If you are an employee or work for PMTSB and/or Petroliam Nasional Berhad and its group of companies, including its subsidiaries and controlled companies (“PETRONAS”), we shall provide a separate statement to inform you how your personal data is used.
Your personal data may be collected directly from you or from other sources such as our website, online learning platforms, digital learning initiatives, training and learning programmes, training and learning events, third parties and identified sources such as providers of services to PMTSB or any member of the PETRONAS group of companies, your employer or during registration and participation in any of our programmes and events which may include accommodation and facilities services, or other third parties that we work with. We may aggregate personal data from different sources such as online and offline collection points, though in relation to personal data that you have provided, we will only do so for purposes which are consistent with the purposes for which you have provided that personal data.
Aggregated data which may be derived from your personal data but is anonymized is not considered personal data in law, as this data will not directly or indirectly reveal your identity. For example, we may aggregate data related to usage of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data in a way which does directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Statement. If you are an existing customer or vendor of ours, or a representative of an existing customer of ours, further details about how we use your personal data are set out in your/ your employer’s customer contract with us. We may provide further notices to you at the point we collect your personal data, which will highlight any further information relating to our use of that personal data, and, where applicable, provide you with the ability to opt in or out of selected uses.
If you are based in the European Economic Area (“EEA”) or United Kingdom (“UK”) during your interactions with us (other than solely for travel purposes whereby you are not resident in the EEA or UK), the laws in those countries require us to provide you with additional information about our processing activities. We have included this information in Appendix A.
If you are based in a country or territory outside the EEA or UK during your interactions with us (other than solely for travel purposes whereby you are not resident in the EEA or UK), then subject to the applicable data protection laws, by providing us with your personal data, you agree and consent to the collection, use and disclosure of your personal data by us for some or all of the purposes mentioned in this Privacy Statement, where applicable.
A. Types of Personal Data Collected and How we collect it
We will collect and process all or some of the personal data as follows. We describe certain kind of data (defined below) as Special Category Data.
a. Personal data that you provide to us, such as when using the contact and registration form on our website, providing feedback, participation in training and learning programmes, participation in online learning platforms and digital learning initiatives, your correspondence with us or when you interact with any of our social media channels (if any), our online learning platforms, digital learning initiatives and website (which may include when you like or comment on a post);
We may collect current and historical personal data including your name (including any prefix or title), contact information (such as your address, email address, telephone number, nationality, identification number such as passport number, birth date, gender, organization, business interest, employment, position held), social media identifiers, Special Category Data (as defined below), billing and financial information (such as billing address, bank account and payment information) and enquiry or complaint details and such other information depending on the nature of business relationship or dealings you have with PMTSB. “Special Category Data” means sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, health, sexuality or sexual orientation, or relating to criminal convictions or offences. Special Category Data receives a higher level of protection in some jurisdictions such as EEA and UK. Collection and processing of Special Category Data will entail different requirements from jurisdiction to jurisdiction in accordance with applicable local laws.
b. Information you provide when applying for a role, work placement which include internship or during open day or recruitment event or as a beneficiary
In any of the above circumstances, we collect your CV or résumé which may include your contact details (such as name, address, email address and telephone number), education information (such as field of study, university and country of study, academic scores and achievements, personal certifications), employment history, racial or ethnic origin, nationality, financial information (such as parents or beneficiaries income, bank account name and number), photographs or profile picture and any other supporting documents or information as submitted by you or on your behalf during the application process.
We carry out pre-screening of applicants to whom we intend to make an offer of employment, scholarship, or internship or to receive grants as beneficiaries (as appropriate). We may also undertake criminal records or financial probity checks or other independent searches to assess your suitability for the position were permitted by, and in accordance with, applicable law. Special Category Data may be processed strictly in accordance with applicable local laws.
c. You (or someone you act for) have a relationship with us
If you are or act for or are related to our customers and clients, where you are our counterparty in a commercial transaction with us or provide services to our counterparty and where you or the organization you work for is a regulator, government agency, judiciary, legislative or other law enforcement agency, we may collect and process your personal data based on your relationship with us. The types of personal data include contact information (such as name, address, email address and telephone number); identification information (such a national identification number, passport number, date of birth); business information (such as name of organization, job title, department, business address, organization structure, shareholding or directorship); any recordings captured through our communications platform (such as Microsoft Teams or Zooms, etc.), details in business registration documents, third party due diligence, documents, credit checks, financial details including bank account details and bank account statement; demographic information and interests which will include any information that describe your demographic and behavioral characteristics (such as date of birth, age or age range, geographic location, personal preferences (e.g. food), medical condition (e.g. allergies), hobbies or interests and household or lifestyle information).
d. Website and Online communication usage
Details of your visits to our website, online platforms and information collected through cookies and other tracking technologies including, but not limited to, your log-in information, IP address and domain name, your browser version and operating system, information about your device, traffic data, location data, web logs and other communication data, and the resources that you access.
