Our Privacy Policy outlines how Dufu Technology Corp. Berhad processes your personal data in respect of how we safeguard the personal data in compliance with the Personal Data Protection Act (PDPA) 2010.
“Dufu” or “we” or “us” in this notice refers individually or collectively to entities of the Dufu Technology Corp. Berhad including its holdings, subsidiaries, joint ventures and affiliate companies.
Your consent is important
When you are in contact with us you may be required to provide Dufu with your personal data. In doing so, you consent to it being processed by Dufu in accordance with this Privacy Policy.
You have the choice, at any time, not to provide your personal data or to withdraw your consent to Dufu on the processing of your personal data. However, failure to provide such personal data or withdrawal of your consent to process personal data provided may result in Dufu being unable to provide you with effective and continuous products and/or services.
What types of personal data do we collect?
Personal data refers to any information that relates directly or indirectly to an individual, who is identified or identifiable from that information or from that and other information in the possession of Dufu, including any sensitive personal data (e.g. data relating to physical or mental health, political opinion, religious affiliation, etc.) and expression of opinion.
The types of personal data we collect may include, but is not limited to your name, address, other contact details, age, gender, occupation, marital status, financial information such as your income, identity card or passport details, place of birth, credit history and your transaction history.
The personal data we collect can be either obligatory or voluntary. Obligatory personal data are those that we require in order to provide you with our products and services. If you do not provide us with obligatory personal data, we would not be able to provide you with our products and services. Voluntary personal data are those that are not mandatory. If you do not provide us with voluntary personal data, you can still sign up for our products and services. Obligatory and voluntary personal data differ for each products and services and will be indicated where appropriate.
How do we collect your personal data?
1. From information that you provide us directly;
2. When you communicate with us in writing; through electronic mail; telephone calls; conversation with our personnel; or by any other means:-
- In purchasing and/or submitting tender documents;
- Express or register interest, or request information on our tender or business opportunities, employment opportunities, services or products
- Respond to any marketing material or survey we send out
- Visit any of our offices
- Visit our website
- Lodge a complaint with us
- Provide feedback or comments to us
- Contact us for any enquiries
3. From information obtained from sources where you have given your consent for disclosure
4. Where lawfully permitted
What is the purpose of processing your personal data?
We may process your personal data for the following reasons:
- For administrative purposes
- To assess your application for any of our products/services
- To engage in business transactions in respect of products/services to be offered and provided to you
- To provide you with the products/services you have requested
- To administer and manage the products/services we provide you (including charging, billing, facilitating payments, collecting debts, accounting and tax)
- To respond to your enquiries and complaints and to resolve disputes
- For internal functions such as evaluating statistical analysis or publicity or marketing research activities in a manner that does not identify you as an individual
- To keep in contact with you and provide you with any information you have requested
- To establish and better manage any business relationship we may have with you
- To process any communications you send us (for example, answering any queries and dealing with any complaints and feedbacks)
- To maintain records required for security, claims or other legal purposes
- To comply with legal and regulatory requirements
- For any other purposes that is required or permitted by any law, regulations, guidelines and/or relevant regulatory authorities
- For security and safety reasons of our guests/tenants/buildings/premises
To whom do we disclose your personal data?
Your personal data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services and to comply with any legal and regulatory requirements, we may need to disclose your personal data to:
- Strategic partners of Dufu
- Internally within Dufu
- Our authorised agents and service providers with whom we have contractual agreements for some of our functions, services and activities
- Financial service providers
- Parties authorised by you
- Enforcement regulatory and governmental agencies as permitted or required by law, authorised by any order of court or to meet obligations to regulatory authorities
The disclosure of your data may involve the transfer of your personal data to places outside of Malaysia, and by providing us your personal data you agree to such a transfer where it is required to provide you the services you have requested, and for the performance of any contractual obligations you have with Dufu including for storage purposes.
Disclosure of sensitive personal data will not be undertaken unless your explicit consent is obtained prior to the disclosure.
How do we protect your data?
The security of your personal data is our priority. Dufu takes all physical, technical and organisational measures needed to ensure the security and confidentiality of personal data. If we disclose any of your personal data to our authorised agents or service providers, we will require them to appropriately safeguard the personal data provided to them.
How long may we retain your personal data?
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory, accounting and internal requirements to protect our interest. Thereafter we will destruct or permanently delete your data.
How can you access / correct / update your personal data?
We are committed to ensure that the personal data we hold about you is accurate, complete, not misleading and up-to-date.
You have the right to access your personal data, to update or correct the same, as well as the right to withdraw your consent or prevent processing. We may take steps to verify your identity before fulfilling your request.
Please be aware that once we receive confirmation that you wish to withdraw your consent, it may take up to twenty one (21) days to effect your request.
Changes to this Privacy Policy
Please note that we may update this Privacy Policy from time to time. If there are material changes to this Privacy Policy, we will notify you by posting a notice of such changes on our website. Do periodically review this Privacy Policy to stay informed on how we are protecting your information.
If you have any questions or concerns with respect to your personal data, you may contact us by email at corporateaffairs@dufu.com.my.
If you wish to access your personal data to update or correct the same, or to withdraw your consent, please contact us by email at corporateaffairs@dufu.com.my.
We trust you agree and consent to the above-mentioned conditions in the processing of your personal data. Thank you for your kind attention.