PRIVACY NOTICE PURSUANT TO THE PERSONAL DATA PROTECTION ACT 2010
The Institute of Corporate Directors Malaysia (referred to as “ICDM”, “our”, “us” or “we” in this Privacy Notice) complies with the Personal Data Protection Act 2010 (“PDPA”) when processing your personal data. The Notice explains the terms of the processing of your personal data by us or on our behalf.
This Notice applies generally to all products and services provided by ICDM, and to the processing of personal data of our (actual or potential) members, facilitators, faculty members, consultants, writers, service providers, agents, stakeholders, business partners, clients and visitors. There may however be different personal data protection notice applicable for a specific transaction or service, in which case we will notify you accordingly.
Please read this Notice carefully before furnishing any personal data to us. By furnishing your personal data, you consent to the terms of this Notice. If you are furnishing the personal data of any third party, you warrant that you have provided this Notice to the relevant third party and have obtained consent to furnish the personal data to us.
Sources of Personal DataWe collect personal data that you provide to us when you use any of our products, services or when you transact with us, including when you:
- Complete any manual or digital forms;
- Provide us with your business contact information (whether from you directly or from your employer, principal or client);
- Transact with us on any products or services;
- Enter into any contract with us;
- Communicate with us by any means including telephone, mail, email, website, digital platform or in person;
- Participate in any programme, event, discussion, workshop, meeting, survey, research, evaluation, analysis, assessment or study, whether:
- organised by us, third parties or jointly by us with a third party; and
- physical, in-person, or using electronic, digital or virtual means, (“Programme”);
- Enter our premises;
- Use or access our website, social media and digital platforms, and links to our digital content on any platform (“Website and Platform”).
We may collect personal data automatically when you access our Website and Platform, including:
- information about your use of our products and services, including your browser type, operating system, platform, IP address, cookies, language and region; and
- search queries you conducted on the website or platform, and advertisements you viewed and links you clicked on our Website or Platform.
We may ask third parties for personal data about you, including when we:
- get authorisation for a payment you make using a credit or debit card, or e-wallet;
- carry out any checks in our outside of Malaysia on background, credit, sanction, litigation, employment, qualification, disciplinary or criminal records and adverse media screening (or negative news screening).
Where we transact or contract with a third party, the third party may provide us with your personal data in connection with a transaction or contract. That third party is responsible for obtaining your consent for disclosure of your personal data to us.
We may also obtain your personal data from publicly available sources.
Personal Data We ProcessICDM may process and collect the following personal data:
- name, date of birth, NRIC or passport number, gender, nationality, race and religion;
- contact details including address, phone/mobile number, and email address;
- education and professional qualification;
- board experience, employment experience and credentials;
- employment records, performance reviews and references;
- records of psychometric assessment;
- bank, credit/debit card and any other method of electronic or digital payment details;
- information from any checks in or outside of Malaysia on background, credit, sanction, litigation, disciplinary or criminal records and adverse media screening (or negative news screening);
- information from any Government and Statutory Bodies;
- information on any medical or health condition;
- information about you from publicly available sources;
- any other data provided by you to us or as required for the purposes as set out below.
Purpose of Processing Your Personal DataICDM may process and collect your personal data for the following purposes:
- Offer and administer our product and services such as board effectiveness assessment, director sourcing and placement, board training and development and expert consultation sessions.
- Administer ICDM membership or any of our panel, faculty, facilitators or groups such as panel of service providers, faculty of experts and sourcing and placement of candidates (“Membership and Faculty”), including application, renewals, termination and suspension.
- Communicate any information and updates relating to Membership and Faculty (including benefits by ICDM or our partners) via any means.
- Process and publish your registration for a Programme; monitor your participation and performance; communicate any changes/updates related to a Programme.
- Carry out any professional development programmes and certification such as ICDM Graduate Directors.
- Assist you to develop any professional credential statement, profile or CV that reflects your membership status and the courses you have attended.
- Facilitate searching and matching you with suitable board positions.
- Produce any reports or other materials from any Programme undertaken by ICDM and its partners.
- Send ICDM’s newsletters, surveys, polls, articles, reports, Programme brochures/advertisements, research and advocacy work and other periodicals (in digital form or otherwise) from time to time.
- Incorporate into or publish in our marketing or promotional materials.
- Provide you with any of our products and services.
- Process your payment instructions.
- Respond to enquiries made via call, email, fax and any other available communication method.
- Investigate complaints, breaches and suspicious transactions.
