pdpa privacy statement
The EIG Group of Companies (“EIG Group”) recognizes the importance of protecting your personal information and this Personal Data Protection Notice explains how we collect and handle your personal information.
(1) Personal information
1.1 Type of personal information
Personal information means any information which relates to you and which was collected or provided to EIG Group for the purposes stated in Section 2 below. The personal information may include but is not limited to the following:
a. name, job title and company name;
b. age, gender, date of birth, national registration identity card number, passport number;
c. race, ethnic origin, nationality;
d. contact information including address, email address and phone number;
e. marital status, details of spouse or children or immediate family, education, occupation, income range, employer name and contact details;
f. language and/or communication channel preferences
g. income range and financial and banking account details; and
h. such other relevant information from time to time requested by EIG Group to enable us to provide you with our services and products.
1.2 Sources of personal information
(i) Customer or potential customer: EIG Group collects your personal information directly from you or indirectly via completed enquiry, application and/or registration forms via various means, including online and physical hardcopies at public venues or in any of our premises. Your personal information may also be collected from cookies through the use of our website or at any of our marketing events.
(ii) Vendor, supplier, tenant or service provider: EIG Group collects your personal information directly from you or indirectly when you send us completed enquiry and/or credit application forms via various means, including online and physical hardcopies. Your personal information may also be collected from cookies through the use of our website or at any of our marketing events.
We may also verify or source personal information about you from third party sources (both public and private) such as credit reporting agencies, Companies Commission of Malaysia and the Insolvency Department of Malaysia.
1.3 Obligatory personal informationAll information requested for in the relevant forms is obligatory to be provided by you unless stated otherwise.
Should you fail to provide the obligatory information, we would be unable to process your request and/or provide you with relevant services.
(2) Personal information collected for the following purposes:
• To give effect to your requested commercial transaction, including the provision of services / products requested by you;
• To keep you well informed of new products, services and/ or events offered by us;
• To facilitate your participation in any contests or events;
• To process any payments related to your requested service;
• For internal investigations, external credit checks, audit or security purposes;
• To conduct internal marketing survey, trend analysis and analysis of customer patterns and choices;
• To comply with EIG Group’s legal and regulatory obligations in the conduct of its business;
• To contact you regarding products, services, upcoming events, promotions, advertising, marketing and commercial materials which we may feel to be of interest to you;
• To ensure that the content from our website is presented in the most effective manner for you and your computer and/or device;
• For EIG Group’s internal records management, customer relations events and activities, and customer loyalty reward program;
• To process your credit account application & to assess your credit worthiness;
• To enforce EIG Group’s legal rights and/or obtaining legal advice wherever necessary; and
• For any ancillary purposes directly related to the above.
(collectively “the Purposes”)
The personal data collected will be retained by us for the duration required / permitted under Malaysian law, which may extend to periods after termination of your contractual relationship with us. EIG Group shall take all reasonable steps to ensure that all personal information is destroyed or permanently deleted if it is no longer required for the Purposes stated herein.
(3) Disclosure of personal information
3.1 Entities within EIG Group
Your personal information provided to us is processed by entities (in or outside of Malaysia) within EIG Group (including related companies, subsidiaries, holding companies, associated companies and outsourcing partners).
EIG Group will maintain the security of your personal information as follows:
(i) access to your personal information is restricted to relevant staff on a need-to-know basis;
(ii) maintain adequate security control systems to safeguard the confidentiality and security of your personal information;
(iii) take reasonable steps to ensure that the personal information is accurate, complete, not misleading and kept up-to-date by having regard to the Purposes herein, including any directly related purposes, for which the personal information is collected and processed;
(iv) Where we appoint third party service providers, agents or contractors to provide services to us, we ensure that these third parties observe similar security measures as adopted by us.
EIG Group may disclose your personal information to:
• Our directors and officers for purposes relating to your use of our services / products;
• Regulatory bodies such as the Securities Commission, Bursa Malaysia Securities Berhad and the Companies Commission of Malaysia which have oversight over our activities;
• Our auditors, lawyers, consultants and other advisors;
• Any party to whom EIG Group’s rights are legally assigned/novated and/or transferred;
• Third party service providers, agents or contractors that the EIG Group engages for the Purposes set out in Section 2;
• Any other party to whom such disclosure is required by law or regulatory requirement; and
• Any other persons under a duty of confidentiality to the Group or any company within the Group,
Not with standing that any such persons may be outside Malaysia, for any of the above Purposes or any other purpose for which your personal information was to be disclosed at the time of its collection or any other purpose directly related to any of the above Purposes.
