Policy of Privacy and Personal Data Protection
Scope of the Act
The Act primarily aims to regulate the collection, holding, processing and use of Personal Data in commercial transactions and also to prevent malicious use of personal information. This Act plays a crucial role in safeguarding the interest of individuals and makes it illegal for anyone, be it corporate entities or individuals, to sell personal information or allow such use of the data by third parties.
The Act only applies to the processing of personal data in respect of “commercial transactions”. A commercial transaction is widely defined as any transaction of a commercial nature, whether contractual or not which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance. There must be a commercial element in the processing of the personal data to attract the application of the said Act.
What Personal Data Do We Collect?
The Operator will collect certain Personal Data when you register an account on ONESHOP, purchase any goods and/or services on ONESHOP, and may also collect any additional information required from time to time in connection with the provision of services, obtaining of feedback or conducting of surveys related to ONESHOP.
The Personal Data which the Operator may collect are as follows:
(2) IC/Passport number
(3) Date of birth
(8) Telephone number
(9) E-mail address
(10) Income range
(11) Personal interest
(12) Lifestyle preference
(13) Financial information (credit card number, expiry date)
Additionally, the Operator may use "cookies" “web beacons” and/or other similar technologies on ONESHOP.
A cookie is a small text file stored on the memory of a visitor's browser or devise to help improve a visitor’s access to a site and identify repeat visitors to the site. When you visit ONESHOP, our server may record information that your browser sends, which includes the following:
- Your IP address
- Browser type
- Webpage you were visiting before ONESHOP
- The pages within ONESHOP which you clicked on
- The time spent on those pages, items and information searched for on ONESHOP, access times and dates and other statistics.
“Web beacons” are small graphic images that may be included on ONESHOP which allows the Operator to count visitors who have viewed the pages on ONESHOP.
The Operator may also collect and publish any image and media collected from Facebook (including but not limited to ONESHOP, ONECARD and 1Utama Shopping Centre Facebook page), Instagram and Twitter ("Third Party Sites") if and when you publicly makes available, post, upload or share an image with the hashtag "#ONESHOP" “#ONECARD” “#ONEUTAMA” “1U” “1UTAMASHOPPINGCENTRE” and/or “1Utama” ("Hashtag") on the Facebook pages and/or Third Party Sites.
What is the Purpose of the Collection of Personal Data?
By providing your Personal Data to the Operator herewith, you hereby agree that the Operator shall collect, retain and use the Personal Data for the purposes stated below and where required by law, where the Operator consider that such use or disclosure in necessary to respond to any claims or legal process, or where the Operator suspects any form of fraud or unlawful activity:
(1) Registration and administration of your account on ONESHOP;
(2) Processing of your order and billing purposes;
(3) Delivery of products purchased on ONESHOP;
(4) Communication of status of the order made in processing your order;
(5) Customer support;
(6) Provision of relevant information of the items on ONESHOP;
(7) Analysing of the data downloaded from ONESHOP;
(8) Improvisation and customisation of the contents of ONESHOP;
(9) Identifying visitors to ONESHOP;
(10) Conducting surveys and research of the demographics and spending pattern of consumers to develop new products and services and/or other related surveys/researches;
(11) Communication of any other information pertaining to products and services under the related corporations of the Operator;
(12) Notification of critical alerts, special offers, new services and products, updates and promotions of Merchants in 1 Utama Shopping Centre, Centrepoint Bandar Utama, The Club @ Bukit Utama and /or other related corporations of the Operator.
Cookies and web beacons are used for statistical analysis purposes only. It allows the Operator to better understand our Members’ preferences and interests. With the information at hand, the Operator aims to make ONESHOP a convenient and useful shopping platform to you and to personalise the content on ONESHOP to match your preferred interests more quickly.
For instance, cookies are used to identify our Members, whereby Members will not be required to log in a password more than once, thus providing a better, faster, safer and more personalised experience.
A cookie also helps analyse web traffic and allows web applications to respond to you as an individual. We use traffic log cookies to identify which pages are being used. The web application can then tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences to further improve ONESHOP.
We assure you that the usage of a cookie and web beacon is in no way linked to any personally identifiable information on ONESHOP and that we treat information collected by cookies and other technologies as non-personal information.
Usage of cookies will not give the Operator access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of ONESHOP and certain features of ONESHOP may not be available once cookies are disabled. As such, Members are encouraged to enable cookies for an optimal and enhanced shopping experience using ONESHOP.
Do We Share and Disclose Your Personal Data?
The Operator uses an external courier delivery provider to ship orders and a credit card processing company to bill users for items purchased. These third parties do not retain, share, store or use personally identifiable information for any secondary purposes beyond fulfilling your order.
Except for the above, the Operator does not sell, rent, lease or otherwise disclose your Personal Data to third parties unless otherwise stated organisational security measures when processing the Personal Data collected.
