Scicom (MSC) Berhad (Company No 597426-H) (“we”, “us”, “our” or “SCICOM” as the context requires) is committed to protecting and respecting your privacy and ensuring that Personal Data is processed in accordance with the Personal Data Protection Act 2010 (“PDPA”) and applicable regulations.

This Privacy Notice (together with the terms of use of our website and any other documents referred to in it) sets out the basis on which any personal data or sensitive personal data we collect from you, or that you provide to us, will be processed by us.

DEFINITIONS

For the purpose of the PDPA and this Privacy Notice:

“Data Controller” means SCICOM and/or any of SCICOM subsidiaries, agents or servants from time to time, where SCICOM determines the purposes and means of processing Personal Data;

“Data Processor” means SCICOM where SCICOM processes Personal Data on behalf of a third party pursuant to contractual arrangements and documented instructions;

“Personal Data” means any information in respect of commercial transactions that relates directly or indirectly to an individual who is identified or identifiable from that information including any sensitive personal data and expressions of opinion about the individual, whether processed by automated means or otherwise, as defined under the PDPA;

“Sensitive Personal Data” means any personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence, biometric data, or any other personal data as the Minister may determine by order published in the Gazette, as defined under the PDPA;

“Website” includes www.scicom-intl.com or any other website, feed or application operated by SCICOM.

STATUS OF SCICOM

Depending on the nature of the processing activities:

1. SCICOM acts as a Data Controller in respect of Personal Data collected directly from individuals including employees, applicants, vendors, business partners and website users; and
2. SCICOM acts as a Data Processor where it processes Personal Data strictly on behalf of its clients pursuant to contractual agreements.

Where SCICOM acts as a Data Processor, the relevant client remains the Data Controller.

SCICOM complies with statutory obligations applicable to both Data Controllers and Data Processors under the PDPA.

1. Information which we collect about you

1.1 We may collect and process the following categories of Personal Data:

1. Identification details (such as name, NRIC/passport number, contact information);
2. Information you provide through input areas within the Website, including employment and recruitment information;
3. Financial and billing information;
4. Technical data including IP address, browser type and system data;
5. Communications and correspondence records;
6. Sensitive Personal Data where permitted by law.

1.2 Personal Data may be collected by SCICOM through various channels including:

1. directly from you through the Website, electronic forms, telephone, email, written correspondence or other communication channels;
2. during recruitment processes, employment applications, service requests, contractual engagements or other interactions with SCICOM;
3. from authorised third parties including recruitment agencies, service providers, analytics providers, business partners, clients or regulatory authorities, where such parties collect information on our behalf or provide information necessary to facilitate the services requested by you; or
4. from publicly available sources where permitted under applicable law.

1.3 Where Personal Data is obtained from third parties, SCICOM will take reasonable steps to ensure that such data has been collected and disclosed in accordance with applicable law.

1.4 Where indicated, it is obligatory for you to provide the requested Personal Data to enable SCICOM to provide services, process applications or fulfil contractual obligations. Failure to provide such Personal Data may result in SCICOM being unable to proceed with the relevant request or transaction.

2. How we use your Personal Data

2.1 Personal Data may be processed for purposes including:

1. to process your recruitment and employment application administration, this may include sharing your information with partner organisations in connection with the recruitment process;
2. performance of contractual obligations;
3. to allow you to participate in the provision of services to clients and to enable participation in any interactive features of our services and platforms when you choose to do so;
4. regulatory compliance;
5. internal administration and governance;
6. system administration, website management and ensuring that content from our Website or platforms is presented effectively for users and their devices;
7. responding to enquiries and notifying you about changes to our service;
8. providing updates, information and communications relating to our services, including marketing or promotional communications where consent has been obtained;
9. any other purposes directly related to the above; and
10. to keep you informed (with your consent) by electronic means, or other means, of information about specific funding, sponsorship opportunities or services and products that we think may be of interest to you.

2.2 SCICOM processes Personal Data only where permitted under the PDPA, including where:

1. consent has been obtained;
2. processing is necessary for the performance of a contract;
3. processing is required to comply with legal obligations;
4. processing is necessary to protect vital interests; or
5. processing is otherwise permitted under applicable law.

