Personal Data Protection Policy
Kärcher Cleaning Systems Sdn Bhd (443599-P)
We, Kärcher Cleaning Systems Sdn Bhd (No. Syarikat 443599-P), and our subsidiaries, respect the privacy of all individuals with whom we have a contractual relationship. We are committed to protecting all Personal Data kept by us. For this reason, Kärcher Cleaning Systems Sdn Bhd and its subsidiaries (collectively, “Kärcher”) have adopted this Personal Data Protection Policy (“this Policy”) in compliance with the Personal Data Protection Act 2010 of Malaysia (“PDP Act”).
1. SCOPE
This Policy applies to all operations and business units of Kärcher. To the extent any operations or business unit of Kärcher already has a data protection policy in place, this Policy shall supersede and replace any such policy.
2. RESPONSIBILITY
Legal Services Department is responsible for the administration of this Policy and monitoring enterprise wide compliance
3. PERSONAL DATA PROTECTION PRINCIPLES
3.1 General Principle
3.1.1 Kärcher will only process Personal Data in the manner set out below:
a) Processing of Personal Data will be for a lawful purpose directly related to the activity of Kärcher;
b) Processing of Personal Data must be necessary for or directly related to that purpose;
c) the Personal Data is adequate but not excessive in relation to that purpose; and
d) the Consent of the Data Subject must be obtained.
3.1.2 Kärcher is not responsible to obtain the Consent of the Data Subject where the Processing Personal Data is necessary:
a) for the performance of a contract to which the Data Subject is a party;
b) at the request of the Data Subject with a view to entering into a contract with the Data Subject;
c) for compliance with any legal obligation to which Kärcher is subject, other than an obligation imposed by a contract;
d) to protect the vital interests of the Data Subject;
e) for the administration of justice; or
f) for the exercise of any functions conferred on any person by or under any law.
3.1.3 Kärcher will only process Sensitive Personal Data:
a) with the consent of the Data Subject;
b) where Processing is necessary for any of the following purposes:
- for the performance of any right or obligation which is conferred or imposed by law on Kärcher in connection with employment;
- in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;
- for medical purposes;
- any legal proceedings;
- obtaining legal advice;
- establishing, exercising or defending legal rights;
- administration of justice;
- exercise of the functions conferred on any person by or under any written law;
- for any other purposes as the Minister thinks fit; or
- the information contained in the Personal Data has been made public as a result of steps deliberately taken by the Data Subject.
3.1.4 The Data Subject may withdraw his/her consent at any time and may attach any condition or limitation he/she believes to be appropriate.
3.1.5 It is Kärcher policy that Personal Data must be processed fairly and lawfully. Kärcher is responsible for collecting Personal Data only for specific, lawful, explicit and legitimate purposes, and for further processing of Personal Data consistent with those purposes.
3.1.6 It is Kärcher policy that Personal Data is adequate, relevant and not excessive to the purpose for which they are collected or further processed. Kärcher is responsible for making every reasonable effort to maintain such data accurately, provide reasonable means to correct, delete, or rectify any inaccurate data, and store such data for periods no longer than is necessary.
3.2 Notice and Choice Principle
3.2.1 Kärcher will inform the Data Subject of the following by email in a written notice as soon as practical:
a) that the Personal Data is being processed;
b) a description of the Personal Data;
c) the purpose of the collection of the Personal Data;
d) the source of the Personal Data;
e) the right of the Data Subject to request access and correction of the Personal Data;
f) classes of third parties to whom the Personal Data is / may be disclosed;
g) the choice and means of limiting the processing of Personal Data;
h) whether the supply of the Personal Data is obligatory or voluntary; and
i) the consequences of the Data Subject’s failure to supply the Personal Data.
3.3 Disclosure Principle
3.3.1 Kärcher will only disclose Personal Data:
a) to comply with any government agency notification requirements; and/or
b) for the purpose for which the Personal Data is processed.
3.3.2 Kärcher will not disclose the Personal Data for other purpose and to third parties unless with the Consent of the Data Subject.
3.4 Security Principle
3.4.1 Kärcher is responsible for taking prudent steps to safeguard the confidentiality and security of all Personal Data, including appropriate procedural, organizational and technical steps to protect personal data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with Kärcher instructions and incorporating Kärcher own data protection standards as a minimum.
3.4.2 Kärcher has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite Kärcher best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of Kärcher ability, access to Data Subject’s Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such information.
3.4.3 You are responsible for keeping the given password as confidential. We ask you not to share a password with anyone.
3.5 Retention Principle
3.5.1 Kärcher shall take all reasonable steps to ensure that:
a) Personal Data are retained only for so long as the information is necessary to comply with a Data Subject’s request or until that Data Subject request that the information be deleted according to Kärcher; and
b) the Personal Data is destroyed or permanently deleted, where possible, after the purpose is served.
c) The data that we collect from you will be transferred to, and stored at Germany and Ireland, a destination outside Malaysia Area. d) It may also be processed by staff operating outside Malaysia Area who work for us or for one of our suppliers for a lawful purpose directly related to the activity of Kärcher.
