stop receiving marketing materials from a third party, please contact that third party directly.

We may provide you with information regarding new products, services, events or similar marketing activities. If you wish to unsubscribe to a particular e-mail newsletter or similar communication, please follow the instructions in the relevant communication. You may also write in to us to opt out of specific types of communication from AGI and to change previously submitted preferences.

 

WEBSITES AND COOKIES

Each AGI website which is open to our customers includes an online privacy statement and information concerning our use of cookies. For certain countries there is also an online procedure for accepting or declining cookies. For more information regarding our use of cookies, please see https://www.approvedgroupinternational.com/ legal/cookies.

We encourage you to review and consider the applicable statements and information when visiting our websites.

Changes

AGI reserves the right to amend this policy from time to time. The date of the last modification is stated at the end of this document. If we make any changes to this policy and to the way in which we use your personal data, we will provide an updated version of this policy.