Personal Data Protection Policy
We at the Odyssey respect your right to privacy and we respect all Personal Information you provide to us.
We are committed to protecting all Personal Information kept by us. We are bound by the Personal Data Protection Act 2010 (“PDP Act”) and all other applicable laws in Malaysia in respect of privacy protection which set out a number of principles concerning Personal Information and consumer protection in Malaysia.
“Authorised Third Parties” means our contractors, agents or third party suppliers or service providers with whom we enter into an agreement.
“Personal Information” means any personal information relating to any individual that the individual has provided to us or made available to us.
“Sensitive Personal Information” comprises information as to the individual’s physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, commission or alleged commission of any offence, or any other Personal Information designated as such.
“Services” comprises any communications, information or other products or services provided by us.
“We”, “us” or “our” means collectively, GLOBAL EDUCARE SDN BHD, a group of companies incorporated in Malaysia and having its registered address at Lot 15229, 2nd floor, Persiaran Dutamas off Jalan Duta, Sri Hartamas Subang Jaya, Selangor Darul Ehsan, its subsidiaries and associate companies and all other entities operating under the brand name of the Odyssey.
1. INFORMATION WE COLLECT
- We may obtain your Personal Information from the following sources, where applicable, or other sources which we may see fit from time to time:
- information provided or submitted by you through, amongst others, enquiry form, waiting list form, school events/trips form, parent consent form, survey form, student profile form;
- publicly available or publicly accessible information; and
- such other written or verbal communications or documents delivered to us prior to and during the course of our dealings with you.
- The types of Personal Information we may obtain about you are:
- contact information;
- business contact information;
- username and password to access our Services;
- financial information;
- employment information;
- medical records;
- social media identifier;
- other information (such as shopping behaviour and preferences, language preference, age, date of birth, gender and family status)
- We also may obtain your Personal Information from publicly available information systems and reporting agencies in connection with our contract with you.
2. HOW WE USE THE PERSONAL INFORMATION WE COLLECT
- We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- the delivery of the relevant notices or Services to you;
- in order for you to enroll and/or register yourself or your child and/or ward in course offered by us;
- in order for us to manage and/or process your or your child’s and/or wards’ course application;
- to notify you of changes in our Services and offerings, if any;
- to enable us to supply you with the Services and information which you have requested;
- user and/or student relationship management procedures;
- those purposes specifically provided for in any particular service offered by us;
- background checks of users and/or children as may determine to be necessary or appropriate;
- our internal record keeping;
- collection of outstanding payments and/or fees from their parents or guardians;
- prevention of crime including but not limited to fraud, money-laundering, bribery;
- meeting any legal or regulatory requirements relating to our provision of Services and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to us or any of our member companies;
- conducting marketing and children profiling activities in connection with the Services and related products;
- for research, benchmarking, statistical analysis purposes to develop and evaluate education policies and strategies;
- in order to coordinate lesson planning and support for individual students;
- to enable us to review tests and assessment results in order to identify the strength and weakness of students;
- to assess special education needs students may have;
- feedback and enquiry purposes in relation to the Services offered by us;
- for our other legitimate business activities; and
- for such other purposes in relation to your contract with us.
3. INFORMATION WE SHARE
- Personal Data provided to us will, generally, be kept confidential but you hereby consent and authorise us to provide and/or disclose your Personal Data to the following categories of parties:
- any person to whom we are compelled or required to do so under law or in response to a legitimate instruction from a competent or government agency;
- pursuant to an order of a court of competent jurisdiction;
- any of our related entities including those established in the future;
- where applicable, third parties who provide related services or products in connection with our business such as insurance agencies/insurers, Ministry of Education, Social Security (SOCSO), Employees Provident Fund, co-curricular programme providers, travel agencies/operators, external school contracted operators;
- government agencies, statutory authorities and industry regulators;
- our external auditors, consultants, accountants, lawyers or other financial or professional advisers; and
- Authorised Third Parties.
Please be assured that consistent with the law, we will only disclose the minimum amount of information that we deem necessary for the purpose and that we will take all appropriate safeguards to ensure the integrity and security of the Personal Data.
4. PERSONAL INFORMATION PROTECTION PRINCIPLES WE ADHERE
- General Principle:
- We will process Personal Information provided to us by you when you register or apply for or express an interest in our Services with your specific consent.
- We may use your Personal Information for Purposes.
- Notice and Choice Principle:
- Any individuals who has provided his/her Personal Information prior to this Policy, may contact us using the contact details set out below to know what types of Personal Information have been processed and the purpose for the processing.
- We will not process Personal Information without your prior written consent, except for the Purposes and where it is required or permitted under Malaysian law.
- You will be given the opportunity to ‘opt-out’ of having your Personal Information used for purposes not directly related to the Services at the point where we ask for information. If you do not wish to receive our promotional updates you may opt-out of receiving these communications by clicking “Unsubscribe” in the subject line in the email sent or by emailing us at email@example.com. But please note that should you decide to “opt-out”, we may not be able to provide you with certain Services and your subscription to or application for certain Services may be declined, denied, or refused by us.
