We comply with the Personal Data Protection Act 2010. This Personal Data Protection Notice (“Notice”) informs you how we use your personal data based on the following guiding principles:
This Notice applies generally to all products and services provided by Pos Malaysia (consisting of Pos Malaysia Berhad and all its subsidiaries and related corporations including but not limited to PSH Express Sdn Bhd, Datapos (M) Sdn Bhd, Digicert Sdn Bhd, Pos Ar-Rahnu Sdn Bhd, Effivation Sdn Bhd, PSH Properties Sdn Bhd, PMB Properties Sdn Bhd, Real Riviera Sdn Bhd, Pos Malaysia & Services Holdings Berhad, PSH Capital Partners Sdn Bhd, PSH Venture Capital Sdn Bhd and Pos Aviation Group).
There may however be occasions where a different data protection notice will be applicable for a specific transaction, and we will notify you accordingly. Please read the terms of this Notice carefully before furnishing us with your personal data. By furnishing us with your personal data or by continuing to use our products or services, you are indicating to us that you agree and consent to the terms and conditions of this Notice.
In respect of personal data of any Third Party Individual (defined below), you warrant that you have obtained the relevant consent from the Third Party Individual to furnish his/her personal data to Pos Malaysia and for Pos Malaysia to process such personal data. You further warrant and undertake to furnish a copy of this Notice to the Third Party Individual before providing Pos Malaysia with that Third Party Individual’s personal data.
How we collect your personal data
Directly from you. We collect personal data that you provide to us when you use any of our products, services, and website(s) or when you deal with us. This includes information that you provide:
When you use our website. We may collect some information automatically when you access our website(s) including:
From third parties. We may ask third parties for personal data about you, for example, when we acquire third party marketing lists, or get authorisation for a payment you make using a credit or debit card, or to complete a credit or fraud check.
Corporate entities. Where we transact or contract with a corporate entity, that corporate entity may provide us with your personal data in connection with a transaction or contract. That corporate entity is responsible for obtaining your consent for disclosure of your personal data to us.
What personal data we collect
In this Notice, personal data means data we hold about you from which your identity is apparent or can be reasonably determined. This includes:
Why we collect your personal data
Who sees your personal data
Your personal data may be used by all the companies within Pos Malaysia and DRB HICOM Berhad’s related group of companies. Who sees your personal data depends on the context in which you provided it and the purpose for which it is being used (Please see the section entitled “Why we collect your personal data”).
Your personal data may be disclosed or transferred to a third party. This may include outsourcing any of our business operations or functions to any third party within or outside Malaysia. We may do this for the following reasons:
We will only deal with third parties whom we trust will act in your best interest and will treat your personal data with similar security controls that we apply ourselves.
Where we store and process your personal data
We generally store and process your personal data within Malaysia. However, the personal data that we collect about you may be processed in, transferred to, or stored at a destination outside of Malaysia. By filling in our manual forms, using our website(s) or when you contact or deal with us directly, you agree to this processing, transfer or storage outside Malaysia. We will take reasonable steps to ensure that your personal data is treated securely and in accordance with this Notice even when your personal data is processed in, transferred to, or stored at a destination outside Malaysia.
How long we keep your personal data
This depends on the context in which you provided your personal data and the purposes for which we use it. Your personal data will be retained for as long as it is reasonably necessary for such purpose (Please see the section entitled “Why we collect your personal data”), or for such period as may be necessary to protect our legal interest.
We will keep your personal data:
Your rights to access and correct personal data
In relation to our manual forms, you may access, correct or update your personal data by filling in the Personal Data Access Request Form or Personal Data Correction Form. These forms are available at www.pos.com.my or if you contact our Compliance Department (please see the section entitled “Enquiries”) and we will endeavour to comply with your instructions within 21 days of receiving your completed form and the prescribed processing fee.
In relation to personal data provided to us through our website(s), you can access the information at the [‘Edit Your Profile’] page (if any) or contacting our Compliance Department. You can also use this profile page to change or delete this information including the consent you have given us (Please see the section below entitled “Important information about opting-out”) and we encourage you to do so in order to ensure that the personal data we hold about you is up-to-date. Your personal data can be deleted from the website(s)'s database by accessing the option for 'My profile' once you have logged on to the website(s). Here you can select to delete your account and cancel your registration with us. This however will not delete your personal data that: (i) was not collected through our website(s); (ii) which we need to continue to hold for the purposes specified above under the section entitled “How long do we keep your personal data”; or (iii) is on third party database not under our control.
