PERSONAL DATA PROTECTION NOTICE

This Personal Data Notice (“Notice”) describes how Collaborative Research in Engineering, Science & Technology (a company incorporated under the laws of Malaysia with its place of business at sains@usm,Block C, Ground Floor, No.10 Persiaran Bukit Jambul Bayan Lepas Penang 11900 Malaysia) (“CREST”) collects, uses, discloses and otherwise processes your Personal Data in accordance with the Personal Data Protection Act 2010 (“PDPA”), and all subsidiary legislation, regulations, rules, guidelines and applicable data protection laws in Malaysia . This Notice forms part of the Terms of Use of the CREST website located at https://crest.my (“Website”) and applies when you engage CREST to provide services, interact with CREST whether at our place of business, events or otherwise, or use the Website or any related tools/ applications/ systems which may be used by CREST from time to time for the provision of the services. By doing so, you acknowledge and consent to the processing of your Personal Data by CREST and all persons involved in the provision of services by CREST including stakeholders, third party research firms, contractors, agents and service providers of CREST for the purposes described in this Notice. In the event of any conflict between the English and other language versions, the English version shall prevail. CREST shall have the right to modify, update or amend the terms of this Notice at any time by placing the updated Notice on the Website. By continuing to communicate with CREST or by continuing to use CREST’s services following any modifications, updates or amendments to this Notice, you will be deemed to have acknowledge and accepted such modification, update or amendment.

Collection of Personal Data

“Personal Data” means any information that relates directly or indirectly to an individual who is identified or identifiable from that information or from that and other information in the possession of CREST (e.g. by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person). Such Personal Data may be collected, stored, used and processed by CREST and where necessary, by CREST’s employees, stakeholders, related corporations, agents, independent contractors and other third parties that CREST is associated with from time to time. In addition to the Personal Data you provide to CREST directly (i.e. during your communications with CREST and/or when you engage CREST to provide services or otherwise), CREST may also collect your Personal Data from a variety of sources, including without limitation at CREST’s place of business, events, conferences, seminars or other activities organised or sponsored by CREST and/or from the cookies or similar technologies used on the Website. The provision of your Personal Data is voluntary. However, failure to provide certain Personal Data, may result in CREST being unable to to (i) communicate with you; (ii) provide you the services you require or requested or (ii) grant access to certain sections of the Website where log in or authentication is required. CREST uses cookies and similar technology on the Website to facilitate functionality, analyse website usage and improve user experience. Most web browsers are designed to accept cookies by default, but , you may configure your browser settings to refuse or disable cookies . Please note that disabling cookies may affect the availability or functionality of certain parts of the Website.

Purposes of Processing

CREST may use and process your Personal Data for the purposes relating to the services you have requested and for the business activities of CREST which shall include, without limitation:-

(a) to communicate with you;

(b) to respond to questions and comments from you;

(c) for business, research and collaboration matching purposes where relevant;

(d) for internal administrative and operational purposes;

(e) to provide information to regulatory and governmental authorities in order to comply with applicable statutory, regulatory and governmental requirements;

(f) for CREST to comply with its obligations under law;

(g) in connection with any legal proceedings or prospective legal proceedings;

(h) to establish, exercise or defend CREST’s legal rights,

(i) for the purposes of entering into, performing, administering, managing, enforcing or complying with any agreements, whether currently in force or entered into from time to time, between CREST and you, or between CREST and other programme partners, service providers or third parties, where such agreements relate to or arise from CREST’s services, programmes, collaborations or business activities;

and you agree and consent to CREST using and processing your Personal Data in the manner as identified in this Notice and applicable law.

Without prejudice to the foregoing, CREST may also use and process your Personal Data, where applicable, for the purposes of establishing, maintaining and managing one or more databases, registries, repositories, records, systems or platforms (whether physical or electronic) relating to CREST’s services, programmes, collaborations or business activities, including for administrative, operational, compliance, reporting, audit and oversight purposes. CREST may, where reasonably necessary for such purposes, organise, categorise, analyse or extract Personal Data from such databases or registries and disclose relevant Personal Data to its service providers or other third parties, including the categories of parties described under the section titled “Disclosure to Third Parties” in this Notice, but not limited thereto, provided that any such disclosure is carried out in accordance with the PDPA and applicable law, and subject to appropriate confidentiality, security and data protection obligations.