- Disclosure Principle:
- We will not sell or rent your Personal Information to third parties. Other than as provided in this Policy, we will not disclose your Personal Information to any third party without your consent.
- We may from time to time, contact you on behalf of external business partners about particular goods, offers or services that may be of interest to you. In those cases, Personal Information that may identify you will not be transferred to the third party. All communication whether from us or our’s business partners will be sent to you by us.
- We may, however, need to work with Authorised Third Parties for the Purposes or to provide part or all of our Services and/or other services to you or to perform market research and statistical analysis. In such situations, we will share your Personal Information as is necessary for the Authorised Third Party to perform these services, on a strictly confidential basis. These parties are not allowed to process your Personal Information disclosed to them except for the limited purpose of providing the particular service for us.
- It may be necessary to transfer your Personal Information to other entities or service providers located in countries outside Malaysia. This may happen where our servers or suppliers and service providers are based outside Malaysia or where you use the Services from countries outside Malaysia. In these instances, we will take steps to ensure that your privacy rights are respected in accordance with this Policy.
- Security Principle:
- We have implemented security policies, rules and technical measures to protect your Personal Information from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. All our employees and data processors, who have access to and are associated with the processing of Personal Information, are obliged to respect the confidentiality of your Personal Information.
- Personal Information that we collect from you will be stored and backed up securely in a location that is accessible by our authorised personnel.
- In discharging its responsibilities with respect to the confidentiality of Personal Information, we will employ a number of safeguards, appropriate to the sensitivity of the information, to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Such safeguards will include physical measures, organizational measures and technological measures, for example, locked filing cabinets, restricted access to offices, security clearances and limiting access on a “need to know” basis and use of passwords and encryption. Procedures for implementing these measures will be communicated to our employees and third parties to ensure compliance with this principle.
- Retention Principle: We will store your Personal Information as long as the purpose it was collected for remains valid and thereafter for a period of seven years or any other period of time required and/or permitted by Malaysian law.
- Data Integrity Principle:
- We take all reasonable precautions to ensure that the Personal Information that we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information that you provide.
- You have the right to access your Personal Information, subject to some exceptions allowed by law. If you would like to do so, please let us know. You may be required to put your request in writing for security reasons. We reserve the right to charge a fee for searching for and providing access to your information.
- We reserve the right to refuse to provide our visitors with a copy of their Personal Information by providing a written explanation for such refusal.
- Access Principle:
- Any individuals dealing with us can have access to his/her Personal Information that we have in our possession or control and may request that his/her Personal Information be amended for purposes of accuracy and completeness.
- You may at any time remove your personal details from our database, or amend or correct your Personal Information. If you remove your Personal Information from our records, we will no longer be able to provide the Services to you.
5. SENSITIVE PERSONAL INFORMATION
- Where required under Malaysian law, we will obtain consent from you before we process your Sensitive Personal Information.
- We will process Personal Information or Sensitive Personal Information without your consent only in those limited circumstances as permitted by Malaysian law.
6. THE ODYSSEY’S WEBSITE
- We provide products and services via its various websites. When an individual visit our sites, its web servers generally record anonymous information such as the time, date and URL of the request. This information assists us to improve the structure of its websites and monitor their performance. From time to time we may also use Authorised Third Parties to analyse this anonymous information.
- As mandatory in the usage of our websites we may require standard information such as a Login ID, password, Personal Information for verification purposes, contact details and identification numbers. This information is necessary for us to provide the services an individual applied for. You are required to maintain the secrecy of his/her Login ID and Password enabling him/her to access our website. It is strongly stressed that we will not be able to secure the Personal Data if you reveal your Login ID and Password to anyone.
7. IP ADDRESSES AND COOKIES
- We also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of the service of providing internet session management and for security purposes.
- Our websites may transmit to any customer’s computer a “cookie”. A cookie is a package of data that allows our server to identify and interact more effectively with the customer’s computer having to spend time on identifying each customer user, thereby also providing additional login convenience. You may configure and personalize its current browser to refuse, reject or delete such cookies.
8. INTEREST-BASED ADVERTISING
Interest-Based Advertising is a way of making advertisements more relevant to the customer based on Personal Information provided by the customer. In order to provide the customer with Interest Based Advertising, we may collect information about a customer’s activities and use that information to associate the customers with one or more pre-defined interest categories. We may periodically provide you advertisements that are tailored to your interests.
9. CONTACTING THE ODYSSEY
You may submit your written request, between 9.00AM and 6.00PM, Monday to Friday, if:
- for access to, or correction of, your Personal Information or limit the processing of your Personal Information upon payment of a prescribed fee;
To our Personal Data Protection Officer by post or email as set out below:
Postal Address: Data Protection Officer
2nd Floor, Lot 15229, Persiaran Dutamas, Off Jalan Duta, Sri Hartamas, Malaysia
Email Address: firstname.lastname@example.org