Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy is issued to all our existing and/or prospective customers, suppliers and employees pursuant to the Personal Data Protection Act 2010 (“the Act”) which came into effect on 15th November 2013.

1. Collection of Personal Data

In the course of your dealings with Tomei Signature Sdn Bhd and/or any of its subsidiaries (“Tomei/ we/ us/ our”), we will request that you provide data and information about yourself (“Personal Data”) to enable us to enter into commercial transaction with you or to deliver the necessary notices, services and/or products in connection with our business. These are relevant in connection with our business process, execution, including delivery of notices, services and/or products, client relationship management, planning purposes in connection with future products, new product launches and events including promotional events with business partners.

2. Personal Data

Such Personal Data may be subject to applicable data protection, privacy and other similar laws and may include but not limited to information concerning your name, date of birth, identity card number, passport number, address, gender, race, nationality, contact information, e-mail address, and any other details preferred mode of communication, where permitted by applicable law.

3. Purpose of Collection of Personal Data

The Personal Data will be collected, processed and used by us for the following purposes:

(a) the delivery of notices, services or products and the marketing of such services or products whether present or future, to you.

(b) in order for you to enter into the necessary contract to purchase the products and/or services from us.

(c) the maintenance and upkeep of customer records and development.

(d) those purposes specifically provided for in any particular service or product offered by us or our partners.

(e) marketing and client profiling activities regarding our latest products and/or services.

(f) preparation and execution of all necessary documents and/or contracts for our products and/or services with you.

(g) credit assessments, financial and background checking as and when deemed necessary.

(h) our internal record keeping.

(i) prevention of crime (including but not limited to fraud and money-laundering).

(j) meeting any legal or regulatory requirements relating to our provision of services and products and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to us or any member companies of our Group.

(k) enable us to send you information by e-mail, regular postal mail, telecommunication means (telephone calls, SMS messages or social chat applications) or internet social media about products and services offered by selected third parties that we think may interest you but doing so we maintain control over your Personal Data and we will not disclose your Personal Data to any third parties without your prior written consent.

(l) any subsequent commercial transactions in relation to any products and/or services.

(m) enable us to furnish and submit your Personal Data to the relevant Government bodies/agencies/local authorities and institutions as mandated by law.

4. Source of Personal Data

The Personal Data collected, processed and used by us are sourced from wholly legitimate and transparent means such as:

(a) business transactions for sale of our products and/or services.

(b) official registration and subscription (either electronic or printed) to our loyalty programme, online sales and enquiries or any other promotional events.

(c) official Request for Information forms that are provided to you by our employees.

(d) any emails or any correspondences that we have received from you requesting for information or making any inquiries.

(e) any forms that you have submitted on our website or any websites contracted by us.

(f) any referrals from a person which have included their verifiable personal contact details.

(g) Business cards that were dropped or given to our employees, or associates.

(h) any documents (including but not limited to statutory forms and returns) that were submitted to us for processing.

At no time will any Personal Data be purchased by us or in any way commercially acquired through the purchase or trading of illegitimate and illegal Personal Data databases or lists.

5. Rights of Access and Correction

You have the right to:

(a) request access to your Personal Data in our records for verification purposes. You may access and review all of your Personal Data held by us in writing (via email or post) to our customer service officer located at the address given in clause 5(h) below.

(b) request the correction of your Personal Data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information provided in writing (via email or post) to our customer service officer located at the address given in clause 5(h) below.

(c) request that your Personal Data shall only be kept for the fulfilment of the purpose of the collection of such information.

(d) request for proof of policy and procedure in relation to the safeguard and guarantee of your Personal Data in our records.

(e) request that we specify or explain its policies and procedures in relation to data and types of Personal Data handled by us.

(f) communicate to us in writing (via email or post) to our customer service officer located at the address given in clause 5(h) below your objection to the use of your Personal Data for marketing purposes, whereupon we will not use your Personal Data for these purposes.

(g) withdraw, in full or in part, your consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period in writing to our corporate offices located at the address given in clause 5(h) below.

(h) You may make a request to access, review, amend and correct your Personal Data at:

Tomei Consolidated Berhad
Customer Engagement Department.
No.8, Jalan 2/131A,
Batu 6, Jalan Kelang Lama,
58200 Kuala Lumpur.
Tel. No.: 03-7784 8136
Email:  online@goldheart.com.my

6. Disclosure of Personal Data

The information we gather is not given to, or otherwise shared with other organisations other than within Tomei and their relevant employees for commercial or any other purposes. We do, however, send out emails on behalf of selected subsidiaries or organisations to those of our subscribers who have opted in to receive these messages. We send the messages directly, so at no time do the advertisers get to see users’ personal information – unless of course users respond or reply to these advertisements or mailings themselves.

