PERSONAL DATA (PRIVACY) POLICY STATEMENT (“Privacy Policy”)

Hiap Huat Portal Solutions Sdn. Bhd. (“Company”) intends to fully comply with the requirements of the Malaysian Personal Data Protection Act 2010 (“PDPA”). In doing so, the Company will ensure compliance by its staff to the strictest standards of security and confidentiality in respect of all personal data submitted by users via www.auto360.my and its sub-domains (collectively, “Sites”) and the Company will not release such personal data to any person without the prior consent of the relevant user(s) of the Sites (whether registered or not) (“User(s)”) except to the authorised persons listed under Paragraph 3 below.
Users are strongly advised to read this Privacy Policy carefully to have an understanding of the Company’s policy and practices with regard to the treatment of personal data provided by the Users on the Sites. This Privacy Policy is applicable to both registered and non-registered Users, and the provisions in this Privacy Policy may be updated, revised, varied and/or amended from time to time as the Company deems necessary.

1. Purpose of Collection of Personal Data
In the course of using the Sites, Users may disclose or be asked to provide their personal data. In order to have the benefit of and enjoy various services offered by the Sites, it may be necessary for Users to provide the Company with their personal data. Although Users are not obliged to provide all information as requested in the Sites, the Company will not be able to render certain services on the Sites in the event that Users fail to do so.
The Company’s purposes for collection of personal data on the Sites include but are not limited to the following:
(a) for the daily operation of the services provided to Users;
(b) to provide Users with a platform and forum for posting photos, sharing and discussing their insights in respect of services or products related to automobile industry;
(c) to identify Users who have posted advertisements, materials, messages, photos, views or comments or such other information (collectively “Information”) on the Sites;
(d) to identify Users who have viewed the Information posted on the Sites;
(e) to process any payments related to your requested service;
(f) to provide Users with marketing and promotional materials for their enjoyment of benefits as members of the Sites (for further details, please refer to Paragraph 4 with the heading “Subscription of Newsletter/Promotional Materials/Marketing Materials” below);
(g) to identify Users who have enjoyed their benefits as members of the Sites by receiving and using marketing and promotional materials;
(h) to allow members of the Sites to enjoy their benefits as members by enrolling for special events hosted by the Company and/or its affiliates;
(i) to design and provide products and services to Users;
(j) for other purposes relating to the provision of services offered by the Company and marketing, invitations to special events and/or promotions of the Company, its affiliates and/or their respective clients;
(k) to compile aggregate statistics about the Users and to analyse the Sites and service usage for the Company’s internal use; 
(l) for internal investigations, audit or security purposes; and
(m) to comply with legal and regulatory requirements.
If the Company requires the use of Users’ personal data for a purpose other than those set out above, the Company may request the Users’ consent to the same. If the User is a minor, the consent should be given by his/her parent or guardian.

2. Collection of Personal Data
The personal data of a User collected by the Company may include but is not limited to his/her name, log-in identity and password, national registration identity card number, passport number, address, email address, phone number, age, sex, date of birth, country of residence, nationality and other information that is/are not otherwise publicly available. Occasionally, the Company may also collect additional personal data from a User in connection with contests, surveys, or special offers.

The Company collects personal data by using the following methods, including:
(a) directly from Users when the Users submit their personal data to the Company vide registration as User at the Sites, subscribe to our publications and periodicals or respond to our marketing materials; and/or
(b) from third parties the Company deals with or connected to the User and from such other sources where the User has given consent for the disclosure of the personal data and/or from other methods that are lawfully permitted.  