Selected Personal Data may be shared with entities participating in and/or providing services for ONESHOP, including related corporations of the Operator, Merchants, consultants, agents, data processors and/or vendors of ONESHOP, for purposes such as to communicate with Members/Customers in resolving issues/ disputes and in the Members/Customers’ participation in promotional activities, surveys or contests.
By posting or uploading or sharing images on Facebook and/or the Third Party Websites with the Hashtag, you agree that the Operator is providing a platform for you to post and share the Images publicly to permit the Operator to collect, reproduce, publish, modify, incorporate, display or otherwise use the images on ONESHOP Facebook pages and other pages/sites related to ONESHOP and ONECARD.
You may any anytime request the Operator to cease sharing your Personal Data in the manner as stated above and the said images with the Hashtag by notifying the Operator at the contact particulars provided below.
What Happens If You Decide Not To Provide Personal Data?
The Personal Data compulsorily required by us for the stated purposes are as marked in asterisk (*). Should you decide not to provide the compulsory personal data required, THE OPERATOR in unable to proceed with the application for ONECARD and reserves the right to cease the processing of the application and issuance of the ONECARD.
On the other hand, the Personal Data which are not marked with asterisk are not compulsorily requires and as such, provision of such Personal Data are entirely at your discretion.
What Steps Are Taken to Safeguard the Security and Safety of Your Personal Data?
The Operator is required under the Act to protect and safeguard your Personal Data by taking practical steps to implement security measures thereto, i.e. to protect your Personal Data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.
The Operator has assigned specific responsibilities to address privacy and security related manners and do enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, training and assessments. The Operator takes appropriate steps to address online security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Further, The Operator takes steps to limit access to our data bases containing Personal Data to authorized persons having the justified need to access such information.
How Long Do We Retain Your Personal Data?
The Personal Data shall not be kept for longer than is necessary. Whilst the Act does not stipulate the time frame allowed for storage of your Personal Data, The Operator shall destroy and/or permanently delete your Personal Data once it is no longer required for the purpose for which it was processed.
ONESHOP contains links to other sites. Please be aware that the Operator will not be responsible for the content or privacy practices of such other sites. We encourage Members to be aware when they leave our site and to read the privacy statements of these other sites that collects personally identifiable information.
The Act accords five (5) rights to individuals to safeguard their Personal Data as listed below:
(1) The Right of Access Personal Data
Subject to the provisions of the Act, you have the right to access your Personal Data and/or to correct your Personal Data with The Operator should you believe that the Personal Data provided is incorrect, outdated, inaccurate or incomplete. You may access to your Personal Data at the contact particulars provided below.
(2) The Right to Correct Personal Data
You may request for the Personal Data provided to be deleted and/or corrected if the data is inaccurate, incomplete, misleading or not up-to-date at the contact particulars provided below.
The integrity of the Personal Data which is collected is a crucial element in the Act. The Operator shall take reasonable steps to ensure that the Personal Data is accurate, complete, not misleading and kept up-to-date.
(3) The Right to Withdraw Consent
The consent which you have granted in respect of the processing of your Personal Data may not necessarily endure forever, as you may by notice in writing to the contact particulars provided below withdraw the consent granted. The Operator shall cease processing of your Personal Data upon receipt of your notice.
You are entitled to withdraw your consent at any time.
The Operator shall be required to obtain your explicit consent in the event that “Sensitive Personal Data” is being processed by the Operator and “Sensitive Personal Data” shall include medical history, political opinions, religious beliefs and commission or alleged commission of any offence.
(4) The Right to Prevent Processing for the Purposes of Direct Marketing
The Operator shall process your Personal Data in strict adherence to the consent which you have granted in respect of the processing of your Personal Data. As such, the Operator shall never process data for purposes of direct marketing where such purpose has not been identified and consent has not been obtained from you.
Should you receive marketing materials from the Operator via short messaging service (SMS), e-mails, telephone and/or by post and you wish to discontinue such receipt of marketing information, you may provide You may also unsubscribe from the marketing-related communication/notification received at any time by using the unsubscribe function within the communication/notification itself.
with a “opt out” notice to remove/delete your Personal Data from the Operator’s database. Once an “opt out” notice has been received from you, the Operator shall within a reasonable time remove/delete your Personal Data from our database.
(5) The Right to Prevent Processing which is likely to cause Damage or Distress
We reiterate that the Operator shall process your Personal Data only where you have granted your consent for the processing of your Personal data for the abovestated purposes only.
You have the absolute right to prevent the processing of your Personal Data where your consent has not been obtained for such specific purposes and such processing of your Personal Data will cause or is likely to cause substantial unwarranted damage or distress to you or another person.
1 UTAMA SHOPPING CENTRE SDN. BHD. (Company No.346347-U)
4th Floor, 1 Utama Shopping Centre,
Lebuh Bandar Utama
47800 Petaling Jaya
Selangor Darul Ehsan
Tel: (03) 7726 4788
Fax: (03) 7722 5788