2.3 Where SCICOM acts as a Data Processor:

1. Personal Data shall be processed only on documented instructions from the relevant Data Controller;
2. confidentiality obligations apply to authorised personnel;
3. appropriate administrative, technical and organisational safeguards are implemented;
4. SCICOM shall notify the relevant Data Controller without undue delay upon becoming aware of a Personal Data Breach; and
5. SCICOM shall provide reasonable assistance to enable the Data Controller to comply with statutory obligations.

2.4 SCICOM implements reasonable administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

2.5 In the event of a Personal Data Breach, SCICOM will promptly assess the nature, scope and impact of the breach and take appropriate containment and remedial measures. Where the breach is likely to result in significant harm to affected individuals, SCICOM will notify the Personal Data Protection Commissioner and, where applicable, the affected individuals within the prescribed timeframe under the PDPA.

2.6 Surveys and Service Improvements – Where you use our Website or services, SCICOM may invite you to participate in surveys or feedback initiatives intended to assist us in improving our services. Participation in such surveys is voluntary.

2.7 Disclosure Required by Law – SCICOM may disclose Personal Data where required to comply with applicable laws, regulations, legal processes or requests from governmental or regulatory authorities, including law enforcement agencies.

3. Communicating with you

3.1 The Personal Data collected in connection with any employment applications may include identification details, contact information, your name, medical information, educational background and immigration information.

3.2 SCICOM has appointed a Data Protection Officer responsible for overseeing compliance with the PDPA.

3.3 If you have any questions regarding this Privacy Notice, our use of your personal data, or wish to exercise your rights, you may contact:

Data Protection Officer,
SCICOM,
25th Floor, Menara TA One,
22 Jalan P. Ramlee,
50250 Kuala Lumpur Malaysia; or

Email: pdpa@scicom.com.my.

4. Disclosure of Personal Data

Personal Data may be disclosed to:

1. SCICOM subsidiaries and related companies;
2. service providers and vendors engaged by SCICOM;
3. business partners and clients where SCICOM is required to provide services;
4. professional advisers;
5. regulatory or governmental authorities where required by law.

All disclosures are subject to appropriate safeguards.

5. IP addresses, cookies and links

5.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and analytical purposes. This information does not identify you personally.

5.2 SCICOM may use cookies. A cookie is a small amount of data which is stored on your computer and which is revealed to SCICOM when you use our Website or network. Cookies are used to improve user experience and functionality. You can configure your web browser not to accept cookies, although this may affect the functionality of the Website or network.

5.3 The website may contain links to third party websites. SCICOM does not have any control over these websites and is not responsible for the protection and privacy of any information you provide when visiting such websites.

6. Your right to ask to see the information we hold about you

6.1 You may request access to the Personal Data that we hold about you by contacting SCICOM at the address provided in Section 3.3 above. There may be a reasonable fee charged in accordance with the PDPA Regulations.

6.2 If you request us to do so we will take reasonable steps to correct any Personal Data which you inform us is inaccurate, incomplete or outdated. You are responsible for ensuring that the Personal Data you provide is accurate and up to date. Where you provide Personal Data relating to another individual, you confirm that you have obtained the necessary consent or authority from that individual.

6.3 You may withdraw your consent to the processing of your Personal Data at any time by contacting SCICOM using the contact details provided in Section 3.3 of this Privacy Notice, subject to any applicable legal or contractual restrictions.

6.4 Where applicable under the PDPA, you may request that your Personal Data be transferred to another data controller. SCICOM will assess such requests in accordance with applicable law, including verification of identity and the feasibility of securely transferring the requested data.

7. Data Retention and Security

7.1 SCICOM takes reasonable steps to protect Personal Data from misuse, loss, unauthorised access, modification or disclosure. Personal Data may be stored electronically or in physical records.

7.2 Personal Data will be retained only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory or contractual obligations. When Personal Data is no longer required, it will be securely destroyed or anonymised.

8. Cross-Border Transfers

Where necessary for operational or service delivery purposes, Personal Data may be transferred outside Malaysia. SCICOM will take reasonable steps to ensure that such transfers comply with the PDPA and that appropriate safeguards are implemented.

9. Changes to this Privacy Notice

SCICOM may amend this Privacy Notice from time to time. The updated version will be published on the Website.