Other purposes

In addition to the purposes stated above, CREST may also use and process your Personal Data for the following purposes :-

(a) to send you materials such as newsletters, articles, write-ups as well as other informational updates;

(b) for the business continuity, data backups and disaster recovery purposes ; and

(c) to distribute information or details of events, seminars, conferences and talks which may of interest to you,

by way of email, mail or other appropriate communication channels. If you do not consent to CREST processing your Personal Data for the purposes listed above, please notify CREST using the contact details stated below.

Transfer of Personal Data

As CREST’s information technology storage facilities, servers and service providers may be located in other jurisdictions, your Personal Data may be transferred to, stored, used and processed in a jurisdiction outside of Malaysia. Further, your personal data may be transferred out of Malaysia for the purposes as described above where such publications and journals are located outside of Malaysia. CREST will take reasonable steps to ensure that any and all transfer of Personal Data outside of Malaysia is made to jurisdiction that have laws substantially similar to the PDPA or that otherwise provide an adequate level of protection for Personal Data. By providing your Personal Data to CREST or continuing to engage with CREST, you acknowledge and consent to the transfer of your Personal Data outside Malaysia as described herein.

Disclosure to Third Parties

CREST may engage third party companies, service providers or individuals to perform functions or services on CREST’s behalf, and in connection with such engagement  may provide access or disclose  your Personal Data to such third parties, strictly for the purposes described in this Notice. Such third parties may include, without limitation::

(a) information technology (IT) service providers;

(b) data entry and administrative service providers;

(c) storage and data hosting facility and service providers;

(d) banks and financial institutions;

(e) insurance providers;

(f) any professional advisors and external auditors;

(g) regulatory and governmental authorities in order to comply with statutory and government requirements.

CREST will take reasonable steps to ensure that any third parties to whom Personal Data is disclosed are subject to appropriate confidentiality, security and data protection obligations consistent with this Policy and applicable law.

This Policy only applies to the collection and use of Personal Data by CREST. It does not cover third party sites to which we provide links, even if such sites are co-branded with our logo. CREST does not share your Personal Data with third party websites. CREST is not responsible for the privacy and conduct practices of these third party websites, so you should read their own privacy policies before disclosure of any Personal Data to these websites. CREST will not sell your personal information to any third party without your permission, but we cannot be responsible or held liable for the actions of third party sites which you may have linked or been directed to the Website.

Retention & Destruction of Personal Data

In the course of its business operations, CREST may retain Personal Data in certain circumstances, including where such retention is necessary for the purposes for which the Personal Data was collected, to comply with applicable legal, regulatory or contractual requirements, or as otherwise permitted under applicable law.

Subject to the foregoing, CREST will retain Personal Data for a period of seven (7) years, or for such longer period as may be required or permitted under applicable law. CREST will retain Personal Data only for as long as is necessary to fulfil such purposes and will take all reasonable steps to ensure that Personal Data is securely destroyed, permanently deleted or anonymised when it is no longer required for those purposes.

Access & Correction Requests and Inquiries

Subject to any exceptions under applicable laws, you may at any time hereafter request for access to, or for correction or rectification of your Personal Data or limit the processing of your Personal Data, or seek further information from CREST by contacting the CREST PDPA Unit at the contact details set out below:-

Email Address: pdpa@crest.my

Telephone No.: +60 (0)4 652 0088

Facsimile No.: +60 (0)4 652 0099

You may also limit the processing of your Personal Data by expressly withdrawing your consent to such processing. Please note that any withdrawal of consent is subject to applicable legal restrictions, contractual conditions, and CREST’s rights and obligations under law, and may affect CREST’s ability to continue providing certain services or fulfilling its legal or contractual obligations.

