Yes, if your personal data is processed in Malaysia, and it is transferred to a party outside Malaysia, it will be covered under PDPA. However, PDPA will not protect personal data processed outside Malaysia.

TH will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements and regulations as well as TH internal requirements.

TH is taking comprehensive measures to ensure your personal data security and confidentiality is protected via physical security, technical and IT process requirement.

Your rights are as follows:

1. The right to be informed whether your personal data is processed by TH;
2. The right to access personal data;
3. The right to rectify personal data;
4. The right to withdraw consent for processing personal data;
5. The right to prevent the processing of personal data that is likely to cause damage or distress; and
6. The right to prevent from processing personal data for direct marketing purposes.

Failure to provide your personal data or withdraw your consent to allow TH to process your personal data, it may cause TH unable to provide the products and services which are related to you in an effectively and continuously manner. If you do not give consent to TH for marketing purposes, TH will stop sending you the marketing material for your products and services. However, TH may still use your personal data for purpose of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes.

PDPA is an act enacted by the Malaysia Government and was established on 15 November 2013 to protect individual personal data and sensitive personal data in commercial transaction. PDPA has seven principles of information management practices that must be adhered, namely: -

1. General Principle;
2. Notice and Choice;
3. Principle of Disclosure;
4. Principle of Security;
5. Principle of Storage;
6. Principle of Data Integrity; and
7. Principle of Access

PDPA defines “processing” as the collection, recording, handling, storing, organizing, modifying, disclosing and destroying of personal data information. By only reading or accessing information is already considered as “processing”. Example of activities that is considered as “processing” include:

1. Collection of data using forms, via phone or the website;
2. Data publication;
3. Selling of data;
4. Using data for administrative purposes;
5. Using data for marketing purposes;
6. Recording of data;
7. Disclosing of data to other organizations; or
8. Destroying of data.

PDPA defines “processing” as the collection, recording, handling, storing, organizing, modifying, disclosing and destroying of personal data information. By only reading or accessing information is already considered as “processing”. Example of activities that is considered as “processing” include:

1. Collection of data using forms, via phone or the website;
2. Data publication;
3. Selling of data;
4. Using data for administrative purposes;
5. Using data for marketing purposes;
6. Recording of data;
7. Disclosing of data to other organizations; or
8. Destroying of data.

Personal data are information you provided to subscribe to TH’s products and services so that we can provide you with an efficient and effective services. Your personal data are as follows: -

1. Your identity (including name, date of birth, identification number);
2. Your contact details (including address, telephone number and email address); and
3. Other information (including job and your employer’s name).

Your sensitive personal data are as follows: -

1. Health, physical or mental condition;
2. Political opinion;
3. Religious beliefs and other beliefs; and
4. Behaviour or any offences.