Privacy Notice for Business Partners
1. About this notice
We will process your personal data in compliance with every applicable law and any laws that replace them in the future (including the European Union’s General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”)).
In this notice, we provide information based on such laws related to processing your personal data. This notice sets out the basis on which any personal data that you provide to us, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this notice.
2. Information about us
For the purpose of data protection law, Sharp Electronics (Malaysia) Sdn. Bhd. (“we”, “us” and “our”) is a data controller in respect of your personal data. And we are committed to respecting your privacy.
(a) Our main office address: No. 1A, Persiaran Kuala Langat, Taman Bunga Negara, 40400 Shah Alam, Selangor, Malaysia.
(b) Our phone number: 60 1-800-88-8678
(c) Our email address: email@example.com
In this notice:
(a) your “personal data” means any data which relates to you and from which you can be identified. It may include contact details, other personal information, or photographs;
(b) our “affiliates” means our subsidiaries; and
(c) “processing” means any activity or operation that is carried out in respect of your personal data, such as collecting, storing, using, transferring or deleting it.
4. How we collect your personal data and what personal data we collect
We will collect and process the following personal data about you (collected through communications including: writings, face-to-face discussion, phone calls, e-mails, or otherwise). Such information generally includes your name, contact data (e-mail, phone number), company name, address, position and all other personal data which is required to enter into a contract with you and to communicate with you.
In some circumstances, we may be provided such personal data relating to you by the organisation you represent or the organisation that otherwise employs or engages you (“Business Partners”). This information is necessary in order for (i) the relevant business we provide you or Business Partners or (ii) the relevant business services to be provided to us by Business Partners.
There may be circumstances where the provision of business services to us results in us collecting other types of personal data from you, or us being provided other types of personal data about you from Business Partners. If so, then we will protect such personal data to the same high standards explained in this policy and take any additional steps necessary to ensure we process such personal data in accordance with applicable laws.
5. Purpose and legal basis of processing personal data
We use the personal data that we hold about you for the following purposes:
Establishing and maintaining relationship with Business Partners, Marketing
The legal basis for the processing of your personal data is:
· performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art.6 (1)(b) GDPR; or
· where the processing of your personal data is necessary for the pursuance of our legitimate interests in accordance with Art.6 (1)(f) GDPR (e.g. establishing a business relationship, marketing and networking).
We do not process your “sensitive data” (information about your race, ethnic origin, religion, physical or mental health, political opinions, sexual life, any actual or alleged criminal offences, and genetic and biometric data).
6. Disclosure of personal data to recipients
We may share your personal data with recipients in the situations described below:
(a) Internal Use for us: Employees of us or our affiliates who are authorised and need to access these data.
(b) Affiliates: We share your personal data with our affiliates for internal administrative purposes and uses that are consistent with this Notice.
(c) Service Providers: We share your personal data with third-party service providers who perform services, such as providing data servers, logistics services and payment services on our behalf.
(d) Business Partners: We may share your personal data with business partners, such as customers or suppliers to the extent this is required for conducting and/or acquiring business with these partners (e.g., exchange of contact details).
(e) Legal Process and Safety: We may disclose your personal data to legal or government regulatory authorities as required by applicable law. We may also disclose your personal data to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or others, or to enforce our legal rights or contractual commitments that you have made.
(f) Business Transfers: Your personal data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership.
7. Transfers of personal data outside the European Economic Area
The personal data that we collect from you or provided by Business Partners may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us, for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that:
(a) the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data; or
(b) the recipient enters into standard data protection clauses with us that have been approved by the European Commission.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the information about us above.
8. Storage limit of personal data
We will retain the personal data that we collect about you as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer period is demanded by applicable laws.
9. Your rights
(a) Access, rectification, erasure, restriction, data portability
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the following rights:
· Request from us access to your personal data pursuant to Art. 15 GDPR
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information.
· Request from us rectification of your personal data pursuant to Art. 16 GDPR
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data.
· Request from us erasure of your personal data pursuant to Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.
· Request from us restriction of processing pursuant to Art. 18 GDPR
You have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply.
· Right to data portability pursuant to Art. 20 GDPR
You have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain legal conditions apply.
(b) Right to object
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your personal data.
Where personal data are processed for direct marketing purposes (see section 5 above), you have the right to object at any time to processing of personal data concerning you for such marketing pursuant to Art. 21 (2) GDPR.
(c) Right to lodge a complaint
If you have any complaints regarding our privacy practices in the EEA, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).
Questions, comments and requests regarding this privacy notice are welcome. Please contact us using the information about us above.
Established:5th March 1969
Legal Compliance Officer
Sharp Electronics (Malaysia) Sdn Bhd