We use the following cookies:
· Analytical or performance cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Cookie Title & Cookie Name
|
Expiration
|
Purpose
|
ARRAffinity
|
Session
|
This cookie is set by the Azure Web App. It is used to store user session information at the server level. Its purpose is to ensure that subsequent requests from the same user are consistently routed to the same server instance.
|
ARRAffinitySameSite
|
Session
|
This cookie is set by the Azure Web App. It serves the same purpose as ARRAffinity to store user session information at the server level, but also helps to secure user sessions by ensuring that the cookie is not sent in cross-site requests. This enhances the overall security and protection of user data on the website.
|
wp-settings-time-1
|
1 Year
|
This cookie is set by WordPress to customise admin interface.
|
_ga
|
1 Year
|
This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. We use this cookie to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.
|
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
If any part of our website links you to external websites, those websites do not operate under this Privacy Statement and we do not accept any responsibility or liability arising from those websites. We recommend that you read the privacy/personal data protection statement/policy posted on those external websites in order to understand their procedures for collecting, processing, using and disclosing personal data and before submitting your personal data to those websites.
We may also collect information you provide in completing online subscriptions or registration and any online application forms or when you report a problem, raise a query or provide feedback on our online services.
e. Visitors to any of our offices, premises, or events
When you visit our offices or premises, we may collect and process your personal data in connection with your visit. Such personal data will include your contact information (such as name, address, email address and telephone number), identification information (such as national identification number, passport identification number or driver’s license information); business information such as name of organization, reason for visit, date and time of visit, biometric and facial recognition and access limitations.
Where we have installed CCTV in our offices, your image may be captured and recorded when you visit our premises that are protected by CCTV. Additionally, your image may be captured via photographs or videos taken by us or our representatives when you attend any of our events and promotional and marketing activities.
Our CCTV use is not intended to target or monitor any individuals but to provide a safe and secure workplace environment in the relevant premises.
During a health crisis or disease outbreak we may collect Special Category Data on your health and physical condition, health condition of individuals in your household, results of your health assessment, quarantine, and hospitalization information and any other information required or recommended to be held in connection with control or management of such health crisis or disease outbreak.
B. The Purposes for Collection of Personal Data
We may use personal data that we obtain for any of the following purposes:
a) To communicate effectively with you and conduct our business
To conduct our business, including to respond to your queries or resolve any disputes, which may arise in connection with any dealings with us, to otherwise communicate with you, or to carry out our legal obligations arising from any agreements entered into between you and us, or to maintain and update internal contact lists to effectively communicate with you.
b) To update you on contests, marketing information and promotions
To provide you with updates and offers including facilitating your participation in any technology challenges, programmes, roadshows, promotions, campaigns and events. We may also use your information for marketing our own or our partner’s products and services to you by post, email, and phone calls. Where required by applicable data protection laws, we will ask for your consent at the time we collect your data to conduct any of these types of marketing.
c) Personalization (offline and online)
With your consent (where required), we use your personal data to (i) analyse your preferences and habits; (ii) to anticipate your needs based on our analysis of your profile; (iii) to improve and personalize our online and offline interaction with you; (iv) to ensure that the contents from our websites or applications are optimized for your computer and device; (v) to provide you with targeted marketing content; (vi) to better understand our business and pattern and trends relating to our products; (vii) to develop or further improve our product and services; and (vii) allow you to participate in interactive features when you chose to do so.
d) To carry out due diligence or Know Your Customer screening activities
To carry out due diligence assessment prior to entering into legal relationship with us, in accordance with legal and regulatory obligations or risk management procedures that may be required by law or may have been put in place by us.
e) To monitor certain activities
To monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud, and to process any payments related to your commercial transaction with us.
f) To ensure the physical security and safety of visitors to our offices or premises
To prevent loss, fraud, theft, injuries, terrorism, and other such events which may have an impact on health, safety and security from taking place at any of our premises.
g) To notify you of changes
To notify you about changes to our services and products.
h) To ensure that our website content is relevant
To ensure that content from our websites and any other microsites are presented in the most effective manner for you and for your device (which may include passing your data to business partners, suppliers and/or service providers).
i) To re-organise or make changes to our business
In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (and its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Statement.
j) In connection with legal or regulatory obligations
We may process your personal data to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will generally direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
k) Other circumstances
In other circumstances, such purposes that are necessary or directly related to your relationship with us or where it is permitted under the applicable laws.