1.1 This Privacy Policy describes how Crown Equipment Sdn Bhd (“Crown") manages personal data (as defined in paragraph 2 below) which is in our possession or under our control in accordance with applicable data protection laws and regulations, including the Personal Data Protection Act 2010 (Act 709) and its subsidiary legislations, orders, gazettes, etc ("PDPA”).
1.2 This Privacy Policy does not supersede or replace any other consents you may have previously or separately provided to us in respect of your Personal Data, and your consent to this Privacy Policy is in addition to any other rights which we may have at law to collect, use, process or disclose your Personal Data.
2.1 Pursuant to the PDPA, “Personal Data” refers to any information in respect of commercial transactions, that relates directly or indirectly to an individual who is identified or identifiable from that information which is in Crown’s possession and includes any sensitive personal data and expression of opinion about the individual.
2.2 In this respect, we may collect the following:
(a) your name, NRIC, passport or other identification number, telephone number(s), residential address, mailing address, email address;
(b) driver’s license details work experience and other qualification details;
(c) financial and banking information;
(d) photographs and video footage;
(e) any other personal data reasonably required in order for us to provide the services requested by you.
3.1 Crown collects personal data in a variety of ways in the course of conducting its businesses, including:
(a) in agreements it enters into with customers, suppliers, contractors and other personnel;
(b) when providing equipment and services and related information to customers, and administering customer accounts;
(c) when engaging suppliers, contractors and other personnel;
(d) when responding to questions regarding our products and our business;
(e) by interacting with people via our websites, email and telephone;
(f) when conducting trade promotions and competitions; and
(g) by security video surveillance at Crown sites;
(h) as applicable, publicly available or publicly accessible information;
3.2 At or soon after the time when Crown collects Personal Data, Crown will take reasonable steps to ensure that the person is aware that Crown has collected the information, the purpose(s) of the collection, the main consequences (if any) if the information is not collected, the types of organisation (if any) to which the Personal Data may be disclosed (including those located overseas), any law that requires the particular Personal Data to be collected, and the fact that this Privacy Policy contains details on the access, correction and complaints in regards to Personal Data.
3.3 Personal Data collected by Crown may be held in a variety of formats, including hard copy format and on Crown’s computer systems. If Crown receives Personal Data that Crown has not requested (unsolicited information) and Crown determines that Crown could not have collected that information under the PDPA, then Crown will destroy or de-identify the Personal Data if it is lawful and reasonable to do so.
4.1 We may use your Personal Data for our business purposes, including the following purposes (“Purposes”):
(a) provide, maintain and improve the services provided by Crown;
(b) to understand your needs and preferences;
(c) responding to your queries or requests and providing customer service;
(d) matching any Personal Data held which relates to you for any of the purposes listed herein;
(e) verifying your identity for the purposes of providing our services to you;
(f) to manage and develop our business operations;
(g) to comply with any applicable laws or any request from any relevant governmental or regulatory authority;
(h) enforcing obligations owed to us;
(i) seeking professional advice, including legal advice;
(j) any other reasonable purposes in connection with the provision of the services or authorized by any applicable laws; or
(k) fulfilling any purpose directly related or ancillary to the above Purposes.
5.1 Crown respects the privacy of Personal Data and we will take reasonable steps to keep it strictly confidential.
5.2 Crown will disclose Personal Data to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected (e.g. disclosure to a customer for the purpose of delivering equipment ordered from Crown, or to allow Crown to perform its obligations under the agreement). Where such a disclosure is necessary, Crown will require that the third party undertake to treat the Personal Data in accordance with the applicable legislation.
5.3 Crown will only disclose Personal Data to third parties without the consent of the person to whom it relates if the disclosure is:
(a) necessary to protect or enforce Crown’s legal rights or interests or to defend any claims;
(b) necessary for the purpose of preventing or detecting a crime, or for the purpose of investigations;
(c) necessary to prevent or lessen a serious threat to a person’s health or safety;
(d) required or authorised by law; or
(e) permitted by another exception in the PDPA and local legislation.
5.4 Under no circumstances will Crown sell Personal Data without the consent of the person to whom it relates. Crown may disclose Personal Data to overseas recipients and such disclosure will be made pursuant to the provisions of the PDPA;
6.1 Crown will take all reasonable steps as required under applicable laws, regulations and standards to ensure that all Personal Data held by Crown is secure from any loss, misuse, modification, accidental or unauthorised access, disclosure, alteration or destruction. However, Crown does not guarantee that Personal Data cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
6.2 Should your Personal Data be transferred, held or collected by a third party authorised by Crown, we will ensure that such third party will provide similar and sufficient guarantees in protecting your Personal Data.
6.3 Crown will take reasonable steps to destroy or permanently de-identify Personal Data if it is no longer needed for the purposes for which Crown is authorised to use it.