In respect of your right to access and/or correct your Personal Data, CREST has the right to impose an administrative fee, refuse the your requests to access and/or make any correction to your Personal Data for the reasons permitted under law, such as where the expense of providing access to you is disproportionate to the risks to your privacy.

General

CREST maintains commercially reasonable physical, managerial technical, and organisational safeguards to preserve the integrity and security of your Personal Data in its possession or under its control, and to prevent unauthorised access wherever possible, in accordance with the PDPA. Access to Personal Data is restricted to the authorised personnel of CREST and to third parties who require such access for legitimate and lawful purposes as described in this Policy, and who are subject to appropriate confidentiality and data protection obligations. All such third parties are contractually required to observe appropriate confidentiality, security and data protection obligations consistent with this Policy and applicable law. While CREST takes reasonable and proportionate steps, having regard to the nature of the Personal Data and the risks involved, to safeguard Personal Data, you acknowledge that no method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure. CREST cannot guarantee the absolute security of Personal Data transmitted to or stored by CREST, and any transmission of Personal Data to CREST is undertaken at your own risk. The Website does not target and is not intended to attract children under the age of eighteen (18) years old. CREST does not knowingly solicit, collect or process Personal Data from  children under the age of eighteen (18) years old. This Policy is governed by and shall be construed in accordance with the laws of Malaysia. Where CREST becomes aware that Personal Data of a child has been inadvertently collected, CREST will take reasonable steps to delete such Personal Data in accordance with applicable law. This Policy is governed by and shall be construed in accordance with the laws of Malaysia, and you hereby submit to the non-exclusive jurisdiction of the Malaysian courts.

NOTIS PERLINDUNGAN DATA PERIBADI

Notis Data Peribadi ini (“Notis”) menerangkan bagaimana Collaborative Research in Engineering, Science & Technology (satu syarikat yang diperbadankan di bawah undang-undang Malaysia dengan alamat perniagaannya di sains@usm,Block C, Ground Floor, No.10 Persiaran Bukit Jambul Bayan Lepas Penang 11900 Malaysia) (“CREST”) menggunakan Data Peribadi anda. Notis ini adalah sebahagian daripada Terma Penggunaan laman web CREST yang terletak di https://crest.my (“Laman Web”) dan dengan melantik CREST untuk menyediakan perkhidmatan atau dengan berhubung dengan CREST sama ada di tempat perniagaan kami, acara kami atau sebaliknya, atau dengan menggunakan Laman Web atau apa-apa peralatan/aplikasi/sistem lain yang boleh digunakan oleh CREST dari semasa ke semasa bagi penyediaan perkhidmatan, anda bersetuju dengan pemprosesan Data Peribadi anda oleh CREST dan semua orang yang terlibat dalam penyediaan perkhidmatan oleh CREST termasuk pemegang kepentingan, firma penyelidikan pihak ketiga, kontraktor, ejen dan pembekal perkhidmatan CREST. Jika berlaku sebarang percanggahan di antara versi Bahasa Inggeris dan versi bahasa lain, versi Bahasa Inggeris akan diguna pakai. CREST berhak untuk mengubahsuai, mengemaskini atau meminda terma-terma Notis ini pada bila-bila masa dengan meletakkan Notis yang dikemaskinikan di Laman Web. Dengan terus berkomunikasi dengan CREST atau dengan terus menggunakan perkhidmatan CREST berikutan pengubahsuaian, pengemaskinian atau pindaan kepada Notis ini, anda dianggap telah menerima pengubahsuaian, pengemaskinian atau pindaan tersebut.

