It is Crestar Education (Malaysia) Sdn. Bhd. (“Kinderland”)’s policy to comply with all applicable primary and data protection laws in accordance with Malaysia’s Personal Data Protection Act 2010 (“PDPA”). Kinderland recognises the importance of the personal data that parents and/or guardians and their children, and the relevant public (collectively referred to as “the Public”) have entrusted to the organization. It is Kinderland’s responsibility to properly manage, protect and process personal data. Should the Public at any time, have any queries relating to personal data, they may contact Kinderland’s Data Protection Officer (“DPO”) at email@example.com
Introduction To The PDPA
- “Personal Data” as defined under the PDPA refers to data collected, whether true or not, about an individual who can be identified from that data, or from the data and other information to which an organisation has or is likely to have access.
- The Public will be notified of the purposes for that personal data is collected, used, disclosed and/or processed and obtain consent, unless an exception under the law permits that no prior consent is needed by Kinderland to collect and process personal data.
Purposes For Collection, Use, Disclosure and Processing Of Personal Data
The personal data which Kinderland collects may be used, disclosed and/or processed for:
- Assessing the Public’s suitability for programme enrolment;
- Facilitating student-related and/or enrolment-related matters such as tracking and managing attendance and academic performances, application and renewal of student passes
- Providing information and/or updates related to Kinderland’s programmes, products and services, marketing campaigns, promotions, benefits, and events by SMS, phone, email, fax, mail, website, social media and/or any other appropriate communication channels;
- Administering and processing of any payments, fee adjustments, insurance claims, refunds and waivers related to programmes, products, services and/or training requested;
- Responding to any enquiries, requests or complaints and resolving any issues and disputes which may arise from any relationships with Kinderland;
- Conducting market research or surveys on Kinderland’s programmes, products and/or services;
- Processing of royalty payments, referral payments and commission fees to Kinderland’s business and corporate partners;
- Sharing of personal data with Kinderland and any organization under the Crestar Education Group’s business or corporate partners for the development of programmes, products and/or services or launch of marketing campaigns;
- Sharing of personal data with financial institutions for processing of payment instructions, applying and obtaining credit facilities;
- Maintaining and updating school records;
- Audit, risk management and security purposes;
- Detecting, investigating and preventing fraudulent, prohibited or illegal activities and analysing and managing commercial risk;
- Enabling Kinderland to perform its obligations, transfer, assign and enforce rights, interests and obligations under any agreements or documents that the company is a party to or entered into;
- Meeting or complying with any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to Kinderland;
- Enforcing or defending Kinderland and the Public’s rights, and complying with obligations under the applicable laws, legislations and regulations; and/or
- Other purposes which Kinderland notifies at the time of obtaining the Public’s consent; and/or any purpose which is reasonably related to the aforesaid, (collectively referred to as “Purposes”);
- As the Purposes for which Kinderland may or will collect, use, disclose or process the Public’s personal data depends on the circumstances at hand, such purpose may not appear above. However, Kinderland will notify the Public of such other purposes at the time of obtaining consent, unless the processing of personal data without consent is permitted by the PDPA or by law.
Specific Issues for The Disclosure Of Personal Data To Third Parties
Kinderland respects the confidentiality of the personal data the Public has provided. Kinderland will not disclose the Public’s personal data to third parties without first obtaining consent to do so. However, there are situations that Kinderland may disclose the Public’s personal data to third parties without first obtaining the Public’s consent including, without limitation, the following:
- Cases in which disclosure is required or authorised based on the applicable laws and/or regulations;
- Cases in which the purpose of such disclosure is clearly in the Public’s interests, and if consent cannot be obtained in a timely way;
- Cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of the Public or another individual;
- Cases in which the disclosure is necessary for any investigation or proceedings;
- Cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of a law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- Cases in which the disclosure is to a public agency and such disclosure is necessary for the Public’s interests; and/or
- Where such disclosure without the Public’s consent is permitted by the PDPA or by law.
The instances listed above are not intended to be exhaustive. For more information, please visit https://www.pdp.gov.my/jpdpv2/
In the event that by Kinderland discloses the Public’s personal data to third parties with the Public’s consent, Kinderland will employ the best efforts to safeguard the Public’s personal data.
Access And Correction
The Public may request to update the personal data in Kinderland’s records by submitting a written request to the DPO through email or letter. For a request to update personal data, once Kinderland has sufficient information from the Public, Kinderland will:
- Provide or correct the Public’s relevant or personal data within 30 days. If Kinderland is unable to do so within the said 30 days, Kinderland will notify the Public of the soonest practicable time within which correction can be made. (Note: The PDPA exempts certain types of personal data from being subject to the Public’s correction request as well as provides for situations when correction need not be made by Kinderland despite the Public’s request); and
- Send the corrected personal data to organisations to which the personal data was disclosed by Kinderland within a year before the date the correction was made unless the other organisation does not need the corrected personal data for any legal business purpose. Though, Kinderland may, if the Public gives consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by Kinderland within one (1) year before the date the correction was made.
Request To Withdraw Consent
- The Public may withdraw their consent for the collection, use and/or disclosure of their personal data by submitting their request to Kinderland’s DPO through email or letter.
- Kinderland will process the Public’s request within seven (7) working days from the date the request for withdrawal of consent was made, and will thereafter not collect, use and/or disclose the Public’s personal data.
- However, the Public’s withdrawal of consent could result in certain legal consequences arising from such withdrawal. Depending on the extent of the withdrawal of consent, it may mean that Kinderland will not be able to continue with the existing relationship with the Public and the contract that the Public has with Kinderland will have to be terminated.
Management Of Data (Accuracy, Completeness, Protection and Retention)
- Kinderland will take reasonable efforts to ensure that the Public’s personal data is accurate and complete. Kinderland will not be responsible for relying on inaccurate or incomplete data arising from the Public not updating Kinderland on any changes in their personal data that was initially provided.
- Kinderland will also put in place reasonable security arrangements to ensure that all personal data is adequately protected and secured. However, Kinderland cannot assume responsibility for any unauthorised use of the Public’s personal data by third parties.
- Kinderland will also put in place measures such that the Public’s personal data in Kinderland’s possession or under Kinderland’s control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
- If the Public’s personal data is to be transferred out of Malaysia, Kinderland will comply with the PDPA in doing so. Kinderland will also take appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations that are in line with the requirements under the Act.
The Public may contact Kinderland’s DPO through email or letter if they have any complaints or grievances with regard to the handling of personal data or Kinderland’s compliance with the PDPA.
Updates On Data Protection Policy
- As part of Kinderland’s efforts to ensure that Kinderland properly manages, protects and processes the Public’s personal data, Kinderland will review the policies, procedures and processes from time to time.
- Kinderland reserves the right to amend the terms set forth under this Data Protection Policy at Kinderland’s absolute discretion. All amended Data Protection Policy will be posted on Kinderland’s website.
- The Public is encouraged to visit Kinderland’s website from time to time to ensure that they are well informed of Kinderland’s latest policies in relation to personal data protection.
Data Protection Officer
Crestar Education (M) Sdn. Bhd.
No. 22A, First Floor, Jalan USJ11/3J,
47620 Subang Jaya, Selangor, Malaysia