In relation to personal data provided to us to use through our website(s), you can fill in the relevant forms which are available online on our website(s) to request for access or to correct your personal data.
You can request details of all the personal data that we hold about you, by contacting our Compliance Department. Our Compliance Department will send you the Personal Data Access Request Form and/or Personal Data Correction Form which you should complete and return to them.
The charges for personal data access services are as follows:
These charges may be revised from time to time.
The contact details of the Compliance Department are set out in the section entitled “Enquiries” below. Your right to access your personal data is not absolute, and may be limited by the Personal Data Protection Act 2010.
Important information about opting-out
The personal data that we ask you to provide may either be mandatory or optional, and may differ depending on the particular product or service. Mandatory personal data is information required for the processing of the transaction, or provision of products and services, or performance of a contract. Optional personal data is information you voluntarily provide to us, which we may process during the transaction or to provide you with other products and services. Fields requiring mandatory personal data will be indicated in our manual forms and registration forms on our website(s).
If you choose not to furnish any mandatory personal data requested or wish to withdraw your consent or significantly limit the processing of your personal data, you agree that (notwithstanding any agreement between you and us) we shall be entitled to cease the provision of any products or services to you without incurring any liability whatsoever for any losses which you may suffer as a result of such cessation.
By not ticking a clearly displayed "opt-out" box, we will assume we have your implied consent to process your personal data pursuant to the terms of this Notice and to receive information about products and services that we or our third party business partners have selected and believe would be of interest to you until you choose to opt-out from allowing us to process your personal data entirely or to limit the processing of your personal data for marketing purposes.
You may choose to limit the processing of personal data or withdraw your consent to process your personal data by any one of the following means:
We will endeavour to comply with your request within 21 days / as soon as we are reasonably able to do so.
In relation to our website(s), you may withdraw or add your consent at any time through the “Edit your profile” page (if any) or by contacting our Compliance Department. When you choose to withdraw your consent by choosing to opt-out in our website(s), this would apply only to your personal data stored in our website(s)'s database. It would not apply to personal data which you have provided to a business in Pos Malaysia through another channel other than our website(s) or if your personal data has been passed to third parties with your consent.
In relation to links to other sites found on our website(s), please note that personal data provided to these third parties are not under our control and responsibility and you may need to contact them directly if you wish to withdraw your consent for their continued use of your personal data.
Please note that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, it may take up to 21 days for your withdrawal to be reflected in our systems. Therefore, you may still receive marketing or promotional materials/communication during this period of time. Please note that even if you opt-out from receiving marketing or promotional materials, we may still contact you for other purposes in relation to the products and services you transacted with us.
In relation to our website(s), some of the information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person’s web browser in their computer that can be retrieved through the website. Such information, for example, may be a user’s password that is stored to avoid having to retype it during subsequent visits to a site. Should you wish to disable these cookies, you may do so by changing the setting on your browser.
Note that personal data transmitted electronically will not be 100% secure. We will not be liable for any breach of security unless we have been negligent.
Where Pos Malaysia is processing your personal data on behalf of another person or entity, the processing of your information would depend on the privacy practices of that person or entity. This would not be under our control or responsibility. You should contact them directly on the processing of your personal data.
Revisions to the Notice
Our Notice may be revised from time to time and if there is any revision, it will be posted on our website(s) and/or other means of communication deemed suitable by us.
If you have any enquiries or complaints concerning this Notice, please contact our Compliance Department at:
Pos Malaysia Berhad
Tingkat 2, Ibu Pejabat Pos
50670 Kuala Lumpur
Attn: Personal Data Protection Compliance Officer
Tel: 03 – 2267 2267 ext 2040
Email address: firstname.lastname@example.org
If you need to update your personal data, kindly get a "Personal Data Correction Form" at the post office counter or download the form here.
This Notice is made available in the national and English languages. In the event of any discrepancies, the English language version of the Notice shall prevail.
This Personal Data Protection Notice was last updated on: 8 October 2018
- End -