Pengutipan Data Peribadi

Data Peribadi bermaksud maklumat mengenai anda yang telah diberikan oleh anda kepada CREST, seperti nama, alamat, nombor telefon, No. KP, alamat e-mel, kehendak peribadi, alamat IP, butir-butir ‘social media’, foto and imej, kehendak kandungan, set kemahiran, butir-butir akaun bank, dan sebarang maklumat yang boleh mengenal pasti anda yang telah atau akan dikutip, disimpan, digunakan dan diproses oleh CREST atau kakitangan, pemegang kepentingan, syarikat berkaitan, ejen, kontraktor bebas CREST dan pihak ketiga lain yang CREST dikaitkan dengan dari semasa ke semasa. Sebagai tambahan kepada Data Peribadi yang anda berikan kepada CREST secara langsung (iaitu semasa anda berkomunikasi dengan CREST dan/atau apabila anda melantik CREST untuk memberi perkhidmatan atau sebaliknya), CREST juga mungkin mengutip Data Peribadi anda daripada pelbagai sumber, termasuk tetapi tidak terhad kepada tempat perniagaan kami, sebarang acara, persidangan, seminar atau sebaliknya yang diatur atau ditaja oleh CREST dan/atau dari cookies yang digunakan di Laman Web. Pemberian Data Peribadi anda adalah secara sukarela. Walau bagaimanapun, jika anda tidak berikan Data Peribadi anda, CREST tidak mungkin dapat i) berkomunikasi dengan anda; ii) menyediakan perkhidmatan yang anda perlukan atau (iii) mengakses seksyen tertentu pada Laman Web di mana log masuk dikehendaki. Kami menggunakan cookies di Laman Web kami untuk menjejaki pelawat dan pengalaman. Kebanyakan pelayar web yang direka untuk menerima cookies. Jika anda tidak ingin menerima apa-apa cookies, anda boleh menetapkan pelayar anda untuk menolaknya. Tujuan Pemprosesan CREST boleh menggunakan dan memproses Data Peribadi anda untuk tujuan berkaitan dengan perkhidmatan yang anda minta dan untuk aktiviti-aktiviti perniagaan CREST yang termasuk, tanpa had:-

(a) untuk berkomunikasi dengan anda;

(b) untuk menjawab soalan-soalan dan ulasan daripada anda;

(c) tujuan perniagaan dan penyelidikan sepadan yang berkaitan;

(d) untuk pengesahan dan tujuan pentadbiran dalaman;

(e) untuk memberi maklumat kepada pihak berkuasa kawal selia dan kerajaan bagi mematuhi syarat-syarat di bawah undang-undang dan kerajaan;

(f) untuk CREST mematuhi obligasinya di bawah undang-undang;

(g) yang berkaitan dengan apa-apa prosiding undang-undang atau prosiding undang-undang bakal; dan

(h) untuk menubuhkan, menjalankan atau mempertahankan hak-hak undang-undang CREST,

dan anda bersetuju dan mengizinkan CREST untuk menggunakan dan memproses Data Peribadi anda menurut cara sebagaimana yang dikenalpastikan dalam Notis ini.

Tujuan Lain

CREST boleh juga menggunakan dan memproses data anda untuk tujuan lain seperti:-

(a) untuk menghantar bahan-bahan kepada anda seperti surat berita, artikel, penulisan serta pengemaskinian yang lain;

(b) bagi maksud pemulihan bencana; dan

(c) untuk mengedarkan maklumat atau butir-butir acara, pameran, seminar, persidangan dan ceramah yang mungkin menarik minat anda,

melalui emel atau surat. Jika anda tidak bersetuju dengan CREST memproses Data Peribadi anda untuk tujuan yang disenaraikan di atas, sila maklum kepada CREST dengan menggunakan butiran hubungan yang dinyatakan di bawah.

Pemindahan Data Peribadi

Oleh sebab kemudahan simpanan teknologi maklumat dan pelayan mungkin terletak dalam bidang kuasa lain, Data Peribadi anda mungkin dipindahkan, disimpan, digunakan dan diproses dalam bidang kuasa selain daripada Malaysia. Selanjutnya, Data Peribadi anda mungkin dipindahkan keluar dari Malaysia untuk tujuan sebagaimana yang diperihalkan di atas di mana penerbitan dan jurnal berada di luar Malaysia. Anda memahami dan bersetuju untuk pemindahan Data Peribadi anda keluar dari Malaysia sebagaimana yang diperihalkan di sini.