The Personal Data provided to us will be kept confidential and we will seek your agreement, consent and authorisation to disclose your Personal Data to the following classes of parties:

(a) any persons, government agencies, statutory authorities and/or industry regulators whom we are compelled or required to do so pursuant to any law.

(b) any related companies and/or subsidiaries of Tomei, including those incorporated in the future.

(c) our auditors, consultants, lawyers, or other financial or professional advisers appointed in connection with our business.

(d) our third party service providers, third party management companies, or other parties as may be deemed necessary by us to facilitate your dealings with us.

(e) our appointed service providers in relation of our loyalty programmes, for the purpose of delivery gift redemption and services.

Third parties are legally tasked with processing your Personal Data in line with principles specified by Tomei Consolidated Berhad. Third parties are also held legally responsible for securing your Personal Data at an appropriate level of security in relation to applicable data protection laws and widely accepted industry standards.

You may at any time withdraw, in full or in part, your disclosure consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period in writing to our customer service officer located at the address given in clause 5(h) above.

7. Choices to Limit Processing of Personal Data

The Personal Data provided to us undergoes processing as and when required or upon scheduled maintenance. The definition of processing defines it as “any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.”

You have the right to limit in part or wholly any of the processes by which your data is subjected to in terms of the operations allowed to be performed upon it, the period of time allowed or alternatively the date line of the consent given.

The responsibility for compliance rests on the shoulders of Tomei who determines the purposes and means of the processing of Personal Data.

You may at any time withdraw or amend, in full or in part, your processing consent given previously, in each case subject to any applicable legal restrictions, contractual conditions and a reasonable time period in writing to our customer service officer located at the address given in clause 5(h) above.

8. Consequences of Refusal / Failure to Provide Personal Data

The Personal Data provided to us are wholly voluntary in nature and you are not under any obligation or under any duress to do so. However, in some circumstances such as the online registration and sales transactions, requires certain personal details and information beforehand.

The failure to provide the Personal Data may result in the following which we shall not be held liable for any of the consequences arising therefrom:

(a) the inability of parties to accurately formalize any sales transactions in relation to the sale of our products and/or services.

(b) the inability for us to provide you with the notices, services and/or products requested.

(c) the inability for us to update you with the latest product information and/or launches.

(d) the inability to complete commercial transactions in relation to our products and/or services.

(e) the inability to comply with any applicable law, regulation, direction, court order, by laws, guidelines and/or codes applicable to us.

9. Protection of Personal Data

Your Personal Data will be kept and processed in a secured manner. The appropriate administrative and security safeguards, policies and procedures will be implemented, as far as practicable, in accordance to the applicable laws and regulations. We will, as far as practicable, aim to prevent any unauthorized and/or unlawful processing of, and the accidental loss, destruction or damage to your Personal Data.

Tomei is committed to taking appropriate technical, physical and organisational measures to protect your Personal Data against unauthorised access, unlawful processing, accidental loss or damage, and unauthorised destruction of your Personal Data.

To safeguard against unauthorised access to Personal Data by third parties outside Tomei, all electronic Personal Data held by Tomei is maintained on systems that are protected by secure networks. Tomei limit the access to its internal systems that hold Personal Data to a select group of authorised users who are given access to such systems through the use of a unique identifier and password. Access to Personal Data is limited to and is provided only to relevant users for the purpose of performing their official duties.

Compliance with these provisions will be required of all third-party administrators who may access your Personal Data, as described in the ‘Disclosure of Personal Data in Clause 6 above.

10. Retention of Personal Data

We will retain your Personal Data in compliance with this Privacy and Personal Data Protection Policy and/or the terms and conditions of your agreement(s) with us for the duration of your relationship with us, for such period as long as necessary for the aforementioned purposes, unless required by the law and/or where required by our internal policies.

11. Language

In accordance to Section 7(3) Personal Data Protection Act 2010, this Policy is issued in both Bahasa Malaysia and English languages. In the event of any inconsistency, the English language version of this Policy shall prevail.

12. Your Privacy Preferences and How to Contact Us:

To learn more about our Privacy Policy, please read our Privacy Policy at goldheart.com.my/pdpa/

If you wish for any clarification by us via any mode of communication, you may –

(a) email us to: online@goldheart.com.my

(b) write to us at the following address –

Tomei Consolidated Berhad
Customer Engagement Department.
No.8, Jalan 2/131A,
Batu 6, Jalan Kelang Lama,
58200 Kuala Lumpur
Tel. No.: 03-7784 8136

13.  Changes to this Policy

Tomei reserves the right to amend this Policy as and when needed, as necessary, to comply with changes in business operations or laws and regulations. Tomei will post all changes to this policy at goldheart.com.my/pdpa/