3.6 Data Integrity Principle
Kärcher will ensure that the Personal Data is accurate, complete, not misleading and kept up-to-date, having regard to the purpose the data was collected and further processed.
3.7 Access Principle
3.7.1 Kärcher recognizes the right of Data Subjects to obtain without constraint at reasonable intervals and without excessive delay or expense:
a) confirmation concerning whether Kärcher, any representative or agent is holding or processing Personal Data relating to him or her;
b) information on the purpose(s) of the processing, the categories of data concerned, and the recipients or categories of recipients;
c) information in an intelligible form concerning the data relating to him or her being processed and the source of such data; and
d) information, as appropriate, concerning the logic underlying the data processing.
3.7.2 Further, Kärcher recognizes the Data Subject’s right to require, as appropriate, the correction, erasure or blocking of data whenever the processing of such data does not comply with applicable laws and regulations. Kärcher will alert, to the extent practicable, third parties to whom the Personal Data has been disclosed of any such correction, erasure or blocking.
3.7.3 A Data subject will be entitled to access his/her Personal Data that is being used by Kärcher by making a request in writing which will be complied within 21 days from date of receipt of such request.
4. DATA COLLECTION, TRANSFER & PROCESSING
4.1 Kärcher is responsible for collecting, processing and transferring Personal Data in compliance with the PDP Act. Only in very limited and rare circumstances, will Kärcher disclose Personal Data to healthcare professionals, e.g. where the data subject's health and well-being would otherwise be adversely affected and the Data Subject is unable to give formal consent.
4.2 It is Kärcher policy that except as allowed or required by the PDP Act, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, health or sex life or alleged commission of any offense not be processed and the collection and storage of such Sensitive Personal Data be particularly safeguarded. The Processing of the Sensitive Personal Data by Kärcher will be in the manner set out in Clause 3.1.3 of this Policy.
4.3 For Personal Data obtained directly from the Data Subject, Kärcher is responsible for informing the Data Subject of the identity of those controlling the Personal Data, the purpose for which the Personal Data is being collected and processed and any further information the Data Subject may need for fair processing. This same standard applies to Personal Data not obtained directly from the Data Subject, except as allowed by law for statistical purposes.
4.4 Kärcher is responsible for informing the Data Subject prior to any initial transfer or Processing of Personal Data for direct marketing purposes and, upon request, for blocking such action.
4.5 It is Kärcher policy not to transfer Personal Data to any entity, individual, or organization, particularly entities within third countries without adequate data protections, which does not meet the standards established by this policy without ensuring that:
4.5.1 the Data Subject has given his/her unambiguous consent;
4.5.2 the transfers are needed for the performance of a contract between the Data Subject and the third party or to implement a pre-contractual commitment made at the request of the Data Subject;
4.5.3 the transfers are needed for the conclusion or performance of a contract concluded in the interest of the Data Subject with a third party;
4.5.4 the transfers are needed to protect the vital interests of the Data Subject; or
4.5.5 the transfers are made from a register established pursuant to laws and regulations as being open
for consultation by members of the general public or by any person who can demonstrate a legitimate interest.
5. USE OF COOKIES AND WEB BEACONS
5.1 From time to time when a Data Subject visit Kärcher website, information may be placed on his/her computer to allow Kärcher to recognize Data Subject’s computer in the form of a text file known as a “cookie”. Kärcher use of cookies is intended to provide benefits Data Subject, such as eliminating the need for Data Subject to enter his/her password frequently during a session. Cookies are also used for website
traffic analysis and anonymous demographic profiling so that Kärcher may improve its services.
5.2 Kärcher may use so called web beacons (or “pixel tags”) in connection with some websites. However, Kärcher do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve Kärcher services. Web beacons do not typically collect any other information than what Data Subject browser provides Kärcher with as a standard part of any internet communication. If Data Subject turn off cookies, the web beacon will no longer be able to track Data Subject specific activity. The web beacon may, however, continue to collect information of visits from Data Subject’s IP-address, but such information will no longer be unique.
5.3 If Data Subject does not wish to receive cookies, or wants to be notified before he/she is placed, Data Subject may set his/her web browser to do so, if his/her browser so permits. Once the cookies are turned off, Data Subject may not be able to view certain parts of Kärcher site that may enhance Data Subject’s visit. Some of Kärcher business partners whose content is linked to or from Kärcher website may also use cookies or web beacons. However, Kärcher has no access to or control over these cookies.
* Kärcher reserves the right to change any portion of this Personal Data Protection Policy. Kärcher will announce such changes through its dedicated webpage www.karcher.com.my/my/services/information/online-shop-support/personal-data-protection-policy.html
* Kärcher is committed to protecting the Personal Data of any Data Subject. If you have questions or comments about Kärcher administration of Personal Data, please contact us at karcher.my@karcher-asia.com or 1-300-22-3188. You may also use the following address to communicate any concerns you may have regarding compliance with this Policy.