3. Disclosure or Transfer of Data
The Company will only disclose and/or transfer Users’ personal data to the Company’s personnel and staff for the purpose of providing services to Users. However, the Company may also disclose and/or transfer such data to third parties under the following circumstances:
(a) where the information and/or data is disclosed and/or transferred to any third party suppliers or external service providers who have been duly authorised by the Company to use such information and/or data and who will facilitate the services on the Sites, under a duty of confidentiality;
(b) where the information and/or data is disclosed and/or transferred to any agents, affiliates or associates of the Company who have been duly authorised by the Company to use such information and/or data;
(c) where the Company needs to protect and defend its rights;
(d) where the Company considers necessary to do so in order to comply with the applicable laws and regulations, including without limitation compliance with a judicial proceeding, court order, or legal process served on the Sites; and
(e) where the Company deems necessary in order to maintain and improve the services on the Sites.
Personal data collected via the Sites may be transferred, stored and processed in any country in which the Company or its affiliates operate. As at the date of this Privacy Policy, the countries in which the Company or its affiliates operate are Malaysia, Thailand, Singapore and the United Kingdom. By using the Sites, Users are deemed to have agreed to, consented to and authorised the Company to disclose and/or transfer their personal data under the circumstances stated above, as well as to any transfer of information (including the Information) outside of the Users’ country.

4. Subscription of Newsletter/Promotional Materials/Marketing Materials
The Company and its affiliates may from time to time send newsletters, promotional materials and marketing materials to the Users based on the personal data that they have provided to the Company. The Company may use Users’ data in direct marketing and the Company requires the Users’ consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
(a) the name, contact details, age, sex, date of birth, country of residence, nationality of Users held by the Company from time to time may be used by the Company and/or its authorised personnel or staff in direct marketing;
(b) the following classes of services, products and subjects may be marketed:
(i) automotive or other means of transportation which may be deemed related products and services;
(ii) travelling related products and services;
(iii) special events hosted by the Company and/or its affiliates for Users, including but not limited to courses, workshops, and competitions;
(iv) reward, loyalty or privileges programmes and related products and services;
(v) special offers including coupons, discounts, group purchase offers and promotional campaigns;
(vi) products and services offered by the Company’s affiliates and advertisers (the names of such affiliates and advertisers can be found in the relevant advertisements and/or promotional or marketing materials  for the relevant products and services, as the case may be); and
(vii) donations and contributions for charitable and/or non-profit making purposes;
(c) The above products, services and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
(i) the Company’s affiliates;
(ii) third party service providers providing the products, services and subjects listed in Paragraph (b) above; and
(iii) charitable or non-profit marking organisations.
Suitable measures are implemented to make available to such Users the options to “opt-out” of receiving such materials. In this regard, Users may choose to sign up or unsubscribe for such materials by logging into the user account maintenance webpage, or clicking on the automatic link appearing in each newsletter/message, or contact the PDPA Compliance Officer at 03-6274 2460 or email to enquiry@auto360.my. 

5. Access
Any User is entitled to request access to or make amendments to his/her own personal data kept with the Company by contacting the PDPA Compliance Officer at the contact details provided in Paragraph 12 below.
In the event any User wishes to access or amend his/her personal data, the Company may request him/her to provide personal details in order to verify and confirm his/her identity. 
Further, the Company reserve the rights to charge a nominal fee permitted by law for the processing of any data access request to defray the Company’s administration cost. 
Notwithstanding the fact that the Users may withdraw their consent given to the Company earlier, the Company may keep the Users personal data and process the Users personal data in circumstances which are permitted by the law or as required under contractual obligations. 
The Company will respond to a Users’ requests within 21 days from the date of request and a notice will be issued to the User in the event the Company fails to accede to the request.

6. Cookies and Log Files
The Company does not collect any personally identifiable information from any Users whilst they visit and browse the Sites, save and except where such information of the Users is expressly requested. When Users access the Sites, the Company records their visits only and do not collect their personal data. The Sites’ server software will also record the domain name server address and track the pages the Users visit and store such information in “cookies”, and gather and store information like internet protocol (“IP”) addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data in log files. 
The Company does not link the information and data automatically collected in the above manner to any personally identifiable information. The Company generally uses such automatically collected information and data to estimate the audience size of the Sites, gauge the popularity of various parts of the Sites, track Users’ movements and number of entries in the Company’s promotional activities and special events, measure Users’ traffic patterns and administer the Sites. Such automatically collected data will not be disclosed save and except in accordance with Paragraph 3 with the heading “Disclosure or Transfer of Data”.