7.1 A person may request to access Personal Data about them held by Crown. Such a request can be made by contacting Crown via our contact details provided under the “Contact Crown” heading below.
7.2 Crown will grant a person access to their Personal Data within the timeframe provided under applicable laws and regulations, subject to the circumstances of the request.
7.3 A request to access Personal Data may be rejected if:
(a) providing access would disclose confidential commercial information;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) providing access would prejudice Crown’s legal rights;
(e) such access to Personal Data regulated by another law; or
(f) there are other legal grounds under the PDPA to deny the request.
7.4 Should Crown refuse your request, Crown will provide you with written notice of the refusal and our grounds of refusal within a reasonable timeframe.
7.5 Crown may charge a fee for reasonable costs incurred in giving access to an individual’s Personal Data. Such costs may be as prescribed under applicable laws and regulations. The fee (if any) will be disclosed prior to it being levied.
8.1 Crown will take reasonable steps to ensure the accuracy and completeness of the Personal Data we hold. However, if a person believes that any Personal Data that we hold about them is inaccurate or out of date, then they should contact Crown via our contact details provided under the “Contact Crown” heading below. Crown will process your request within a reasonable timeframe and manner in accordance with the PDPA. Should Crown deny your request for correction, Crown will provide you with a notice in writing of our reasons for the refusal.
9.1 This Privacy Policy also applies in relation to Crown’s collection and use of credit information of individuals in connection with commercial credit provided through Crown.
9.2 The types of credit information that Crown collects and uses for the purpose of assessing an application for commercial credit typically include:
(a) names, addresses and other contact details of accountholders and guarantors (both prospective and current);
(b) bank account details;
(c) driver’s licence details;
(d) financial information;
(e) information on the assets held by an individual.
9.3 Such information is collected from the relevant individual and from credit reporting bodies, as well as from publicly available information. Crown uses the information collected to create an internal credit assessment report.
9.4 Crown discloses credit information to credit reporting bodies:
(a) to obtain a credit report from the credit reporting body; and
(b) for the purposes of lodging a default listing against the individual.
9.5 When lodging a default listing we may do this ourselves or by our agents.
10.1 Crown’s website also uses Google Analytics which is a web analytics tool offered by Google Inc. that generates detailed statistics about a website's traffic and traffic sources. Crown uses Google Analytics for statistical reasons, e.g. to measure how many users have clicked at a certain product information. Google Analytics uses Cookies to obtain information about your use of Crown’s website including your IP-address. As your IP-address is an individual element that would allow identifying you, Crown has implemented a specific code to ensure that your IP-address will only be collected in a shortened and anonymised form. Thus, Google will not be able to identify you from the IP-address that is collected from you when using this website. The information collected by this Cookie will be transferred to Google Inc. in the United States of America.
10.2 You may opt out of Google Analytics by using the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB Most browsers are initially set to accept Cookies. However, you have the ability to modify the usage of or disable Cookies if you wish, generally through changing your internet software browsing settings.
Note: if Cookies are disabled, it may mean that you experience reduced functionality or you may be prevented from using elements of the Crown website altogether.
11.1 You may at any time via written notice in our “Contact Crown” heading below, communicate to Crown your intention to withdraw your consent to our usage, storage or collection of your Personal Data. We will respond to your request within a reasonable timeframe. Should you withdraw your consent, it may not be possible for Crown to perform our services and our contractual obligations to you. Notwithstanding this, Crown may use, store or collect your Personal Data if authorised or required to under applicable laws.
12.1 Crown may also transfer your Personal Data to third-party service providers or to other Crown entities which may be located outside of Malaysia. Your agreement to this Privacy Policy and your use or continued use of our services represents your acknowledgement and consent to such transfers. Notwithstanding this, Crown may transfer your Personal Data to such entities if required or as authorised under the PDPA.
13.1 In certain circumstances, Crown may use Personal Data for promotional or direct marketing purposes. However, a person may at any time via written notice request Crown to cease or not to use their Personal Data for sending direct marketing material to that person. Such a request can be made by contacting Crown via our contact details provided under the “Contact Crown” heading below. There is no fee for making such a request.
14.1 If there are any questions or complaints regarding the Crown Privacy Policy or the way that Crown manages Personal Data or if there are any concerns about Crown’s treatment of Personal Data, then Crown may be contacted by post, telephone or email:
Crown Privacy Officer
No.9, Persiaran Pasak Bumi Section U8,
Bukit Jelutong, Selangor 40150
Telephone: (603) 5033 8500
Email: privacy.my@crown.com
14.2 Crown deals with complaints via our internal data privacy complaint process, under which a Crown contact officer will be allocated to assess your complaint and respond to you within a reasonable timeframe. Crown takes all complaints seriously and any further action after our initial response to you will vary depending on the nature of your complaint.