Akses & Permohonan Pembetulan dan Pertanyaan

Tertakluk kepada sebarang pengecualian di bawah undang-undang yang diguna pakai, anda boleh pada bila-bila masa selepas ini memohon akses kepada, atau untuk pembaikan dan pembetulan Data Peribadi anda atau menghadkan pemprosesan Data Peribadi anda, atau memohon maklumat lanjut daripada CREST dengan menghubungi Unit PDPA CREST di butir-butir hubungan yang tertera di bawah:-

Alamat Emel: pdpa@crest.my

No. Telefon: +604 652 0088

No. Faksimili: +604 652 0099

Berkenaan dengan hak anda untuk mengakses dan/atau membetulkan Data Peribadi anda, CREST berhak untuk mengenakan bayaran pentadbiran, menolak permohonan anda untuk mengakses dan/atau membuat sebarang pembetulan pada Data Peribadi anda atas alasan-alasan yang dibenarkan di bawah undang-undang, seperti apabila pemberian akses kepada adalah tidak seimbang dengan risiko kepada privasi anda.

Pendedahan kepada Pihak Ketiga

CREST boleh melantik syarikat-syarikat, penyedia-penyedia perkhidmatan atau individu-individu lain untuk melaksanakan fungsi bagi pihak CREST, dan sebagai akibat boleh menyediakan akses atau mendedahkan Data Peribadi anda kepada pihak-pihak ketiga sebagaimana yang disenaraikan di bawah (tidak terhad):-

(a) penyedia-penyedia perkhidmatan teknologi maklumat (IT);

(b) penyedia-penyedia perkhidmatan kemasukan data;

(c) penyedia-penyedia kemudahan simpanan;

(d) bank dan institusi kewangan;

(e) penyedia-penyedia insurans;

(f) sebarang penasihat profesional dan juruaudit luar;

(g) pihak berkuasa kawal selia dan kerajaan bagi mematuhi syarat-syarat di bawah undang-undang dan kerajaan.

Notis ini adalah hanya untuk kepada koleksi dan pengunaan Data Peribadi oleh CREST. Ia tidak meliputi laman web pihak ketiga yang mana kami menyediakan ‘link’, walaupun laman web tersebut adalah dipasarkan bersama dengan logo kami. CREST tidak akan memberi Data Peribadi anda kepada laman web pihak ketiga. CREST tidak akan bertanggungjawab untuk amalan privasi dan kelakuan yang digunakan oleh laman web pihak ketiga, oleh demikian, anda patut membaca polisi privasi mereka sebelum mendedahkan Data Peribadi anda kepada laman web tersebut. CREST tidak akan menjual Data Peribadi anda kepada pihak ketiga tanpa persetujuan anda, tetapi kami tidak akan bertanggungjawab untuk tindakan laman web pihak ketiga di mana anda mungkin diarahkan kepada laman web tersebut.

Akses & Permohonan Pembetulan dan Pertanyaan

Tertakluk kepada sebarang pengecualian di bawah undang-undang yang diguna pakai, anda boleh pada bila-bila masa selepas ini memohon akses kepada, atau untuk pembaikan dan pembetulan Data Peribadi anda atau menghadkan pemprosesan Data Peribadi anda, atau memohon maklumat lanjut daripada CREST dengan menghubungi Unit PDPA CREST di butir-butir hubungan yang tertera di bawah:-

Alamat Emel: pdpa@crest.my

No. Telefon: +604 652 0088

No. Faksimili: +604 652 0099

Berkenaan dengan hak anda untuk mengakses dan/atau membetulkan Data Peribadi anda, CREST berhak untuk mengenakan bayaran pentadbiran, menolak permohonan anda untuk mengakses dan/atau membuat sebarang pembetulan pada Data Peribadi anda atas alasan-alasan yang dibenarkan di bawah undang-undang, seperti apabila pemberian akses kepada adalah tidak seimbang dengan risiko kepada privasi anda.