Privacy and Personal Data Protection Policy

1. INTRODUCTION
   1. FARM RESORT (GAMBANG) SDN BHD (“FRGSB”) is committed to protecting the personal data supplied by you to FRGSB to ensure compliance with the legal and regulatory requirements in accordance with the Personal Data Protection Act 2010 (“the Act”) which came into effect on 15^th November 2013.
   2. This Privacy and Personal Data Protection Policy (“Policy”) is issued to all our immediate and/or prospective customers, suppliers and employees (collectively referred to as “Data Subject”) pursuant to the Act.
   3. For the purpose of this Policy: –
      1. “Personal Data” means any personal information relating to FRGSB’s Data Subject provided to FRGSB or made available to FRGSB in the course of commercial dealings with FRGSB, that relates directly or indirectly to a Data Subject, who is identified or identifiable from that information. This may include but not limited to name, date of birth, identity card number, passport number, address, gender, race, nationality, contact information, religion, education, work and compensation information currently and historically, tax file identification number, EPF number, SOCSO number, bank account information, credit card details, account balances, payment history and account activity, where permitted by applicable law.
      2. “Sensitive Personal Data” means any personal data consisting of information as to the physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, commission or alleged commission of any offence or any other Personal Data determined by law; and
      3. “Third parties” means a person or a company who is not a party to a contract or a transaction with FRGSB, including but not limited to FRGSB’s agents, subsidiaries, contractors, sub-contractors and professional advisors.
   4. FRGSB reserves the right to modify this Policy as required and changes, if any, will be announced through its webpage at mangalaresortandspa.com.
   5. This Policy is issued in both English Language and Bahasa Malaysia. In the event of any inconsistencies between the English version and the Bahasa Malaysia version, the English version shall prevail.
2. SCOPE
   This Policy applies to all operations and business units of FRGSB.
3. RESPONSIBILITY
   Our Personal Data Protection Compliance Officer, is responsible for the necessary registration, customer access and collection of personal data, notice and choice process to limit processing of personal data and for the monitoring the administration of this Policy and enterprise-wide compliance.
4. PERSONAL DATA PROTECTION PRINCIPLES
   1. General Principle:
      1. During the course of your transaction and dealings with FRGSB, you may be requested to furnish from time to time to FRGSB, directly or through online forms and/or other electronic methods, your personal data relevant to the purposes listed in Item 2.1 below. The types of personal data collected will depend on the nature of your dealings or transaction with FRGSB.
      2. Save in accordance with this Policy and except as permitted or required under any enactment, law, statute or code, FRGSB will not collect, record, hold, store, use, share and disclose (“process”) without prior consent of the Data Subject.
      3. FRGSB will not intentionally collect Sensitive Personal Data unless legally required to do so. FRGSB will only process any Sensitive Personal Data with the explicit consent of the Data Subject or if the processing is necessary. FRGSB works to protect the confidentiality and security of such information it obtains in the course of business. Access to such information is limited and policies and procedures are in place designed to safeguard the information from loss, misuse and improper disclosure.
      4. If you are under 18, you should ensure that you obtain the consent of your parents or legal guardian before using our services and/or products.
   2. Notice and Choice Principle:
      1. Purposes of Collection of Personal Data: –
         The Personal Data may be processed by us for the following purposes, including but not limited to:
         1. The delivery of notices and performance of a contract to deliver services and/or products to you;
         2. In order for you to enter into the necessary agreement and/or contract to purchase the services and/or products from us;
         3. For marketing and client profiling activities regarding our services and/or products whether present or future, including to send information, invitations, promotions and updates;
         4. For purposes of establishing, maintaining and administering a database of customers, suppliers or employees / workers;
         5. For payment processing;
         6. For the purposes of recovering any amount due to FRGSB;
         7. For compliance with any legal obligations to which FRGSB is subject;
         8. For the exercise of any functions conferred on any person by or under any law;
         9. For those purposes specifically provided for in any particular service or product offered by us or our partners;
         10. To consider potential employee’s applications for employment;
         11. For credit assessments, financial and background investigation as and when deemed necessary.
      2. Source of Personal Data
         The Personal Data will be collected, processed and used by us are sourced from wholly legitimate and transparent means such as: –
         1. Agreements and contracts;
         2. Official registration forms (either electronic or printed);
         3. Official Request for Information forms that are provided to you by our employees or agents;
         4. Any emails or any correspondences that we have received from you requesting for information or making any inquiries;
         5. Any forms that you have submitted on our website or any websites contracted by us;
         6. Any referrals from a person which have included their verifiable personal contact details;
         7. Letters of offer from financial institutions (local and foreign) for pre-approved loans;
         8. Business cards that were dropped or given to our employees, agents, brokers or associates; or
         9. Any documents (including but not limited to statutory forms and returns) that were submitted to us for processing.
      3. FRGSB may disclose personal data to the following class of third parties, including but not limited to: –
         1. Regulatory and governmental authorities in order to comply with any applicable law or order, direction or regulation of any regulatory appropriate authorities.
         2. Any related companies and subsidiaries within FRANKY group of companies.
         3. FRGSB’s business partners and affiliates
         4. Information technology (IT) service provider
         5. Data entry service providers
         6. Storage facility service providers
         7. Banks and financial institutions
         8. Insurance providers
         9. FRGSB’s auditors, consultants, accounts, lawyers or other professional advisers
         10. FRGSB’s agents, contractors, sub-contractors and third party service or product providers;
      4. The Personal Data provided to us are wholly voluntary in nature and you are not under any obligation or under any duress to do so. However, in to facilitate any of the purposes of Item 2.1 above certain personal details and information are required beforehand. If you fail to supply sufficient personal data as required:
         1. FRGSB will not be able to provide you with the necessary notices, services and/or products requested;
         2. FRGSB will not be able to process your application or registration for any of the necessary services, products, programs and/or activities; and/or
         3. FRGSB will not be able to formalize any contract and/or agreement / tenders / Letter of Awards;
         4. FRGSB will not be able to enter into and complete the necessary commercial transaction, agreement or dealing with you or in your favour.
         5. FRGSB will not be able to comply with any applicable law, regulation, direction, court order, by laws, guidelines and/or codes applicable to us.

