As used in this Policy:
“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and
“Personal information” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Recognizing personal information to be an important asset of the individual, all employees engaged in OWNDAYS’ activities handle personal information accurately and safely to prove worthy of customers’ trust.
Handling of Personal Information
OWNDAYS collects, uses, and provides appropriate personal information taking into account the scope and scale of our business. We do not use personal information for purposes other than those intended, and set forth and observe internal rules for ensuring this.
We implement preventive measures against illegal access of personal information, loss, damage, falsification, and leakage of personal information, and implement corrective measures promptly in the event any of this occurs.
We observe laws and regulations related to personal information, guidelines set down by the government, and other standards.
We continuously review and improve our personal information management system as required.
Efforts in Personal Information
Collection of personal information, purpose of use, provision to third parties
OWNDAYS only collects and uses personal information for purposes necessary to provide customers with our products and services, and only within the required scope, including but not limited to:
- [performing obligations in the course of or in connection with our provision of the goods and/or services requested by a customer
- verifying a customer’s identity;
- responding to, handling, and processing queries, requests, applications, complaints and feedback from customers;
- managing customers’ relationship with us;
- processing payment or credit transactions;
- sending customers marketing information about our goods or services including notifying customers of our marketing events, initiatives and promotions, lucky draws, membership and reward schemes and other promotions via text messages, emails and other digital media;
- complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
- any other purposes for which a customer has provided his/her personal information;
- transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Malaysia or abroad, for the aforementioned purposes; and
- any other incidental business purposes related to or in connection with the above,]
(collectively, the “Purposes”).
We may disclose a customer’s personal data:
- [where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by a customer; or
- to third party service providers, agents and other organisations we have engaged to perform any of the functions relating to the Purposes listed above,]
(collectively, the “Additional Purposes”).
The Purposes and Additional Purposes listed above may continue to apply even in situations where a customer’s relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with a customer).
When collecting personal information from customers, we clarify the purpose of use and ask for consent beforehand. Unless otherwise specified in this Policy, we do not provide personal information of customers to third parties without obtaining prior consent from customers except in specific cases (for the protection of life, physical well-being, and assets in accordance with laws and regulations for which consent has already been obtained from customers, when specifically needed to improve public health or promote the sound growth of children, for cooperation with government organizations or local public organizations, for contacting customers in emergencies, and use inside the company, for other justifiable reasons).
OWNDAYS may entrust some of our activities and information processing such as delivery of postal matter, verification of registration of products and services, etc. to other companies under our supervision. Our personal information inquiries desk will handle requests from customers to discontinue the disclosure, correction, deletion, use, and disclosure to third parties of their personal information in accordance with this Policy. However, use or disclosure to third parties of personal information may not be discontinued in the following cases:
- When life, physical well-being, assets, and other rights of customers or third parties are threatened
- When there is a risk that the appropriate implementation of our business will be significantly affected
- When other laws and regulations will be violated
Access to and Correction of Personal Information
In the event a customer wishes to make (a) an access request (“Access Request”) for access to a copy of their personal information which we hold about such customer or information about the ways in which we use or disclose such customer’s personal information, or (b) a correction request (“Correction Request”) to correct or update any of such customer’s personal information which we hold about such customer, such customer may submit a request in writing or via email to our Data Protection Officer at the contact details provided below (an Access Request and Correction Request hereinafter collectively referred to as the “Requests” and each, a “Request”).
Please note that a reasonable fee may be charged for an Access Request. If so, we will inform the customer making the Access Request of the fee before processing such customer’s request.
We will respond to a Request as soon as reasonably possible. Should we not be able to respond to a Request within thirty (30) days after receiving a Request, we will inform the customer making the Request (the “Requestor”) in writing within thirty (30) days of the time by which we will be able to respond to the Request. If we are unable to provide a Requestor with any personal data or to make a correction requested by a Requestor, we shall generally inform the Requestor of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
Retention of Personal Data
We may retain a customer’s personal information for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
We will cease to retain a customer’s personal information, or remove the means by which such personal information can be associated with a customer, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal information was collected, and is no longer necessary for legal or business purposes.
Provision of personal information
Most of the services provided by OWNDAYS can be used without the need for the personal information of customers. However, please note we may not be able to provide some services without the customer providing their personal information.