4.1 Links to other sites
We are not responsible for the content on the linked sites or any use of the site that was provided for your convenience and information. However, these sites may have their own privacy statement in place, which we recommend you to review if you were to visit any such linked websites.
4.2 Location enabled products or applications
Location enabled features are opt-in and you have control over your participation and can turn these services off at any time or uninstall them.
(i) the date and time you accessed each page on our web site;
(ii) the URL of any webpage from which you accessed our site (the referrer); and
(iii) the web browser that you are using and the pages you accessed.
Some web pages may require you to provide a limited amount of personal information in order to enjoy certain services on our websites (system login credentials, email address and contact, etc). These personal information will only be used for its intended purposes only, i.e. to respond to your message or deliver the requested services.
(5) Right to access and correct personal information
In accordance with the provisions of the Act, you may:
(i) check whether EIG Group holds data about you and of access to such data;
(ii) request EIG Group to correct any data relating to you which is inaccurate, incomplete, misleading or not updated;
(iii) request clarification on EIG Group’s policies and practices in relation to any personal data held by EIG Group,
except where compliance with a request to such access or correction is refused under the Act.
In accordance with the Act, EIG Group has the right to charge a fee for the processing of any data access request.
You may request for access to or correction of data or for information regarding policies and practices and kinds of data held, by mail to the address stated in Section 6 below.
(6) Acknowledgement and Consent
By communicating with EIG Group, purchasing or using EIG Group’s products, services and/or facilities or by virtue of your engagement with EIG Group, or use of this website, you acknowledge that you have read this Notice and agree and consent to the use, processing and transfer of your Personal Information by EIG Group as described in this Notice.
If you are below the age of 18, please bring this notice to the attention of your parent/legal guardian. As a parent or legal guardian, please do not allow the minor (individuals under 18 years of age) under your care to submit personal information to EIG Group. In the event that such personal information is provided to EIG Group, you hereby consent to the processing of the minor’s personal information and personally accept and agree to be bound by this Notice and take responsibility for his or her actions.
EIG Group reserves the right to amend this Personal Data Protection Notice at any time and will place notice of such amendments on its website at estheticsgroup.com. By continuing to communicate with EIG Group, by continuing to use or purchase EIG Group’s products, services and/or facilities or by your continued engagement with EIG Group following the modifications, updates or amendments to this Notice, such actions shall signify your acceptance of such modifications, updates or amendments.
(7) Amendments and Contact details
Complaints or enquiries relating to any matter concerning your personal data can be made to the following personnel:
Customer Service Manager
Esthetics International Group
Lot 11, Jalan Astaka U8/88
Bukit Jelutong, Seksyen U8
40150 Shah Alam
Selangor Darul Ehsan
Email : firstname.lastname@example.org
(i) Where you are a partnership or other unincorporated body of persons, the giving of this Personal Data Protection Notice addressed to the partnership or other unincorporated body of persons shall be deemed as a notice given to all your partners or office-bearers (as the case may be) whose data are collected and/or processed by EIG Group for the Purposes stated herein. In this regard, you warrant that you have obtained the consent of all such individuals to the provision of their data to EIG Group for the foregoing Purposes and for disclosure to such parties as stipulated above and you undertake to extend a copy of this Personal Data Protection Notice to all such individuals, which expression shall include all your existing and new partners or office-bearers (as the case may be) from time to time.
(ii) This Personal Data Protection Notice shall also apply (as the context shall require) in relation to the usage, processing and disclosure of the data of any other individual who is not a customer, potential customer, vendor, supplier, tenant or service provider as set out in Section 1.2 but whose data is required to be collected by EIG Group by reason of, or incidental to the provision of the services requested to be provided to you. In this regard, you confirm and warrant that you have obtained the consent of such individuals to the provision of such data to EIG Group for the foregoing Purposes and for disclosure to such parties as stipulated above.