Personal Data Notice for Customers
- Collection and Security of Personal Data
This Notice is issued pursuant to the Personal Data Protection Act 2010. The main purpose of this notice is to make you better understand the reasons and purposes of the collection of personal data by Petroliam Nasional Berhad (PETRONAS) (“the Company” or “we” or “us”) as well as the Company’s commitment to ensure that your data is securely processed and kept. We believe that our customers have an expectation to understand how their personal data is handled. It is part of our Company’s values that all personal data and privacy of our customers are treated with care and respect. The security of your personal data is important to us.
As our valued customer, we would like you to understand that in connection with your commercial dealings with the Company and its group of companies (“the Group”), it is necessary for the Company and/or the Group to collect and process data about yourself and/or your business entity. We therefore hope that you will spend some time to go through this notice.
- Nature of Personal Data We Process
The personal data that we collect in relation to you may include the following: your name, copies and other details of your identity documents and proof of identification (for instance, NRIC number, passport number, driver’s license etc.), proof of address and other contact details (for instance, telephone/facsimile number, email address etc.), information concerning age, race, nationality, date of birth, occupation and position, types of goods/service requested and personal interest (collectively “your personal data”).
The above description of personal data is merely a general description of the various types of personal data that we collect from various customers. The nature of personal data differs from customer to customer. Depending on the nature of business and circumstances, we may only need to collect and process a more limited form of personal data from certain customers. In other situations, there may be a need to collect more personal data depending upon the nature of transaction, business and so forth. We do not believe in collecting excessive personal data and what we collect are the essentials that are required to ensure the efficacy of business and transactions.
You may choose whether or not to provide your personal data to us, including sensitive personal data. Sensitive personal data may include such things as information on physical or mental health or medical condition, political opinions, religious or other similar beliefs, commission or alleged commission of any offence.
- Source of Personal Data
Generally, the personal data that we collect comes directly from you. For instance, when you contact or register with us (whether online or otherwise) or enter into any other transactions with us.
Apart from information provided by you, the Company and the Group may obtain personal data on you from various reference checks, background checks or from the various governmental authorities.
- Importance of Providing Personal Data
We would like you to understand that it is important for you to provide the necessary personal data to us for the purpose of communication and promotion of our products or partners’ offer and for providing convenience to corporate customers, fleet management and to manage a loyalty programme for customers.
The failure to supply your personal data as requested may result in us being unable to continue to provide you with the services and/or products requested. It is also important that the data you have supplied is kept up-to-date. You should therefore notify us of any changes so that we may update our records.
- Purpose of Processing Your Personal Data
The personal data you provide will be collected, held on computer and/or in manual files, used, disclosed and otherwise processed by the Company and/or the Group for the following purposes:
1. to facilitate the delivery of services or products and the marketing and promotion of such services or products whether present or future , to you;
2. those purposes specifically provided for in any particular service or product offered by the Company and/or the Group;
3. conducting marketing and client profiling activities in connection with any services and related products of the Company, the Group and/or our business partners;
4. our internal record keeping, maintenance and updating of any information database(s), customer service related matters and other administrative purposes, including audits, fraud monitoring and prevention;
5. to communicate with you, including responding to your enquiries; meeting or complying with any legal, regulatory or statutory requirements relating to our provision of services and products and to make disclosure under the requirements of any applicable law, legislation, rule, ruling, regulation, direction, court order, by-law, guideline, circular, code (collectively “laws”) applicable to us or any member companies of the Group;
6. research, benchmarking and statistical analysis; and/or
7. other reasons that are required or permitted under the Personal Data Protection Act 2010 or other applicable laws.
Other than the above, we do not collect personal data for any other reasons. Should there be a new purpose for the collection of data, we shall inform you accordingly and obtain your concurrence to the same, where necessary.
- Confidential and Secure Disclosure of Personal Data
We treat the confidentiality of your personal data very seriously, which is of utmost importance to us. Personal Data provided to the Company by you will be kept confidential. However, in certain circumstances, it would be necessary for us to provide or disclose your personal data for the purposes stated above to the following categories of persons (whether within or outside Malaysia) and where we do so, we would merely disclose data that is necessary for the purpose of such disclosure:
a. entities within the PETRONAS Group of Companies including all related companies, subsidiaries, holding companies and associated companies;
b. any body or person to whom the Company is compelled or required to do so under any laws or in response to any competent or government, state, provincial, local government, statutory or municipal authority, industry regulators, agency or body;
c. law enforcement authorities;
d. such sub-contractors or third party service or product providers (an example would be auditors, lawyers, company secretaries, service providers, events and training organisers telecommunications companies, cloud computing or data back up service providers and other advisers).
In addition, where we consider it necessary or appropriate for the purposes of the conduct of business, data storage or processing or customer management, we may transfer your personal data to another member of the Group or third party service or product providers within or outside the country in which the Company is established, under strict conditions of confidentiality and similar levels of security safeguards.
- Data Security & Safeguards
We consider it is our responsibility to provide our customers with reasonable protection in respect of their personal data protections. We shall endeavour to implement the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to prevent the unauthorized or unlawful processing of your personal data and the accidental loss or destruction of, or damage to, your personal data.
- Your Rights of Access and Correction
8.1 You have the right to request access to and correction of information about you held by the Company and you may write to us at the address provided below if you wish to:-
• check whether the Company holds or uses your personal data and request access to and/or a copy of such data that we retain about you;
• request that the Company correct any of your personal data that is inaccurate, incomplete or out-of-date;
• request that the Company cease processing your personal data. However, please note that this may result in us not being able to properly perform or discharge our obligations to you; or
• request that the Company specify or explain its policies and procedures in relation to data and types of personal data handled by the Company.
8.2 The contact to whom written requests for access to personal data or correction and/or deletion of personal data or for information regarding policies and procedures and types of personal data handled by contacting us firstname.lastname@example.org
In the event of any inconsistency or conflict between the English language version and the Bahasa Malaysia version of this Personal Data Protection Notice, the English language version shall prevail.