Personal Data Protection Act (PDPA) Statement / Privacy Policy

This Notice and Consent is issued to all information providers to Ge-Shen Corporation Berhad and its subsidiaries, which are Polyplas Sdn. Bhd., Ge-Shen Plastic (M) Sdn. Bhd. and Demand Options Sdn. Bhd.  pursuant to the requirements of the Personal Data Protection Act 2010 (“PDPA”) in Malaysia. We, Ge-Shen Corporation Berhad and/ or group of Companies (referred hereinafter to as “Ge-Shen”) wish to inform you that we maintain certain personal information about you as part of our records. Ge-Shen respects and is committed to the protection of your personal information and your privacy.

Section 2 of the PDPA provides that the Act applies to any persons who processes, and who has control or authorizes the processing of personal information (“Data User”) in commercial transactions. ‘Commercial transaction’ was defined as ‘…any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply of exchange of goods or services, agency, investments, financing, banking and insurance, but does not include a credit reporting business carried out by a credit reporting agency under the Credit Reporting Agencies Act 2010.

A provider of information is essentially a commercial or contract of service of a commercial nature. Therefore, the provisions of the Act will apply to such situations and Ge-Shen will review its approach in terms of commercial arrangements or its employment contracts, handbooks, and the retention and use of employee’s personal information.

Please find the following notice in English stating the reasons we will collect information, the type of information collected, our disclosure to third parties (if any) and who you may contact for access to your information.

Ge-Shen reserves the right to amend this Notice to employees at any time and will place notice of such amendments on the intranet/ internet or via any other mode the company views suitable, which will be clearly informed to you.

The use of this information is for any commercial, business or employment purposes.

1. Purpose of information Collected

The use of this information is for any commercial, business or employment purposes

2. Type of Information Collected

  1. Personal data that we may collect:
    1. Name, Age, Gender, Nationality, IC Number, Date of Birth;
    2. Contact Details such as house number, Mobile number;
    3. Bank Account number;
    4. SOCSO, EPF, Tax details;
    5. Full Address;
    6. Marital Status;
    7. Email Address;
    8. Any other information supplied by you that can indirectly or directly identify you, in order for us to carry out our contract with you.

3. Type of Sensitive Data Collected

  1. Designs or any commercial documents with embedded intellectual property
  2. For employment, sensitive personal information:
  1. Physical/ mental health:
    1. occupational health;
    2. sickness absence records;
    3. the chronic illness of a specific employee in circumstances which may affect their ability to perform all aspects of the normal work.
  2. Race/ Disabilities – This will only be recorded on personnel files, with the express permission of each employee concerned, strictly for statistical purposes in connection with “ethnic monitoring’. – i.e. to identify and keep under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained.

4. Data Access Responsibility

Ge-Shen may place all or part of its files onto a secure computer network and with restricted access to personnel data. When implemented access to individual employee data will only be granted to the following data users within Ge-Shen or its group of Companies for specific and legitimate purposes:

  1. Business development or any other employees of the Group;
  2. Staff employed in the Human Resources Department;
    1. A member of staff’s Head of Department/ Chief Executive Office/ line manager;
    2. Staff employed in the payroll section of the Finance Department;
    3. Staff Development staff;
    4. Any specified and contracted outsourcing organisation (acting under the direction of the Data User, or his/ her representative) used to process internal corporate data providing secure processing facilities and data access in line with statutory provisions and the requirements of Ge-Shen.

5. Consequences of not providing Personal Data

The failure to supply us with the required personal data will potentially:

  1. Result in us being unable to enter into any commercial arrangements
  2. Result in us being unable to enter into an employer-employee contract or agreement [or specific service] with you;
    1. Result in us not being able to compensate you for services rendered;
    2. Result in us being unable to communicate notices, value added services and updates to you;
    3. Affect our capacity to accomplish the above stated purposes

6. Disclosure

Your personal data will be kept confidential, but you consent and authorise us to provide or share your Personal data to the following class of users:

  1. Persons/ Organisations required under law or in response to government requests;
    1. Related, subsidiaries, holdings of Ge-Shen, including future entities under Ge-Shen
    2. Government agencies, statutory authorities, enforcement agencies under law;
    3. Auditors, accountants, lawyers under Ge-Shen
    4. Third party service/ product providers that is deem necessary or appropriate for the purposes stated above (including those located out of Malaysia, under conditions of confidentiality and similar levels of security);
    5. Persons under a duty of confidentiality to the Ge-Shen.

