This privacy statement applies to http://www.gcrgroup.com.my and the websites of any GCR Group of Companies's legal entity and related online activities. Further, this privacy statement provides information to external data subjects who are not engaged or employed by GCR Group of Companies, where the data subjects provide us with Personal Data, or we collect data as part of our normal business operations, from a third-party service provider, contract partner, public sources, previous employers or organisations, trade fairs or communications channels such as email.
- How and Why We Use Personal Data
While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but not limited to:
- Name (including but not limited to individual name or business entity registered name)
- Personal identification details (including but not limited to passport details)
- Email address
- Phone number
- Address, State, Postal Code, City
- Banking details
- Preferred language
- Preferred services or products
- Other relevant information
When you visit our website
When you visit GCR Group of Companies website, we collect data through cookies to track the activity on our website. The data we collect through cookies consists of data relating to your device, IP address and your usage of the websites. We use the data collected through cookies to provide you with the best user experience and for improving the websites' content by tracking usage patterns and recording preferences and for allowing you to log on to specific sites.
When you subscribe to a newsletter
When you contact us, such as for business relations or interest, ordering products and services or in relation to projects, media or, investor contacts, supplier relations, sponsorships, or sign up for an event, we collect your Personal Data in order to enable us to meet your request or interest, provide support, or comply with contractual obligations or prepare to enter into a contract. When we have an existing customer relationship with you, we may also use your Personal Data to provide communication and direct market our products and services.
When you blow the whistle
Please refer to our Whistle Blowing Policy for more information on how we handle your Personal Data when you submit a report through the whistle blowing channel.
When we conduct integrity due diligence investigations
If and when we deem necessary, we will evaluate integrity due diligence investigations. This includes collection information to evaluate potential business relations or partners, their operation and business ethics. This investigation may include processing of Personal Data such as organisations position and roles, connections or relations to public authorities' representatives or relevant decision makers, possible sanction listings, contracts, relevant memberships, references, legal claims and reputational issues. The legal basis is to comply with legal obligations, pursue our legitimate interests and to establish, exercise or defend legal claims.
- Personal Data
- Sharing of Personal Data
We will not share your Personal Data with third parties except for in circumstances where such sharing is necessary as part of our regular business operations or to provide our services and support to you.
Occasionally we use external third-party service providers for delivering services on our behalf and on our instructions as set out in a data processing agreement with the relevant service provider. We use such service providers for consultancy purposes, recruitment services, financial services, security services, IT services, communication services and integrity due diligence services. In such instances, we may share your Personal Data with such parties to the extent necessary to perform such work.
We will not knowingly disclose your Personal Data to third parties for the purposes of allowing them to market their products or services to you.
When required by law, regulation, legal process or an enforceable governmental request, we may share your Personal Data for legal reasons within GCR Group of Companies and to public authorities or governments but only to the extent we are required to do so.
- Transfer of Personal Data
Your personal information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Your consent to the Privacy Statement followed by your submission of such information represents your agreement to that transfer.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and no transfer of your personal information will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
In the event you do not wish to receive such cookies, you may configure your browser to not refuse all cookies or to indicate when a cookie is being sent. However, you may not be able to use all the features and functionality of our website or service.
- Security of Processing
We will process your Personal Data securely and will apply and maintain appropriate technical and organisations measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Access to Personal Data is strictly limited to authorised personnel of GCR Group of Companies and affiliates who have appropriate authorisation and a clear business need for that data.
- Retention and Deletion of Data
Your Personal Data will be retained as long as necessary to fulfil the legitimate purpose(s) for the processing and as long as required by law. If you or your employer have a contractual relationship with us, any Personal Data relating to you will be retained as long as necessary to enable us to fulfil our obligations relating to that contractual relationship.
If you consent to certain processing, we store your Personal Data until you withdraw your consent or once the Personal Data is no longer necessary for achieving the purpose of the processing.
- Privacy Statements of Third Parties
This Privacy Statement addresses the collection, use and disclosure of Personal Data by GCR Group of Companies as described above. This Privacy Statement does not address or govern the privacy practices adopted by third parties on third party websites or in relation to third party services that may be accessible through use of the website. Although we try only to link to websites that share our high standards for privacy, we are not in any way responsible for the content or the privacy practices employed by third party websites or third-party services. We encourage you to familiarise yourself with the privacy policies applicable to such websites or services prior to providing them with your Personal Data.
- Changes to This Privacy Statement
We may update our Privacy Statement from time to time. If such updates are minor and do not have a material meaning for your rights or the way we use Personal Data, we may make such changes without posting a specific notice on our website. You are advised to review this Privacy Statement periodically for any changes.