- Security and crime prevention purposes, risk management, safeguarding ICDM in the event of any proceedings, litigation or claim of any kind.
- Meeting disclosure obligations and other requirements imposed by or for the purposes of any laws, rules regulations, code of practice or guidelines (whether applicable in or outside Malaysia) binding on ICDM.
- For statistical or actuarial research undertaken by ICDM or any partner or client of ICDM.
- Administering, enforcing or performing any contract we have with you, to enforce our legal rights or comply with applicable laws.
- For all other purposes incidental and associated with any of the above.
Disclosure of Your Personal DataYour personal data may be disclosed to the following third parties for the purposes set out above:
- organisations who are seeking suitable candidates for board positions;
- persons or organisations requesting for information under any law or order of court;
- government, government agencies, statutory or public authorities, enforcement agencies authorised by law;
- auditors, accountants, lawyers or other professionals or consultants of ICDM;
- business partners, members, clients, vendors, contractors, trainers, facilitators, consultants of ICDM;
- stakeholders and the general public;
- third party service/product providers that are deemed necessary or appropriate for the purposes stated above (including those located out of Malaysia, with similar or better levels of security implemented by ICDM);
- third parties involved in any corporate exercise or commercial transactions relating to ICDM e.g. sale and purchase of assets, reorganisation, amalgamation, collaboration or joint venture; or
- persons under a duty of confidentiality to ICDM.
Non-Provision of Personal DataThe personal data requested may be mandatory and any failure to provide us with the required mandatory personal data may potentially:
- result in us being unable to enter into a contract, provide any product or services requested (or to carry out any of the services or matters as provided in paragraph 3 of this Privacy Notice);
- result in us being unable to administer or perform our contract with you, including matters relating to your membership or faculty with ICDM; or
- affect our ability to accomplish the above stated purposes.
Data SecurityWe will take reasonable and necessary measures to protect your personal data in compliance with the PDPA (particularly the Personal Data Protection Standard 2015), including:
- Implementing necessary technology controls such as firewalls, password controls, physical security, access authorisation and monitoring.
- Process controls such as segregation of duties, defined roles and responsibilities and “need-to–know” disclosure policies for staff.
- Obtaining undertakings or warranties from third party providers and contractors storing or processing your personal data that they have implemented comparable standards of security.
Retention of Personal DataYour personal data will be retained only for such period necessary to fulfill the purposes stated above. Once the purpose has been fulfilled, we will ensure that your personal data is destroyed, anonymised or permanently deleted unless there is legal basis to retain your personal data, which may include:
- to comply with any legal, regulatory, tax, audit or accounting requirements; or
- to protect the interest of ICDM (including keeping such records to respond to any claims or in anticipation of any litigation).
Rights of Access and CorrectionThe PDPA grants you certain statutory rights including the right to access or correct your personal data. You may at any time update or amend the information processed by us by:
- accessing your ICDM Portal account (which is a part of ICDM’s integrated web-based platform, owned and managed by ICDM) and update or correct your personal data directly;
- requesting for copies of your personal data from us; or
- requesting that we correct any inaccurate, obsolete, incomplete or misleading personal data.
In accordance with the PDPA, ICDM may:
- charge an administration fee for processing your request for access or correction (except for direct access and update via ICDM portal); and
- refuse to comply with your request for access or correction to the personal data as provided under the PDPA and provide you with written reasons for such an action.
Transfer Of Your Personal Data Outside MalaysiaIt may be necessary for us to transfer your personal data outside of Malaysia if any of the third parties mentioned in paragraph 4 including our service providers or partners who are involved in providing any services to ICDM are located or have processing facilities in countries outside of Malaysia.
You consent to us transferring your personal data outside Malaysia to such third parties and for the purposes set out in paragraph 3 including where it is necessary to provide our products and services or to administer our relationship with you (e.g. accommodation for overseas programme).
We shall take necessary steps to ensure that any such third parties are contractually bound to protect your personal data and that they can only process your personal data under our instructions.
Your Options and How To Contact UsYou may at any time make a request in writing to limit the processing and use of your personal data. If you have any questions about this Privacy Notice or wish to make a request or exercise any of your rights as set out above, please contact us by sending an email to our Corporate Communications Officer at email@example.com or call us at +603 2202 2022 or write to us by addressing your correspondence to:
Institute of Corporate Directors Malaysia (ICDM) Level 9, Mercu 2, KL Eco City, 59200 Kuala Lumpur Malaysia Attention: Corporate Communications Manager