7. Links to Other Websites
The Sites may provide links to other websites which are not owned or controlled by the Company. Personal data from Users may be collected on these other websites when Users visit such websites and make use of the services provided therein. Where and when Users decide to click on any advertisement or hyperlink on the Sites which grants Users access to another website, the Users’ personal data may not be protected in these other websites. 
Non-registered Users who gain access to the Sites via their online social media accounts (including but not limited to Facebook) are deemed to have consented to the terms of this Privacy Policy, and such Users’ personal data which they have provided to those networking tools may be obtained by the Company and be used by the Company and its authorised persons in and outside of the User’s country for the purpose of providing services and marketing materials to the Users. These Users are deemed to have consented to the Company and its authorised personnel’s access and use of their personal data so obtained. However, Users will still be allowed to opt-out or unsubscribe from marketing materials provided through these channels.
This Privacy Policy is only applicable to the Sites. Users are reminded that this Privacy Policy grants no protection to Users’ personal data that may be exposed on websites other than the Sites, and the Company is not responsible for the privacy practices of such other websites. Users are strongly recommended to refer to the privacy policy of such other websites.

8. Security
The security of Users’ personal data is important to the Company. The Company will always try its best to ensure that Users’ personal data will be protected against unauthorised access. The Company has implemented appropriate electronic and managerial measures in order to safeguard, protect and secure Users’ personal data.
All personal data provided by Users are only accessible by the authorised personnel of the Company or its authorised third parties, and such personnel shall be instructed to observe the terms of this Privacy Policy when accessing such personal data. Personal data will only be kept for as long as is necessary to fulfil the purpose for which it is collected.  Registered Users should safeguard his/her unique log-in identity and password by keeping it secret and confidential and never share these details with anyone.
The Company uses third party payment gateway service providers to facilitate electronic transactions on the Sites.  Regarding sensitive data provided by Users, such as credit card number for completing any electronic transactions, the web browser and third party payment gateway communicate such information using secure socket layer technology (SSL).
The Company follows generally accepted industry standards to protect the personal data submitted by Users to the Sites, both during transmission and once the Company receives it. However, no method of transmission over the Internet, or method of electronic storage, is entirely secure. Therefore, while the Company carries out reasonable measures to protect Users’ personal data against unauthorised access, the Company cannot guarantee its absolute security.

9. Retention of Personal Data
Once the Company has obtained a User’s personal data, it will be maintained securely in the Company’s system. Subject to the provisions in PDPA, the personal data of Users will be retained by the Company for a period of 7 years even after deactivation of the relevant service unless the User requests the Company in writing to erase his/her own personal data from the Company's database or to terminate his/her membership of the Sites.

10. Changes in this Privacy Policy
The Company reserves the right to update, revise, modify or amend this Privacy Policy in the following manner at any time as the Company deems necessary and Users are strongly recommended to review this Privacy Policy frequently. If the Company decides to update, revise, modify or amend this Privacy Policy, the Company will post those changes to this webpage and/or other places the Company deems appropriate so that Users would be aware of what information the Company collects, how the Company uses it, and under what circumstances, if any, the Company discloses it.
If the Company makes material changes to this Privacy Policy, the Company will notify Users on this webpage, by email, or by means of a notice on the home page of the Company.

11. Language
This Privacy Policy is issued in both English and Bahasa Malaysia versions. In the event of any inconsistency, the English language version of this Privacy Policy shall prevail. 

12. Contact Us
Should the Users have any queries, concerns or complains in relation to this Privacy Policy, or if Users wish to access and correct their personal data, kindly contact us during office hours (Mondays to Fridays between 8.30am to 6.30pm) at the following:

HIAP HUAT PORTAL SOLUTIONS SDN BHD
No. 46, Jalan E1/2, 
Taman Ehsan Industrial Park,
52100 Kepong, 
Selangor Darul Ehsan, 
Malaysia.
Tel: 03 - 6274 2460
Fax: 03 - 6272 2584
Email: enquiry@auto360.my 
Attention: PDPA Compliance Officer
    
About Us FAQ T&C Content Policy Privacy Policy Contact Us
Auto360 © 2015. All Rights Reserved.