Management of personal information
OWNDAYS manages an appropriate management system for preventing illegal access, loss, damage, falsification, leakage, etc. of personal information managed by OWNDAYS, and periodically reviews the management system so that it can deal with new illegal access methods. We also reinforce our internal management system and implement thorough training of all employees engaged in the use of personal information. We make efforts to maintain the accuracy of data, and manage information collected before the Personal Information Protection Law was enforced in the same way.
We generally rely on personal information provided by a customer (or a customer’s authorised representative). In order to ensure that our customers’ personal information is current, complete and accurate, customers should update us if there are changes to their personal information by informing our Data Protection Officer in writing or via email at the contact details provided below.
If personal information is transferred out of Malaysia, we will comply with applicable laws, including but not limited to the PDPA, in doing so. This includes: (i) obtaining customers’ consent, unless an exception exists under applicable laws or any other laws, and (ii) taking reasonable steps to ascertain whether the foreign recipient of the personal information is bound to comply with standards of protection that are at least comparable to applicable laws, including but not limited to the PDPA.
Request to Withdraw Consent
The consent that a customer provides for the collection, use and disclosure of his/her personal information will remain valid until such time it is being withdrawn by the customer in writing. A customer may withdraw consent and request us to stop using and/or disclosing his/her personal information for any or all of the Purposes and/or Additional Purposes listed above by submitting a request in writing or via email to our Data Protection Officer at the contact details provided below (“Withdrawal Request”).
Upon receipt of a customer’s written Withdrawal Request, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the customer) for such customer’s request to be processed and for us to notify the customer of the consequences of us acceding to the same, including any legal consequences which may affect the customer’s rights and liabilities to us. In general, we shall seek to process a customer’s Withdrawal Request within ten (10) business days of receiving it.
Whilst we respect a customer’s decision to withdraw his/her consent, please note that depending on the nature and scope of a Withdrawal Request, we may not be in a position to continue providing our goods or services to a customer who submits a Withdrawal Request and we shall, in such circumstances, notify such customer before completing the processing of his/her Withdrawal Request.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws, including but not limited to the PDPA.
Anyone below 13 years old must ask a parent or legal guardian to give consent on behalf of him or her before providing any personal data while using the OWNDAYS website.
Customers can choose to change cookie settings from “Enable all cookies”, “Block all cookies”, “Notify user when receiving cookies”, etc. Setting methods differ according to the browser. Check the method at the “Help” menu of the browser used. If cookies are set to blocked, customers may not be able to use the functions of the website completely. Access the Google ads page to change the settings of Google ads display.
- Access logs
OWNDAYS records the information of those who access it using access logs (access history). Access logs contains the domain name, IP address of the person who accessed our website, the browser used, date and time of access, etc. These access logs are used for the maintenance and management of OWNDAYS and statistical analysis of its usage. They are not used for other purposes. In the statistical analysis of access logs, OWNDAYS may provide the access logs to external service providers.
OWNDAYS manages an appropriate management system for preventing illegal access, loss, damage, falsification, leakage, etc. of personal information managed by OWNDAYS, and periodically reviews the management system so that it can deal with new illegal access methods. OWNDAYS also reinforces internal management system and implements thorough training of all employees engaged in the use of personal information. We make efforts to maintain the accuracy of data.
Enquiries on Personal Information
Customers wishing to disclose, correct, delete, discontinue use, discontinue disclosure to third parties, be notified of the purpose of use of their personal information, or file a complaint, please contact the personal information enquiry desk or our Data Protection Officer via one of the following methods:
- Office Address: VR2-05-05, V RESIDENCE 2, LINGKARAN SV, SUNWAY VELOCITY, 55100 KUALA LUMPUR
- Email Address: firstname.lastname@example.org
- Telephone number: +60327701779
For enquiries regarding user registration of our products and services, please contact the following product and service enquiry desk.
For enquiries, kindly call +60327701779 or email to email@example.com.
Operating hours: Daily 10:00 - 19:00
Effect of Policy and Changes to Policy
This Policy applies in conjunction with any other notices, policies, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of customers’ personal information by us.
We may revise this Policy from time to time without any prior notice. Customers may determine if any such revision has taken place by referring to the date on which this Policy was last updated. A customer’s continued use of our services constitutes such customer’s acknowledgement and acceptance of such changes.
Last updated: 1 January 2022