      If you do not want FRGSB to disclose, transfer, use or process otherwise your personal data for any of the purposes listed in Item 2.1 above or if you wish to withdraw your consent in full or in part or limit the processing of your personal data, you may contact FRGSB in writing at the particulars set out in Item 7.5 below.

   3. Disclosure Principle:
      1. FRGSB will not disclose any Personal Data without the consent of the Data Subject and for the purpose for which the Personal Data is processed.
      2. FRGSB will only disclose your Personal Data for any purpose other than the purpose for which the Personal Data was to be disclosed at the time of its collection if your consent has been obtained, the disclosure is necessary for the administration of justice or was required or authorised by or under any law or by the order of a court.
      3. The information that FRGSB gathers is not sold, given to, or otherwise shared with other organisations for commercial or any other purposes.
   4. Security Principle:
      1. FRGSB shall take practical steps to safeguard the integrity, confidentiality and security of all Personal Data, to protect Personal Data from destruction or loss, misuse, alteration or unauthorised and accidental access or disclosure.
      2. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with FRGSB’s instructions, if any, and incorporating FRGSB’s own data protection standards as a minimum.
      3. FRGSB will employ a number of safeguards, appropriate to the sensitivity of the information, to protect Personal Data such as physical measures, organizational measures and technological measures, for example locked filing cabinets, restricted access to offices, security clearances and limiting access on a “need to know” basis only to relevant users for the purpose of performing their official duties and use of passwords and encryption.
      4. Procedures for implementing these measures will be communicated to all FRGSB’s employees and third parties to ensure compliance with this principle.
      5. FRGSB shall ensure that any security policy developed or implemented by FRGSB complies with the security standard required under the Act and any applicable law that may from time to time be in force.
   5. Retention Principle:
      1. Any personal data supplied by you will be retained by FRGSB as long as necessary for the fulfilment of any of the purposes stated in Item 2.1 above or otherwise permitted by any applicable law that may from time to time be in force.
      2. If any personal data is no longer required for the purpose for which it was processed, FRGSB shall take all reasonable steps to ensure that it is destroyed or permanently deleted.
   6. Data Integrity Principle:
      FRGSB takes reasonable steps to maintain complete, current, and accurate information about its Data Subject. Any inaccurate information that is brought to FRGSB’s attention will be corrected as quickly as possible after notification. Procedures will be maintained to ensure that any reported inaccuracies are promptly and effectively handled and that Data Subject’s information remains as accurate, current and complete as possible.
   7. Access Principle:
      1. Data Subject can have access to his/her Personal Data that FRGSB has in its possession or control and may request that his/her Personal Data be amended for purposes of accuracy, completeness and up-to-date, except where compliance with a request to such access or correction is refused under the Act.
      2. In accordance with the Act, an individual may forward a written request to FRGSB’s Personal Data Protection Compliance Officer to limit or stop processing their personal data, subject to any applicable legal restrictions, contractual conditions and a reasonable time period.
      3. Personal data supplied by you to FRGSB must be accurate, complete and not misleading. If you know that your personal data held by FRGSB is inaccurate, incomplete, misleading or not up-to-date, you may make a data correction request in writing to FRGSB.
      4. You may send your data access request, data correction request or any inquiries to FRGSB in writing at the following address:
         

         Attention	:	Personal Data Protection Compliance Officer
         Correspondence Address	:	A7370, 1st Floor, Jalan Kubang Buaya, 25250 Kuantan, Pahang Darul Makmur, Malaysia
         Email Address	:	pdpa@mangalaresortandspa.com
         Telephone No.	:	09-566 1888
         Facsimile No.	:	09-568 1511

BY PROVIDING TO FRGSB YOUR PERSONAL DATA, YOU HEREBY AGREE THAT FRGSB  SHALL  PROCESS  YOUR  PERSONAL  DATA  IN  ACCORDANCE  WITH  ALL  OF  THE FOREGOING.