Data shared will be for the purpose as stated in this notice, or purposes not stated but directly related to the primary purpose of collection. We may also share your Personal Data where required by law or where disclosure is necessary to comply with applicable laws, legal processes or queries from the relevant authorities. We may also disclose personal data to a prospective party of a ‘business asset transaction’, which refers to any type of acquisition, disposal or financing of an organisation or division

7. Data Security

We shall take necessary steps to store and process your personal data securely. We will undertake the following security steps:

  1. Implementation of a formal information security policy and necessary technology controls such as firewall, password controls, physical security, logging and monitoring etc;
    1. Process controls such as segregation of duties, defined roles and responsibilities and need to know basis for staff;
    2. Third party providers and contractors storing or processing personal data has implemented similar acceptable standards of security;

8. Retention of Personal Data

Your personal data will be stored for only the period as necessary to fulfil the purposes stated above after which we proceed to ensure that your personal data is destroyed, anonymized or permanently deleted if it is no longer necessary to store. Reasons to further store your information even after the fulfilment of the purposes includes

  1. to satisfy legal, regulatory or accounting requirements;
  2. to protect the interest of Ge-Shen.

All employee data other than the name, job title, department and period of employment at Ge-Shen will be deleted seven (7) years after employment has ended. Data relating to disciplinary and grievance records of current employees are removed from personal files once they become spent in accordance with Ge-Shen’s disciplinary procedure and deleted three (3) years from the date issued. Where disciplinary or grievance cases have involved concerns of sufficient severity or gravity data will be deleted five (5) years from the date issued.

Once an employee has left Ge-Shen any data relating to them within their department should be sent to Human Resources.

9. Direct Marketing

We may use your personal data to provide you with internal information about our corporate exercises and job vacancies, and third-party services and/or products, which may be related to your interests, unless requested otherwise by you. We take reasonable steps to ensure that the 3rd parties we are sharing your personal data with also have appropriate privacy and confidentiality obligations. If you do not wish your personal data to be utilised for the purposes of marketing and promotion, please contact us at the contact details below. Your latest written instructions to us will prevail.

10. Right of Access and Correction

Under PDPA, you reserve the right to access your personal data and request for correction of the personal data that might be inaccurate, obsolete, incomplete or misleading. In respect to this, you may:

  1. Request to check and access your personal data in our records;
  2. Request that we correct any of your inaccurate, obsolete, incomplete or misleading personal data;
  3. Request copies of the data from us.

Once we receive a request, we will acknowledge the receipt of such request. For data amendment and correction, we will consider if the information requires amendment. If there is any disagreement, then we specify the reason in clearly stated terms such as where rights of others will be violated, or regulatory functions will be affected.

Ge-Shen reserves the right to withhold:

  1. Information in the case of repeat requests from individual employees made unreasonably frequently;
  2. Specific information if Ge-Shen cannot comply with an employee’s request without disclosing information relating to another individual who can be identified from that information (including its source). However, this can be provided if Ge-Shen is satisfied that the other individual has consented to the disclosure of the information to the employee making the request, or it is reasonable in all the circumstances to comply without the consent of the other individual;
  3. Any data which is excluded through legislation on the grounds of national security, breaches of ethics for regulated professions, or is relevant to any current investigation concerning any possible criminal/ civil legal action;
  4. Where such data is “opinion data” that is “kept solely for an evaluative purpose”. This includes opinions written in the course of assessment of individuals for employment or promotions;
  5. Additionally, any circumstances falling under Section 32 of PDPA, circumstances where data user may refuse to comply with data access request.

11. Transfer of Your Personal Information Outside Malaysia

It may be necessary for us to transfer your personal data outside Malaysia if any of our service providers or strategic partners who are involved in providing part of any employment services are located in countries outside Malaysia. You consent to us transferring your personal information outside Malaysia in the instances whereby it is necessary to fulfil the execution of the employer-employee contract that has been agreed on.

We shall take necessary steps to ensure that any such partners are contractually bound not to use your personal information for any reason other than to provide the specific service which they are contracted by us, to safeguard your personal information.

12. Contact us

For further information or clarification regarding personal data access, correction, deletion or any other information in relation to PDPA, you can contact us through the following details:

Privacy Officer: audit@gscorp.com.my
03-2785 0975
Unit 13-05 & 13-07,
Level 13, Menara MBMR,
No. 1, Jalan Syed Putra Utara,
58000 Kuala Lumpur

13. Language

As per Section 7(3) of the PDPA, this notice and consent form is issued in both English and Bahasa Malaysia. In the event of any inconsistency, the terms of the English version shall prevail.

This document was last updated on 5 March, 2020