Personal Data Protection Policy (PDPA)

1. Introduction

Orient Telecoms Sdn Bhd ("Orient Telecoms", "we", "our", or "us") is committed to protecting the privacy and security of our customers' personal data. This Personal Data Protection Policy (the "Policy") sets out how we collect, use, disclose, and safeguard personal data in compliance with the Personal Data Protection Act 2010 ("PDPA") of Malaysia. We are dedicated to ensuring that your personal data is handled with the highest level of care and respect.

2. Definitions

• Personal Data: Refers to any information that can identify an individual, either directly or indirectly, such as name, contact details, identification numbers, financial information, and other details relating to an individual.
  
  
• Data Subject: An individual whose personal data is collected, processed, or stored by Orient Telecoms.
  
  
• Processing: Refers to any operation performed on personal data, including but not limited to collection, recording, organization, storage, alteration, retrieval, or destruction.

3. Purpose of Data Collection

We collect personal data for the following purposes:

• Service Provision: To provide, maintain, and improve our telecommunications services, including managing customer accounts, processing orders, and addressing service-related inquiries.
  
  
• Customer Support: To offer customer support and respond to service-related queries, issues, and feedback.
  
  
• Legal Compliance: To comply with legal and regulatory requirements and fulfill contractual obligations.
  
  
• Business Operations: To conduct internal business operations, including market research, data analysis, and improvement of our services.
  
  
• Marketing: To send promotional materials, newsletters, and updates about our products and services, with consent where required.

4. Data Collection and Use

• Consent: We obtain explicit consent from data subjects before collecting, processing, or disclosing personal data. Consent is obtained through clear and understandable means, ensuring that individuals are aware of the purposes for which their data is used.
  
  
• Purpose Limitation: Personal data is collected only for legitimate and specific purposes, and we do not use it for any other purposes without obtaining additional consent.
  
  
• Data Minimization: We ensure that only the personal data necessary for the intended purposes is collected and processed.

5. Data Security

• Protection Measures: We implement a range of technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption, firewalls, and secure storage practices.
  
  
• Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job duties. We maintain strict access controls and regularly review permissions.
  
  
• Data Breach Notification: In the event of a data breach, we will promptly notify affected individuals and relevant authorities, in accordance with PDPA requirements, and take steps to mitigate any potential harm.

6. Data Retention

• Retention Period: Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.
  
  
• Deletion: Personal data that is no longer needed is securely deleted or anonymized, and we ensure that data is disposed of in a manner that protects privacy.

7. Data Subject Rights

Under the PDPA, data subjects have the following rights:

• Right to Access: You have the right to access your personal data held by us and request a copy of it. This allows you to verify the accuracy of the data we hold.
  
  
• Right to Correction: You can request correction of any inaccurate or incomplete personal data. We will update or amend your data as needed.
  
  
• Right to Withdrawal of Consent: You may withdraw your consent for the processing of your personal data at any time, subject to legal or contractual restrictions.
  
  
• Right to Complaint: You have the right to lodge a complaint with us or the relevant data protection authorities if you believe that your personal data is being handled in violation of the PDPA.

8. Data Transfer

• Domestic Transfer: Personal data may be transferred within Malaysia as part of our business operations.
  
  
• International Transfer: Personal data may be transferred to countries outside Malaysia, including those where we have data centers, such as Equinix SG1 and Global Switch in Singapore, and other major data centers globally. We ensure that such transfers are conducted in accordance with PDPA requirements and that adequate protection measures are in place.

9. Policy Review

This Policy will be reviewed periodically and updated as necessary to reflect changes in legal requirements, business practices, or to improve data protection practices. Any changes to this Policy will be posted on our website, and significant changes will be communicated to data subjects as appropriate.

10. Contact Information

For questions, concerns, or requests related to this Policy or the handling of personal data, please contact our Data Protection Officer at:

Data Protection Officer
Orient Telecoms Sdn Bhd

• Address:
  Suite 2B-25-3, Level 25
  Block 2B, Plaza Sentral 
  Jalan Stesen Sentral 5
  40540 Kuala Lumpur
  
  
• Email:
  support@orient-telecoms.com.my
  
  
• Contact:
  Tel +603 7786 0560 
  Fax +603 7786 0561

We are committed to addressing your inquiries and ensuring that your personal data is handled with the highest standards of protection and care.

Contact us now for more information